Copper, the London-based custodian for digital assets, has further improved the security protocols of its custodial service by adding military grade optical air-gapping. This enhancement ensures the complete security of an offline repository of asset owners’ sharded keys during the transaction signing process.
The company already provides custody for multiple funds and investors operating a full range of investment strategies. Their feedback is further informing the development of Copper’s services and optical air-gapping is the first in a range of product enhancements that are largely focused on streamlining the user experience within the application itself.
What is air-gapping?
An air-gap refers to a computer that has never been connected to the internet and is separated from other devices or networks that have been, or are, connected to the internet.
Air-gapping is employed by organisations that have a need for additional security. Often this is the case in classified military facilities, or where sensitive data is transmitted, such as bank details or credit card authorisations for retail users. It is a popular cyber security method employed by the likes of the U.S Pentagon and the National Security Agency.
In many cases, air-gapped computers communicate with online networks by the transfer of data or files using USB sticks. Now an air-gapped machine can communicate with an online machine using QR codes, this is called “optical air-gapping”.
A new use-case
Previously, optical air-gapping in the form of QR codes has been used in finance to authorise retail fiat payments, and in crypto markets to encrypt wallet addresses. Now Copper has begun to utilise the technology to ensure the integrity of an offline machine used to sign transactions in a multi-sig custody solution.
The communication between an online machine (a hot machine) and an offline, air-gapped machine (a cold machine) is an important part of Copper’s sharded key model, which splits a private key in to three parts. To execute a transaction, two out of three shard-holding parties must digitally sign using their part of the key, which is stored on a cold machine. Previously, when communicating unsigned, partially signed, or signed contracts between hot and cold machines, users had to transport the encrypted contract between machines via a USB stick. Although this proved extremely effective, the need for a USB stick was a potential vulnerability in the process as there is a chance the USB stick could be compromised.
Now, instead of using USB sticks, the cold machine can receive the contract from the hot machine by letting it scan the on-screen QR code – eliminating the need for extra hardware and extra risk. Optical air-gapping is more secure because the offline machine can be entirely isolated from external sources of influence.
Due to the amount of information which needed to be encrypted within the QR image, the developers created an image cycling process to display multiple QR codes in rapid succession. This gives the image an appearance of being animated.
Dmitry Tokarev, Founder and CEO of Copper, has commented:
“Institutional investors and fund managers, who manage tens of millions of dollars in digital assets, rightly require the highest level of custodial security and governance, given these are bearer assets.
“Not only does optical air-gapping provide this, it also creates greater efficiency by increasing the speed at which transactions can be processed. By simply showing the encrypted file to the offline machine, the transaction can be completed in seconds rather than minutes.
“Our clients have selected Copper as we have created a market leading custodial service that they can see evolving as rapidly as their own requirements. Having live users is a real source of competitive advantage in this field.”
QR codes are becoming more popular in the finserve industry due to their speed and security. Most recently, Amazon has announced that it is working with Mexico’s central bank to create a smartphone payment system using QR codes.