Platform Security

End-to-End Security Protocol

Your hard-earn money should be well-protected. Edenchain implemented JWT, KMS and a proxy system to build a mechanism that provides end-to-end security to all transactions. It minimizes vulnerability to insider attacks by hiding credential information from insiders with manifold security features.

Edenchain’s high level security system satisfies
seven requirements

1. Non-repudiation of transactions through end-to-end security systems.

2. Minimize the exposure of API Key used during exchange transactions.

3. Verify access authorization and limit access per authorization to security data.

4. Log the records for all access data and perform regular audit

5. Perform system integrity check by constantly monitoring any modifications arose within the system.

6. Implement multi-level security protocols that prohibit one system from completing a task from the beginning to the end.

7. Design each step to leave an auditing record whereby any outstanding triggers an instant alert.

Edenchain protects De-Fi users with End-to-End security protocols

Highest level of security that handles the toughest security challenges.

System protection against the insider attacks poses a greater challenge as they have critical information. Edenchain implemented JWT, KMS and a proxy system to build a mechanism that renders an insider impossible to maliciously manipulate data, even in possession of the system’s architecture, security process, and credential information.

Flowchart for Edenchain Security Protocol

Transaction Security Plane

Security Management Plane for Transaction. When Tx Creator sends a request for Transaction, then Tx Executor handles the command and provides real-time security via Validator when the Transaction is being executed.

End-To-End Transaction Security

  • Prevent Signing Key exposure through HSM using RSA Signing method supported by AWS KMS.
  • Perform data audit preventing any modification between Transaction Creation Module and Transaction Validator Module.

Exchange API Key Accessibility

  • Secrets Manager manages API Key to prevent its exposure
  • Transaction Creator Module handles input commands without the real API Key by using an API alias.
  • Transaction Validator Module authenticates API Key value and checks for API alias originator.

Tx Validator Securities

  • Real time monitoring of the system through HIDS for any system access, modification, and file system modification.
  • Pod Container – Ban releasing of container image by CVE Scan when being registered to the Container Registry
  • Perform regular checks using Inspector to monitor network security and to catch potential threats.
  • Developed with C-language and used AWS SDK CPP Library to enhance code security.
  • There is only an outbound network, no inbound, which prevents any external intrusion by one-way communication.

Transaction Authorization Plane

  • Sign/Verify Key access level pod: able to access authorized services only.
  • Able to designate specific API Key access authorization down to the pod level

Transaction Auditing Plane

  • All Signing / Verifying service requests are audited to CloudTrail. -All API Key Access Services are audited to CloudTrail.
  • Abnormally Usage Detection sends alarm when unusual activity is found.
  • All system activities are logged to Elastic Stack.

Transaction Authorization Plane

  • Sign/Verify Key access level pod: able to access authorized services only.
  • Able to designate specific API Key access authorization down to the pod level.

Transaction Auditing Plane

  • All Signing / Verifying service requests are audited to CloudTrail.
  • All API Key Access Services are audited to CloudTrail.
  • Abnormally Usage Detection sends alarm when unusual activity is found.
  • All system activities are logged to Elastic Stack.