Tkeycoin — security, that’s what we’re betting on

Today we will talk about the security of using the Tkeycoin platform and the TKEYSPACE mobile blockchain wallet.

Tkeycoin is a peer-to-peer payment system based on p2p principles and the concept of electronic cash. P2P technology is a fairer means of mutual settlements between users and companies around the world. Modern payment systems are imperfect and may depend on the will of high-ranking officials.

We approached the market from an economic and scientific point of view, borrowing the best from Bitcoin, Ethereum, DASH, and other alternative currencies, mixing modern concepts and building on the global experience of IBM, Microsoft and a number of other companies and research.

The Tkeycoin blockchain is protected by various mechanisms that include advanced cryptographic methods and mathematical models of behavior and decision-making. Blockchain technology prevents duplication or destruction of digital assets.

In addition to providing security and recording transactions in registers, cryptography also plays a role in ensuring the security of wallets used to store Tkeycoin. Paired public and private keys, which respectively allow users to receive and send payments, are created using asymmetric encryption or public-key cryptography. Public keys are used to generate digital signatures for transactions, which allows you to authenticate ownership of the coins being sent.

The asymmetric cryptography architecture does not allow anyone other than the owner of the private key to access funds stored in the cryptocurrency wallet, so these funds are kept safe until the owner decides to spend them.

In simple words, in the Tkeycoin peer-to-peer system, only you are the real owner of your money and only You have access to it.

Using tools such as a local Tkeycoin Core wallet or TkeySpace provides you with reliable storage, privacy, and security.

TkeySpace, in turn, adds maximum usability by combining the highest level of security and easy intuitive design.

How does TKEYSPACE provide security?

TKEYSPACE is one of the first applications that support blockchain in a mobile device and is also the first decentralized application of the TKEY platform.

Its serverless architecture provides the highest level of security for storing all assets in the application. unlike centralized applications that are managed by companies, TkeySpace does not have a Central management authority and operates in accordance with all the principles of peer-to-peer networks.

As we said above, the wallets in the blockchain have a public and private key. Centralized applications usually store users ‘private keys on their servers, which makes users’ funds vulnerable to hacker attacks or theft.

TkeySpace-stores the encrypted key only on the user’s device and in encrypted form. The encrypted key is displayed as a mnemonic phrase (backup phrase), which is very convenient for users. Unlike complex cryptographic ciphers, the phrase is easy to save or write. The backup phrase provides the maximum level of security and thanks to its usual appearance, an attacker is unlikely to ever guess what these words are and what they are for.

A mnemonic phrase is 12 or 24 words that are generated using random number entropy. If the phrase consists of 12 words, then the number of possible combinations is 2048¹² or 211³² — the phrase will have 132 security bits. To restore the wallet, you must enter the mnemonic phrase in the strict order as it was presented after generation.

And so that you do not get confused in the definitions and concepts, we will briefly describe simple and clear principles of how it all works. Let’s look briefly at the factors.

Lock Screen

The simplest thing that protects your phone from unauthorized access is Pincode, a snake, a fingerprint or a Face Id login. And it would seem that this is related to TKEYSPACE?

  • At a minimum, it is almost impossible to open new mobile devices and pick up a pin code, even in the case of theft, most often the factory settings are reset, which leads to the deletion of all data on the phone, respectively-your funds are safe even for this reason.
  • Even if there was some “craftsman” and somehow managed to change the pin code on your device, the TKEYSPACE app will automatically delete all the keys and backup phrases, the wallet will simply be empty, and the attacker will be left with nothing.

As we can see, even a simple screen lock with a pin or fingerprint protects your data. It’s not as simple a screen lock as you and I might think.

Every platform, whether it’s Android or AppStore, uses specialized key stores. Cryptography, symmetric and asymmetric encryption, keys, and certificates are directly related to this task.

Keys and certificates that are used to protect information must also be securely protected. Android uses Keystore, a certificate and a Keystore, for this purpose.

Keystore is a specialized secret data store that is used by Java applications to encrypt, authenticate, and establish HTTPS connections.

