3.7.1 Security Architecture Approach

Information Security refers to the protection of data and information systems against unauthorized access, disclosure, alteration, and destruction. It encompasses three fundamental principles:

• Confidentiality, ensuring that data is accessible only to authorized individuals.

• Integrity, maintaining the accuracy and consistency of data throughout its lifecycle.

• Availability, ensuring that data and systems are accessible when needed.

DGT is a distributed system for which numerous risks are possible, including the usual risks for client-server applications, as well as specific ones: network partitioning, and processing disruptions in the process of Byzantine attacks. The general risk scheme is shown in the figure below.

Figure 46 Major Security Risk for DLT

DGT platform addresses several fundamental security aspects to maintain the integrity and reliability of the system.

3.7.1.1 Network Resilience

DGT prioritizes network protection and resilience, ensuring stability in terms of node connectivity, network access, and overall system availability. Several measures are implemented to achieve this, including:

• Permalink Safeguarding: DGT ensures the security and reliability of permalinks, which serve as dedicated communication channels between nodes. This safeguards effective and consistent node communication, contributing to network stability.

• Access Gateway Registry Availability: DGT maintains an accessible registry of access gateways through independent data sources. This ensures the availability of gateways for participants, enabling reliable and uninterrupted network access.

• Closed Segment Certificates: DGT enforces the use of certificates to join closed segments of the network. This requirement enhances security and controls access to specific network segments, preventing unauthorized participation and bolstering network stability.

• Open Segment Cluster Formation: DGT implements a mechanism for forming clusters in the open segment of the network. This enables efficient coordination and collaboration among nodes, promoting stability and resilience in the network.

3.7.1.2 Distributed Ledger Security

A distributed ledger is a common database of a network distributed throughout the network. The common goal of all DLT systems is to support the synchronization of copies and the packaging of valid transactions into blocks:

• Immutability refers to the property of the blockchain ledger where once a transaction is recorded and confirmed, it cannot be altered or tampered with. This ensures the integrity and trustworthiness of the ledger.

• Tamper-proof: The DGT’s ledger is designed to be tamper-proof, meaning that it is resistant to unauthorized modifications or changes. The use of cryptographic hashing and consensus mechanisms ensures that the ledger remains unchanged once transactions are confirmed.

• Data Integrity: Data integrity ensures that the information stored in the ledger remains accurate and consistent. Each transaction is validated and cryptographically linked to previous transactions, creating a chain of blocks that ensures the integrity of the ledger.

• Consensus Mechanism: The consensus mechanism employed by the blockchain ensures that all participants in the network agree on the validity and order of transactions. This consensus process plays a vital role in maintaining the integrity of the distributed ledger.

• Merkle Tree: A Merkle tree is a data structure used in blockchain to efficiently store and verify the integrity of large amounts of data. It allows for quick verification of the integrity of individual transactions and ensures the integrity of the entire blockchain.

• Hashing: Hashing is a cryptographic technique used in DGT to generate a unique and fixed-size representation (hash) of data. The use of hashes ensures the integrity of the ledger by providing a secure and efficient way to verify the integrity of transactions and blocks.

• Digital Signatures: Digital signatures are used in blockchain to ensure the authenticity and integrity of transactions. They provide cryptographic proof that a transaction was created by a specific participant and has not been tampered with during transmission.

• Trustless System: The DGT's design and cryptographic techniques eliminate the need for trust in centralized entities. The distributed ledger ensures the integrity of transactions and removes the reliance on a single trusted authority.

3.7.3.3 Protocol Security

The security of the DGT protocol is ensured through robust verification and validation mechanisms for transactions, incorporating the following key elements:

• Digital Signatures: Every transaction in DGT is accompanied by a digital signature, guaranteeing authenticity and integrity. These signatures verify that transactions are authorized by the legitimate owner and have not been tampered with during transmission.

• Transaction Validation: Nodes within the DGT network perform meticulous checks to ensure the accuracy and adherence of transactions to predefined rules and criteria. This comprehensive validation process includes verifying transaction inputs, outputs, and associated data, preventing the inclusion of invalid or fraudulent transactions in the ledger.

