Security
Estimated time to read: 4 minutes
The core algorithms that power Arcana SDKs are based on a Proof of Stake (PoS) driven decentralized (by design) ecosystem. The security of various subsystems that are used to implement these SDKs is shared across Arcana run nodes and the ones owned and run by third-party trusted partners, the validators.
By design, Arcana aims for air-tight security and we understand that security is a constantly evolving target.
There are multiple considerations when it comes to securing the Arcana SDKs:
-
App Onboarding: Are the users securely onboarded on the apps that integrate with the Arcana SDKs? Are user credentials safe? Does Arcana follow standard authentication protocols?
-
Web3 Keys Ownership & Privacy: Are the keys assigned to authenticated users safe? Can they be easily lost? Can the users control, manage and secure them or does the system ensure key security?
-
Protocol Security: Is the core Arcana protocol and smart contracts that implement user authentication and key share assignment secure? Has it been battle-tested and audited?
-
Embedded Wallet Security: Is the Arcana wallet secure? Does Arcana ensure that it is not vulnerable to clickjacking and other common vulnerabilities?
-
User Data Security: Is the data shared by the developers or users with the Arcana ecosystem safe and secure?
-
Securing Gasless Usage: Are the systems funding user's gas fees secured?
In the following sections, we will try to answer these questions one by one.
App Onboarding
Web3 apps integrate with the Arcana Auth SDK to enable user onboarding and enable authenticated users to sign blockchain transactions. This involves both securing user onboarding as well as ensuring that the keys used to sign blockchain transactions are access-controlled. Refer to the next section for key share security.
Arcana supports standard OAuth 2.0 protocol and works with several social login providers to ensure user credentials are never stored in the Arcana ecosystem.
Also, after a user logs in successfully, the Arcana Auth SDK generates a time-bound JWT token and associates it with the user account. The Web3 app can use this JWT token, verify it and ensure user onboarding is secured. They can generate their own JWT token for the user session. The time-bound JWT token ensures that any credentials stolen through phishing attacks have a limited shelf life.
Web3 Key Ownership & Privacy
Once a user has been authenticated, it is imperative that the blockchain signing keys for that user are completely owned, secure and private. Arcana ensures this through the state-of-the-art asynchronous distributed key generation (ADKG) subsystem. The key shares generated by this subsystem are not stored or assembled ever within the Arcana subsystem.
Key Share Generation
Arcana Auth combines several algorithms to have a highly secure and robust ADKG subsystem. It uses a robust asynchronous DPSS mechanism to ensure that no single node in the system has access to the user's keys and that the system can handle malicious nodes. We are also working on other enhancements to this ADKG subsystem to enable key share repair, key share refresh, and more. Besides these other enhancements include Arcana Auth multi-factor authentication (MFA), and multi-party computation (MPC) for even stronger security without compromising on ease of use for Web3 users.
Key Share Assembly
Arcana does not store any key shares that belong to the app user. The key shares are created by the ADKG subsystem and assigned to the authenticated user. Key shares are used to generate the user's private key only in the context of the Web3 app, at the client end, after user verification. Enhanced wallet security (MFA feature) further secures the key generation process even if the user changes the device used to log in to the Web3 app that is integrated with Arcana Auth SDK.
Global & App-Specific Keys
Arcana offers two kinds of keys that can be assigned to app users:
- Global Keys
- App-specific Keys
Depending upon the kind of user experience and security needs of an app, developers can select keyspace type during configuration and choose the type of keys that are assigned to app users. Global keys have some usage limitations to ensure security as these keys can be accessed across all the apps that are integrated with the Arcana Auth SDK and have chosen the Global keys option.
Protocol Security
Arcana smart contracts and the authentication protocol have been audited for any vulnerabilities and all known issues addressed. See audit reports for details.
Embedded Wallet Security
The Arcana Auth SDK offers a built-in, embedded, non-custodial wallet to apps that integrate with the SDK. The Arcana wallet displays in the context of the app itself once the user authenticates. Developers can customize the wallet branding or replace the wallet UI with a custom one. The built-in wallet UI has been designed and hardened to ensure UI based attacks such as clickjacking etc., can be avoided altogether.
The built-in wallet UI offers a way for the authenticated user to export their private key should the user choose to do the same. Every time the key is exported, an email alert is issued to the user to that user can verify whether the exports were authorized.
Developers can choose to enable the additional domain validation checks for the embedded wallet security.
User Data Security
Developers interact with the Arcana Developer Dashboard to register and configure the apps for various SDK usage settings. All the data provided by the developer in the context of the registered app is encrypted and secured. There is no app user credential data stored in the Arcana subsystem. The app user login and usage details data are secured via data encryption and access control. Only authorized users can access registered app usage data.
Securing Gasless Usage
To enable gasless transactions, developers set up gas tanks on one or more of the supported blockchains. The funds deposited in the gas tanks can only be withdrawn by the owner of the gas tanks. Only whitelisted app operations, as configured by the developer are allowed to use funds from the gas tanks to pay gas fees. In the upcoming releases, there will be options for developers to cap the amount of gas fees they'd like to sponsor per app user to limit malicious usage of gas tank funds.