Trusting Blockchain exchange

With every passing week, the world’s interest in Cryptocurrencies is multiplying at a staggering rate. Whether it’s bitcoin, ether, or any any other cryptocurrency on the block – people around the world own and trade cryptocurrencies. To make the trading accessible to the general public, we’ve several cryptocurrency exchanges on the world wide web. Through these exchanges, anyone can buy, sell, or exchange cryptocurrencies either with other digital-based currencies or with traditional currency such as rupee or US dollar.

Types of Exchanges

There are three categories of cryptocurrency exchanges. They’re as follows:

Brokers – Through these brokers, anyone can go and buy the desired cryptocurrency at a preset price. Most of these cryptocurrency brokers are similar in function as foreign currency exchanges.

Platforms for Trading – These platforms specialize in connecting buyers and sellers. For every transaction that takes place through the platform, they charge a fee — which is also how they make money.

Direct Trading – The way direct trading differs from the other two is that there’s no fixed price. The seller decides the amount, and the buyers have to determine if they want to buy or negotiate for any particular cryptocurrency. Direct trading is usually peer-to-peer.

What are the key attributes to look at while deciding to Trust a blockchain exchange?

The meteoric rise of bitcoin has also contributed to a significant increase in con-artists and exchanges which are mostly scams. So, before you decide to put your hard-earned money to buy cryptocurrencies — it is crucial to do your research. Below are the three things to know about an exchange before trusting them.

Reputation: In the age of the Internet, it’s not too hard to find reputable reviews about anything — including blockchain exchanges. Right from forums to commercially reviewed websites, you’ll find loads of information that’ll make it easier for you to decide whether an exchange is a right fit for you or not.

Fees: Before you even think about joining an exchange, do make sure you’re well-aware of all forms of costs that the exchange charges. The fee-model should include comprehensive details regarding withdrawal, deposit, as well as transactional fees. Compare it with other exchanges and then make an informed decision.

Verification systems: Any exchange worth its salt will have strong fortification in the form user verifications and securities. While the exhaustiveness of the verification might seem annoying while registering, it’ll protect your cryptocurrency and money from all sorts of scams.

Some well-known and reputable exchanges

We’ll make it even easier for you. Based on our research and user reviews, we’re going to tell you our favorite two blockchain exchanges that you can trust without worry.

Coinsquare: The first thing you should know about coinsquare is that it’s built on the same technology as the New York Stock Exchange. Yes, that’s right. According to their website, they manage their ledger at least 2346 times in a single day to ensure security. Reputable and secured, Coinsquare is a popular choice for both crypto-veterans and beginners alike.

Coinbase: Not only is Coinbase backed by some of the world’s best investors, but it’s also trusted as an exchange by millions already. One of the key features of coinbase is that coinbase insurance covers the stored currency. So, there’s that added layer of security. There’s a digital wallet also available as a mobile platform through which users purchase bitcoin, ether, and even litecoin.

How RecordsKeeper Blockchain Can Help in Preventing CBSE Exam Leak

Recently we came across a major story about the CBSE paper leak from various sources. Those who had access to the exam papers charged Rs. 35,000 per paper and even some parents took part in it by reselling the papers to others to cover their cost. Thus the leaked papers were available upto Rs. 5,000.

This caused a huge uproar among the students which led to a re-examination. The current investigation is currently focusing on the role of CBSE officials, invigilators and school staff, coaching centres and printers. The leaked Economics paper was being circulated on social media for several hours before the test started on Monday. The Delhi government also reported that it received complaints from the CBSE about the Class 12 Accountancy paper being leaked too.

The past months saw many downs for the education system in India and challenged the way we share information in our country. This whole fiasco could had been resolved if the education system was driven by the power of Cryptography and Blockchain. We at RecordsKeeper thrives on latest technology and the power of Blockchain. This specific use case is the prime example of where RecordsKeeper comes into play and provide the utmost security in the shared information world.

RecordsKeeper: What is it?