• Byzantine Fault Tolerance: DGT's consensus algorithm is designed to tolerate Byzantine faults, which encompass malicious or arbitrary behavior by nodes. This fault tolerance enables consensus to be achieved even in the presence of malicious nodes, ensuring the integrity and stability of the ledger.

• Node Reputation and Selection: DGT considers the reputation and performance of participating nodes during the consensus process. Nodes with a proven track record of consistent and accurate verification gain higher credibility and influence in consensus-based decision-making, enhancing the overall security and reliability of the network.

• Sybil Protection: DGT implements measures to defend against Sybil attacks, in which attackers create multiple identities to manipulate the consensus process. By employing mechanisms such as Proof-of-Stake at the arbitrator level, DGT reduces the risk of Sybil attacks, reinforcing the security and integrity of the consensus mechanism.

• Denial-of-Service (DoS) Resilience: DGT incorporates resiliency against DoS attacks through measures like rate limiting, cluster-based resource allocation, and prioritization of valid transactions. These measures shield the consensus process from failures caused by malicious or excessive traffic, maintaining the stability and availability of the network.

3.7.1.4 Node Level Security

Technically, the DGT platform is represented by the software of the node, the nodes exchange transactions under a special protocol. Each server is a server waiting for input from the client, in the case of DGT through the outer API layer. Specific features of node-level security include:

• Secure API: DGT implements a secure application programming interface (API) for seamless communication with nodes. This API incorporates authentication and access control mechanisms based on the OAUTH2 protocol, effectively preventing unauthorized access, and safeguarding sensitive data.

• Secure Network Communication: DGT prioritizes secure network communication between nodes. By employing HTTPS encryption protocols, data transmitted between nodes is protected from eavesdropping or spoofing, enhancing the confidentiality and integrity of the network. In addition, the internal components of the node are implemented as virtual services, which together form an internal network, and require open sockets (ports). For security reasons, such internal ports should be closed to external calls.

• Identity Management: DGT incorporates robust identity management techniques to authenticate and authorize nodes on the network. Public segments employ cryptographic keys, while private segments utilize X.509 digital certificates. These measures ensure the accurate identification and authorization of nodes, bolstering the security of the network.

• Code Integrity: Nodes in DGT employ mechanisms to guarantee the integrity of their codebases. Cryptographic checksums are utilized to verify the integrity of the node's code, ensuring that it has not been tampered with and maintaining the trustworthiness of the overall system.

• Monitoring and Auditing: DGT integrates comprehensive monitoring and auditing mechanisms to promptly detect and respond to security incidents or suspicious activities within nodes. Real-time logging and analysis enable timely identification of potential threats, facilitating swift and effective incident response.

DGTs, especially those hosted on public segments, can be vulnerable to Distributed Denial of Service (DDoS) attacks. These attacks aim to overload blockchain nodes by inundating them with a barrage of spurious messages. While systems like Bitcoin and Ethereum are resilient against DDoS attacks due to the requirement of significant transaction fees (gas), DGT nodes can process transactions with no or low fees, making them more susceptible to such attacks.

To safeguard against DDoS attacks and protect host components, several measures should be implemented:

• Back pressure: This flow-control technique enables the rejection of abnormally frequent client submissions. If a validator becomes overwhelmed, it stops accepting new batches until it can handle the workload. The number of batches accepted by the validator is determined based on a multiplier (currently two) of the rolling average of published batches. Constraints specific to transactions like DEC may overlap with validator settings.

• ZMQ Encryption: DGT communication nodes utilize the Zero Message Queue (ZMQ) message library. To enhance security, encryption can be enabled by defining the network_public_key and network_private_key settings in the validator. toml configuration file. It is recommended to generate a unique key pair for production purposes rather than using a predefined key.

• REST API Input Validation: Input validation for the REST API is crucial to prevent buffer corruption or overflow attacks.

• Firewall Configuration: Specific TCP ports should be closed or protected to minimize unauthorized access. The following ports require attention (could be re-arranged by settings):

• TCP port 4004: Used for communication between internal validator node components, it should be closed to outside access.

