If you are curious as to whether we offer a secure ecosystem or not, please be advised that the entire infrastructure is based upon blockchain, which has become the second name for ‘security’ in the industry.
HighBank implements varying security levels for different use cases and in this article, we will explore most of them categorically.
This is the primary reason as to why all blockchain-based applications are secure. There is no central authority for any decision making or network governance. Everything happens on the basis of consensus, as agreed by the majority on any given network.
I won’t lie to you. Theoretically, it is possible to create a scenario where a hacker could penetrate several security layers and get his hands on the core of the network. However, practically, it is far less likely and almost impossible. Even if someone wants to overtake a blockchain-based network, he needs to hack every single node on the network and change every ledger copy at the same time, hence forcing the nodes to execute a false or invalid smart contract. If someone is to execute such a cybersecurity event, then supercomputers would be required!
See, for instance, let’s assume that Peter is a World-renowned hacker and he wants to overtake the BTC network and validate a fake transaction. In order to fulfill the ill-motives, he needs to ‘hack’ at least 51% of the nodes on the network. Which means that Peter must hack millions of computers at the same time and validate his fake transaction from all of the nodes. This is practically impossible!
After decentralization, cryptography is probably the second most important reason for making a blockchain-based network secure. Hashing happens to be the main component in this technology and it basically refers to the ‘masking’ of IDs that could possibly reveal the actual user IDs. For instance, when you provide us with your account information, we create an encrypted wallet address for you. That address basically represents your identity on the HighBank network and nobody can ever expose your personal information.
If you have come across the term for the first time, please note that hashing is quite similar to the technique of password encryption in a traditional database. However, in the blockchain environment, we execute hashing algorithms at every block formation. So whenever a transaction occurs, the algorithm takes the previous hash and details of the current transaction as input and generates a new hash string. This information, or rather state of the network, is stored at every node.
Whenever a change is to occur in terms of state upgradation, multiple peers in the network must reach a consensus. Therefore, you must have realized until now that it is nearly impossible to halt the network and its reliability.
Further security measures
HTTPS: We will use it everywhere in the system.
Bcrypt Hashing Technique: We have used advanced Bcrypt hash to store sensitive information. It is an adaptive function – over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computational power.
Session Identifier: We have incorporated it after each logout.
Timeout Sessions Management: We have timed the entire session management. Similar to banking websites, we monitor in-activity and timeout sessions. If multiple sessions are detected, we destroy all active sessions. Furthermore, if the user resets the password, we destroy all active sessions
No Open Redirects:The exchange takes care that “no open redirects” performed in the system post a successful login by the user.
Cookies Management: We have given extra attention to cookies management and processing in the HighBank Exchange. We have set only ‘secured’ and ‘Http only’ cookies.
JSON Web Tokens: We employ JSON Web Tokens wherever possible to represent claims between two parties.
One Time Password: OTP is secure but has become an old technique that hackers can sometimes get around.
Reset Password Token: Prediction in the pattern of reset password tokens is a common loophole used by hackers. We have ensured randomness in the reset password token that is generated and sent to users’ emails.
RFC compliant UDIDs: We have adopted the best practice of using RFC compliant UDIDs for user ID, etc.
SMS Authentication: As with banking systems, any update in the personal contact details of the users is done via an SMS verification to the owner.
KYC Document Uploads: To neutralize the shell technique used by hackers to gain access to the exchange server, we are very careful while allowing KYC document uploads, carefully controlling how users upload files and what type of files are allowed.
Cross Site Scripting: We employ Content Security Policy headers to fight cross-site scripting and data injection attacks
HTTP Strict Transport Security: We implemented HTTP Strict Transport Security across the exchange to avoid the Secure Sockets Layer stripping attacks.
Clickjacking: We have taken steps to protect the Exchange from Clickjacking and cross-site attacks by making effective use of X-Frame and X-XSS securing.
Countering Phishing Techniques: We keep updating Domain Name System records to add Sender Policy Framework. It effectively counters hackers’ phishing techniques to trick our users from the original site.
Time-locked Transactions: All transactions on HighBankExchange are executed in a specific time-lock and across several steps based on the configuration of the time-lock.
2-Factor Authentication: Using Google Authenticator as a 2-Factor Authentication process helps us to prevent hackers from gaining unauthorized access into users’ accounts.
Cloud Flare:HighBank will use Cloud Flare to secure the exchange and APIs from online cyber-attacks.
It is pretty evident that we do not just rely on the inherent security features of blockchain and cryptography. In fact, we have incorporated extra measures everywhere in the system. Therefore, as a whole, HighBank offers you a comprehensively secure ecosystem where you could trade, invest, exchange and even consult our experts. Once it comes to storing your details on the network, we do not take any chances at all and leave that task on the shoulders of blockchain’s in-built functionality.