April 17, 2018 . 5 min read
Public blockchains using a decentralized workforce to build open-source software have to address a wide range of security concerns. Storecoin is creating software and a cutting-edge organization around security.
This document is Part 1 of Storecoin’s discussion of its approach to securing the blockchain and its supporting infrastructure. It is codenamed Fort Knox after the famous fortified vault in Kentucky.
Like some of the largest cryptocurrency organizations in the world, Storecoin works with the Amazon Blockchain Strategy Group to secure its code base and CI/CD environment (and more).
Secure by Design
For a cryptocurrency network, security cannot be an afterthought where you add something later. The protocol, infrastructure, processes, development, and testing must be built around security. Security built into the consensus protocol is commonly understood. End-to-end security built into an open development environment, not so much. Secure by design involves the following traits.
Secure System Design
Wallet, governance and other services: The Storecoin wallet, governance infrastructure, and other related services are hosted on Storecoin. Services are hosted on Amazon Web Service with a multi-datacenter, multi-VPC design, shown in Figure 1, below.
The following measures are taken to secure these services.
Secure by design principle models the security in the design rather than in implementation or as an afterthought. Trust is distributed so a single person or entity cannot be the weakest link in the system. Security is a multi-tiered system and all components and processes are explicitly assigned appropriate security levels. As a result, all access is monitored and audited.
The blockchain networks are vulnerable to various types of attacks. Storecoin models its network with built-in attacks so the system can defend itself continuously, preventing ‘surprises’ when real attacks are mounted.
Coming in Part 2
Details on Secure System Design for the public blockchain as well as the development process and environment.
To learn more about some of the largest security failures, hacks and breaches in history, affecting companies like Yahoo, eBay and Equifax:
See more about hacks of blockchain-related technology companies such as the Mt. Gox exchange, https://en.wikipedia.org/wiki/Mt._Gox and Italian coin exchange BitGrail, https://techcrunch.com/2018/02/12/bitgrail-hack-nano/
KYC/AML checks required including country-by-country checks for securities law compliance
Nothing herein is intended to be an offer to sell or solicitation of offer to buy, Storecoin tokens or rights to receive Storecoin tokens in the future. In the event that Storecoin conducts an offering of Storecoin tokens (or rights to receive Storecoin tokens in the future), Storecoin will do so in compliance with all applicable laws which may include the Securities Act of 1933 and the rules and regulations promulgated thereunder, as well as applicable state and foreign law. Any offering for sale to US Persons in a regulated transaction will be pursuant to a registration statement qualified by the Securities and Exchange Commission, or an applicable exemption from the registration requirements.