Examining the Security of onXRP’s Key Management Infrastructure: A Comprehensive Audit
At onXRP, our mission is to provide our users with a secure and reliable blockchain-based signing solution. As part of our ongoing commitment to the highest standards of security, we recently underwent an extensive audit in April 2023 to evaluate the robustness of our key management infrastructure. We are delighted to share the purpose, process, and outcomes of this audit, as it reaffirms our dedication to ensuring optimum security for our users’ assets. The audit was conducted by BuildTomorrow and Garantir, renowned cybersecurity professionals with extensive expertise in cryptography and key management.
Purpose of the Audit
The primary objective of the audit was to assess the effectiveness and security of onXRP’s cryptographic key management system. Our goal was to ensure that our key management practices not only adhered to the most stringent industry standards but also provided our users with the highest level of protection. By conducting this audit, we aimed to identify any potential vulnerabilities, fortify our security measures, and enhance the overall robustness of our key management infrastructure.
The audit encompassed a comprehensive review of our key management practices, covering various critical aspects of our system. Our system’s architecture underwent a meticulous examination to evaluate its reliability and adherence to best practices. Additionally, our foundational source code was subjected to thorough scrutiny, involving manual reviews and static code analysis, to identify any potential implementation flaws related to private key usage.
Key Management Lifecycle
onXRP utilizes two secp256k1 keys, with the first key stored in AWS Secrets Manager and the second key stored in AWS Key Management Service (KMS). The Secrets Manager key is exported in plaintext format to the application server (via TLS) during usage, while the KMS key is generated, stored, and utilized within a non-exportable FIPS 140-2 certified HSM. The Secrets Manager key is securely distributed, and no evidence of compromise or mishandling was found. The audited authentication keys were properly controlled, ensuring their security.
The audit found that the AWS KMS key provided a high level of security, making it practically impossible for attackers to compromise its private key bytes. In comparison, the Secrets Manager key offered a good level of protection, and when used in conjunction with the AWS KMS key, it further enhanced the security of wallets. Wallets that required both keys for transaction signing benefited from the combined strength of these keys, ensuring a robust level of security.
During the audit, the usage of cryptographic keys within onXRP’s system was examined to ensure their appropriate usage and adherence to defined limits. It was found that while the application associated with the KMS key did not perform full data validation, this risk was effectively mitigated by the robust authentication carried out by AWS API Gateway and the calling application.
While key rotation was not planned at the time, onXRP’s security strategy was aligned with NIST’s ongoing development of post-quantum cryptographic algorithms. Furthermore, the anticipated support from HSM and cloud vendors assured future readiness. As these advanced algorithms became available and industry standards were established, onXRP could seamlessly incorporate a key rotation plan to maintain optimal security and stay in line with evolving best practices. In terms of key revocation and destruction, onXRP was advised to define and document processes as part of their key management lifecycle to minimize the risk of unauthorized access or misuse of outdated or compromised keys.
Results of the Audit
We are pleased to share that the audit yielded positive results, underscoring the effectiveness and robustness of onXRP’s key management practices. By leveraging the highly secure AWS Key Management Service (KMS), we have successfully strengthened the security of our users’ wallets and transactions.
The audit highlighted the exceptional level of security provided by our AWS KMS key. Its highly resistant nature against private key compromise significantly mitigates the risk of unauthorized access. Furthermore, our Secrets Manager key, securely distributed without any evidence of compromise or mishandling, enhances the overall security of our wallets. The combination of these keys ensures a robust and reliable security framework for our users.