• TCP port 5050: Used for communication between the validator node and the consensus engine, it should be closed to outside access.

• TCP port 8008: Used for the REST API, additional protection through OAuth2 is recommended to secure application-related endpoints.

• TCP port 3030: Used for Seth RPC in smart contracts (WASM), it should be closed to outside access unless all RPC requests originate from the local host.

• TCP port 8800: Used for communication between validator nodes, it should be open to outside access.

3.7.1.5 Privacy Protection

Privacy protection is a crucial aspect of security in DGT, and it is addressed through a multi-layered approach to ensure the confidentiality of sensitive information. The following elements contribute to privacy protection within the DGT network:

• Storage of Private Keys: The DGT network does not store private keys directly within the blockchain itself. Instead, the responsibility for safeguarding private keys lies within the application layer. This approach ensures that private keys, which are crucial for access to digital assets and cryptographic operations, remain in the secure custody of users or authorized applications.

• Off-chain Storage of Private Data: All private data, including identity attributes and confidential Verifiable Credentials (VCs), is stored in the off-chain layer. This off-chain storage is managed by Notary nodes equipped with a repository of private information. By keeping private data off the blockchain, DGT minimizes the risk of exposing sensitive information to unauthorized access.

• Zero-Knowledge Proof (ZKP) Approach: To protect the social graph and maintain privacy, DGT incorporates a Zero-Knowledge Proof approach. Specifically, a special family of secure Diffie-Hellman Elliptic Curve (DHEC) transactions is employed. This cryptographic technique allows for secure transactions without revealing specific details of the participants involved, preserving privacy while ensuring transaction validity and integrity.

• Secure Data Exchange: DGT utilizes various methods for secure data exchange, such as Secure Multiparty Computation (SMPC). SMPC enables secure computations on private data without exposing the raw data itself. This approach, for example, facilitates secure operations like finding intersections of private sets using Private Set Intersection (PSI) protocols. By employing these techniques, DGT ensures the confidentiality of sensitive data while enabling secure data analysis and computations.

• Federated Learning: DGT leverages federated learning models to support distributed artificial intelligence (AI) while maintaining privacy. Instead of sharing raw data, federated learning allows for the exchange of machine learning models. This approach enables collaborative AI training without the need to expose individual data, thus preserving privacy and confidentiality.

3.7.1.6 Code and Compliance Security

Code and compliance security is a crucial aspect of the DGT platform, ensuring the integrity of the codebase and adherence to regulatory requirements. The following elements contribute to code and compliance security within DGT:

• Open Code Storage and Audit: DGT adopts an open code storage approach, making the codebase transparent and accessible for scrutiny. This allows independent security audits and reviews to validate the integrity and reliability of the code. Regular code reviews and checks contribute to identifying and addressing potential vulnerabilities or weaknesses in the platform.

• Security Testing: DGT conducts regular security checks as part of dedicated testing efforts. These security assessments aim to identify and mitigate any vulnerabilities or weaknesses in the platform. By proactively testing and assessing the security of the system, DGT can address potential risks and ensure a robust and secure environment.

• Standardized Security Libraries: DGT emphasizes the use of standardized security libraries for developing and implementing security measures. By relying on established and trusted security libraries, DGT ensures that security controls and protocols are implemented consistently and reliably, reducing the risk of introducing vulnerabilities or flaws through custom implementations.

• Compliance Rules and Regulations: The DGT platform allows for the establishment of rules and configurations that align with regulatory requirements. This includes setting up rules and protocols related to protected funds, asset management, transfer amounts, and other compliance-related aspects. By incorporating these rules, DGT ensures that the platform operates within the framework defined by regulators, enhancing compliance and mitigating potential risks.

• Off-chain Notary Layer for Decentralized IDs and KYC/AML: DGT incorporates an off-chain layer managed by notaries, which facilitates the maintenance of decentralized identities (IDs) and enables Know Your Customer (KYC) and Anti-Money Laundering (AML) checks. This off-chain layer ensures that sensitive identity and compliance-related data is securely managed while still complying with regulatory requirements.