RecordsKeeper is an open source platform for open record keeping & data security. Using RecordsKeeper’s public Blockchain anyone can publish a key-value pair of records which are immutable & verifiable.

Let’s discuss some of the major problems and how RecordsKeeper can solve them with respect to the CBSE paper leak.

  • Multiple mediums present for the exam paper

Currently the CBSE paper is presented in multiple mediums which gives a person with authority to take it out and sell over the black market without being noticed. Using RecordsKeeper as the storing medium for the exam papers, it limits the exam paper presence on multiple mediums. Once the exam paper is over RecordsKeeper Blockchain then there is only one single medium of shared ledger available.

  • Hacking of central storage

If the CBSE exam is shared over some relational Database or central storage then there is always a possibility of a malicious attacker trying to access the information or Denial-of-Service (aka DoS) attack but with the use of RecordsKeeper Blockchain we can provide immutability and security for the same. Once the exam paper is over the RecordsKeeper Blockchain, it cannot be modified, deleted or tampered. Moreover the security is provided with the Cryptographic algorithms being used with RecordsKeeper where you can encrypt the exam paper and store it over the RecordsKeeper Public Blockchain. As the RecordsKeeper network is made up of multiple peer-to-peer nodes, there is no central storage available for conducting Denial-of-Service attack as all the the nodes are synchronized with each other.

  • Authorities leaked the exam paper

The major concern point of the CBSE exam paper leak was that the authorities who had access to the exam papers were the focal point for the leak of the exam paper. RecordsKeeper provides a solution to this in a very neat and effective technological way. In RecordsKeeper, everyone who has access to the Blockchain has their own private-public key pairs. Everyone – be it schools/students/authorities/agencies can create a private-public key pairs. The CBSE board can have multiple private-public key pairs for different exam papers. Now the private key is to be securely kept with the person but they can share their public key to the rest of the world. In our scenario, the following path can be taken to solve the problem.

  • CBSE board generates a key pair for each exam.
  • The people/agencies who need the access to the paper can share their public keys through secure internal channels with the CBSE or the CBSE board themselves can generate key pairs for all the schools who require the access to exam papers and share it with them. This process can be online & automated.
  • The exam paper (in JSON/XML Format) is encrypted using the exam private key by the CBSE board. (First Encryption)
  • After that, once the head of CBSE has all the public keys of different schools then they can encrypt the exam paper again (second encryption) by the school’s public key to make sure that only the school registered with the CBSE only has access to the exam paper through their respective private keys. Here the public-key of the respective school needs to be the part of the exam itself to trace back school easily in-case of any leak.
  • The encrypted exam paper is published over the RecordsKeeper blockchain along with . This will create multiple transactions entry over the RecordsKeeper for individual school. There may be 30,000-40,000 CBSE Schools all over the country.
  • The uploaded exam paper’s record identification key is shared with all the respective schools once it is uploaded over the RecordsKeeper Blockchain. This will ensure that they all have the encrypted exam paper ontime. Ideally can be done 24-48 hours before the exam. Now the magic of RecordsKeeper comes into play – the school have the access to the exam paper through their respective individual recorded transaction and they can decrypt the exam paper using their own private key. Please note they will still not able to access the exam as it is also encrypted by CBSE’s private key & they need the public key of the CBSE to decrypt it.
  • This way of uploading data over the RecordsKeeper Blockchain provides a way for the CBSE board to monitor the access of the exam papers and it also makes sure that the exam is not reached to an unwanted party.
  • CBSE announces the exam public key just before the exam. May be 30 minutes or so.
  • The authorities now can decrypt the exam using the exam public key. Convert it into printable format using simple tools like JSON/XML to PDF converter.
  • Finally the exam paper is distributed to the students.

Please note each paper will have the public-key or record-key of the school printed in small letters (in background, like water mark) of the question paper all over the question paper. Not at just one corner or page of the exam paper. This will easily allow the regulators or investigators to trace the school in case of any leak. Since only the principal will have the access of the private key pinpointing the human will be much easier.

