August 31, 2021 - 4 min read
Digital asset custody can be a complex business, but there are some simple principles that can help you improve security when it comes to handling crypto assets. Through our advisory service, we’ve been sharing these principles with our clients for the last few years.
One of the most important insights we can offer is this: upgrading your digital asset security needs to be done holistically. In order to ensure total security of your assets, you need to ensure that all of the components that make up your digital asset custody chain are secure in themselves. And often, the weakest point is the most visible one:the device that you use to create and sign transactions.
Thankfully, we created a solution to this issue. A dedicated security device like Ledger Vault’s Personal Security Device (“PSD”) can, in effect, dramatically improve your security and your resilience. In this article, we’ll look at how it does that, and why it’s so important.
In order to understand the importance of using a dedicated security device, it is instructive to recognize how digital asset custody platforms operate in a standard use case.
The average custody chain consists of many different types of devices held and managed by your company, by those you do business with, and by third-party suppliers: servers, desktop clients, and smartphone apps.
The underlying issue here is that any asset chain is only as strong as its weakest link. With that said, fully secure custody of crypto assets can only be fully achieved with the elimination of a single point of failure.
And though plenty of companies have realized this, and shrewdly invested in asset systems that offer enhanced security, plenty of these same institutions are using this custody technology via retail grade tools like smartphones, desktops, and laptops.
This means that for many organizations, hardware devices now represent the single biggest source of vulnerability to asset custody systems. The consequences of this can be severe. Just last month, the Nova Scotia Department of Internal Services published a report about a serious data breach that occured three years ago. In the attack, criminals robbed thousands of sensitive documents from the provincial Freedom of Information Access website. This effectively gave them access to the personal details of thousands of Canadian citizens. The cause? Compromised personal smartphones used by employees.
Consumer-grade hardware devices present a major threat when it comes to asset custody. That’s because they are simply not built with security in mind. In fact, most device manufacturers have long prioritized connectivity over security, and this has left the average device riddled with security flaws.
Most banks now require customers to authenticate using multi-device systems or second factor authentication for precisely this reason, and many offer their customers dedicated security devices to protect access to high-worth accounts. Given this, it’s surprising that it’s taken so long for those who hold and manage cryptocurrency to adopt a similar approach.
This is particularly true given that most of the sensitive parts of a cryptocurrency transaction are handled by consumer devices. Businesses must provide sensitive information as a component of each transaction process. This information can be as simple as data on how many BTC will be sent to whom, but can also contain personal information that can reveal the identity of crypto holders.
This step represents the simplest vulnerability for criminals. Managing a large crypto asset portfolio will necessarily involve working with sensitive data – whether this is changing the recipient address, changing the receiving address, or more complex management processes. And whenever such a change is made, these data are vulnerable to exploitation.
These concerns led us to develop the concept of “Trusted Display”. Digital asset custody solutions without a trusted display are easy targets for cybercriminals. This is because they are easy to manipulate and corrupt, such as “spoofing” transaction authorizations or changing wallet contacts’ addresses.
Our Personal Security Device (“PSD”) leverages Ledger’s proprietary trusted display technology. It allows customers to verify any request’s accuracy before signing. What you see is what you sign. The secure channel to HSM cannot be corrupted and therefore what is shown on your PSD is exactly what is being signed. This ensures that users always have a trusted place to insert their details.
Our PSD creates a secure path between the platform and the user and one that is free from tampering. You can also use Ledger’s PSD to display transactions summary, validate information for both recipient and sender of crypto, and authenticate actions.
Here at Ledger, we believe that more flexibility doesn’t have to mean more rigidity, and we’re proud to provide all our customers with a PSD to protect their assets. It’s innovation like this that has led to us becoming a recognized leader in the industry, and why we are trusted by some of the largest crypto companies in the world. You can have further information on this topic in "The Importance of the Trusted Display and Secure Execution"