For two-way authentication, the client and server exchange certificates, respectively, and the server and client must have a Keystore with a private/public key pair and a certificate. In other words, the Keystore is used to store keys and certificates that are used to identify the key owner (client or server).

Starting with Android 8, the encryption systems have been upgraded, the system is checked for signs of hacking at startup, and the screen lock allows you to restrict access to the device. Data encryption and the use of keys ensure the security of information when it is stored and transmitted.

In the new version of the OS — Android 9 (Pie) — the developers also added support for hardware to protect against unauthorized changes.

Android apps run in an isolated software environment that restricts access to your information to other apps. OS components are also protected, which prevents attackers from exploiting system errors for their purposes.

Android uses both hardware and software to protect users and their data. Therefore, even at the operating system level, there are a lot of security factors. Of course, if you “flash” the phone (change the factory firmware) and enable Root access, this will reduce the security of Your device, but this is more an exception than a rule and such changes are usually introduced by very experienced users.

IOS uses Keychain — a specialized database for storing metadata and confidential information. Using a Keychain is the best practice for storing small pieces of data that are critical to your apps, such as secrets and passwords. In addition to the Keychain, Apple provides a full range of maximum protection for Your device.

And so we will continue,

Passcode in the app

Now we understand that to get access to the tools, an attacker needs to hack the hardware security of the Google and Apple giants to somehow get access to the app, which is impossible.

To increase security and eliminate other risk factors, we have included an access code (secret code) in the app.

You set an additional level of security by enabling a pin code to log in to the app. The access code additionally encrypts all data stored in the app.

Just so you understand — it’s not just numbers that you enter on the screen, this combination affects the ciphers inside the app. When creating a key, a user interface element is called. when the user swipes the screen, the application receives a random set of bytes — thus, all information is additionally covered by a new layer of cryptography.

And as we said above, if you try to disable the pin code, the app will delete all the data, and the attacker will be left with nothing.

As we have already realized, only 2 of these factors provide the maximum level of security for the TKEYSPACE application.

And the most important thing is that the application runs on the blockchain, which guarantees its full Autonomous operation, data immutability, and privacy.

Generation of new addresses, absence of accounts, phone numbers, e-mail and other personal data-provides you with a social level of security, which is a huge advantage in our time.

In a world where security is based on the level of cryptography, attackers try to influence You with the human factor using social engineering, so when you use applications with accounts, phone numbers, you have more risks.

Social engineering is a method of obtaining the necessary access to information based on the characteristics of human psychology.

For example, a copy of a SIM-card has become a new tool for fraudsters, but there is no personal information in TKEYSPACE, so even such groups of fraudsters can’t get access to your funds.

You don’t have to worry about security — it’s already built into the TKEYSPACE system.

A mixed encryption system based on the principles of computational complexity, with the deterministic generation of signatures using elliptic curves, provides absolute security and safety of user funds, and reserve phrases will help you restore funds at any moment.

A mnemonic phrase is 12 or 24 words that are generated using the entropy of random numbers.

If the phrase consists of 12 words, then the number of possible combinations is 2048¹² or 211³² — the phrase will have 132 security bits. To restore the wallet, you must enter the mnemonic phrase in the strict order as it was presented after generation.

Only you and no one else has access to the phrase. When you get the key, the app has restrictions on the screenshot, and the clipboard is disabled, which protects against malicious software.

It is you, as a user, who sees the phrases, and everything in the device is encrypted, the blockchain architecture protects against hacker attacks, information forgery, and other hacks.

For those who are a bit obsessed with persecution mania, we offer a small lifehack:

Buy several USB drives, connect them to a device that does not have access to the Internet, preferably on a clean operating system, create a text file, write backup phrases there, and encrypt the USB drives with passwords.

Once again, to ensure security and easy recovery, it is enough to record backup phrases once and make several backups. you do not need to resort to an additional encryption method, because we have already done everything for you :)

Official TKEY blog in Medium. Infrastructure for the financial ecosystem