Using RecordsKeeper Blockchain to distribute exam makes sure that every activity is being tracked and if somebody tries to maliciously access the paper then it will be recorded over the RecordsKeeper Blockchain and the culprit can apprehended as soon as he/she tries to access the exam paper.

We can take a step further in security by creating the key pairs for students and with that the students will have direct access to the exam without any 3rd party mediums and dependencies.

Please check RecordsKeeper’s technical documentation here or reach out to us here for any PoC on RecordsKeeper.

Check the RecordsKeeper Tools & Resources at below links:

RecordsKeeper is here to make sure we change the way we share information and with its use we can uplift the security, immutability and transparency in our education industry.

Password Strategies for your Crypto Wallet

The digital nature of the cryptocurrencies and crypto wallets is such that it can leave you open to security risks and vulnerabilities if you’re not cautious enough.

On Internet forums, you’ll find stories by people who’ve lost their money because they didn’t adequately secure their cryptocurrency wallet.

The first thing, of course, that everyone does right after creating a crypto-wallet is to set-up a password. Setting a password that is strong is the first layer of protection that you provide to your cryptocurrency wallet. So, set a password which can’t be exploited.

Password choice is a security measure that is 100% in the control of the user. An excellent approach to password-creation is making it close to impossible to guess. A user can use a healthy combination of letters, numerals, and symbols to create a secure, unguessable, password. Another critical point to remember is to avoid using anything personal (like name, birthdate, current identification markers) in a password to protect it from any form of social hacking.

Another way and one that has become popular in the recent times, to secure cryptocurrencies is through 2-Factor Authentication (2FA). If you haven’t yet activated 2FA on your crypto wallet, then you are at a security risk.

What is 2-Factor Authentication?

Along with the login details, 2FA is an added layer of security authenticated via an independent source. When 2FA is activated, it’ll require a code for accessing the wallet in addition to the username and the password.

People often end up not setting strong passwords. And if that’s the only security measure in place, then it creates a security loophole. Not to forget, the password can also be stolen via multiple methods including but not limited to phishing attacks, keylogging, and network sniffing. With 2FA activated, you create an independent mode of authentication. The combination of secure password along with 2FA is a robust strategy to amplify your crypto wallet security.

What Authenticator to use?

The traditional usage is, of course, through getting an SMS on your number. This method is frowned upon by experts because it’s risky and vulnerable regarding security. The ideal approach is to set-up 2FA through an independent, third-party authenticator, such as Google Authenticator.

Some people even prefer email 2FA, because they’re concern about losing their phone.

Types of 2FA Set-up

A lot of crypto wallets platform will ask to choose the type of OTP you want while setting up your 2FA. Technically speaking, there are two forms of set-ups. The first one is called HMAC-based One Time Password (HOTP), and the second one is called Time-based One-Time Password (TOTP). The key difference is that HOTP is valid for an unknown period while TOTP changes in every 30 seconds.

As you can tell, the TOTP approach is safer than HOTP since it doesn’t give the space for the OTP to be copied or stolen in any way. The appropriate change in TOTP ensures security.

TOTP occurs through an authenticator app (such as Google Authenticator). The way this app work is that it synchronizes your smartphone with their app server; thus, providing for that extra layer of secureness in the form of a variable OTP in a 2FA set-up.

What if I lost my phone?

Since the entire idea was to strengthen the security of your crypto wallet, you won’t be able to log into your account. However, there are always a set of private keys, which you should keep as a secure backup. Otherwise, the process of acquiring your account back can be a time-consuming and be taxing.

If you’re using Google Authenticator, you can quickly restore that account by scanning the saved QR code into your new device.

Conclusion:

The holistic approach to password strategy for cryptocurrency involves setting a secure password as a first measure. However, to adequately secure the wallet, one must enable 2-Factor Authentication with a trusted authenticator such as the one that Google provides.