It is important to emphasize that the Zenfuse platform will never request access to withdraw funds from cryptocurrency exchanges. This particular aspect alone reduces the risk of fraud against Zenfuse users to a negligible level. Nevertheless, continuing to meet the highest possible security conditions across all areas remains our top priority.

We devote special attention to the protection of the user’s API keys. Our carefully built team of professionals commands more than the requisite expertise to create and maintain an entirely protected platform. Security features include regular backups and user data encryption (API keys will be encrypted and stored in secret), two-factor authentication (2FA), IP whitelist, instant login notifications, secure SSL, strong DDoS protection, and account/IP lockouts to prevent brute force. With these and other security layers, users can rest assured their data is safe.

🎯 Security Goals

While users can trust their credentials and sensitive data to Zenfuse, no system can ever be 100% secure. We will strive to make our platform as safe and secure as possible. In particular, important information will not be stored on our servers, ensuring that no data can ever be stolen from them. Instead, users will employ a disposable password to authorize the platform to perform actions on their behalf manually.

👌 Access Token Storage

“An access token contains the security credentials for a login session and identifies the user, the user's groups, the user's privileges, and, in some cases, a particular application.” - Wikipedia.

We will implement a centralized token storage facility to secure all sensitive data. This will allow us to provide a complete access log to track requests of a particular token.

We will use a hierarchical organization of access token distribution. For every new user, the system will issue a special Trader token. All the sensitive data, including credentials and personal tokens from cryptocurrency exchanges, will be treated as child tokens. The user will control the parental Trader token. For example, the user will be able to revoke access to the data on his mobile devices remotely. If a Trader token is revoked, all subsidiary tokens will be revoked as well. Thus, if an external attack is registered, the system will instantly perform a break-glass procedure to protect the user’s tokens and thus prevent all data from being stolen.

🔒 Server-Side Encryption

User data will never be stored in raw format as we will employ the Digital Envelope encryption technique. This is a practice of encrypting user data with a unique key, combined with an additional encryption of the key with a master key.

This approach allows user data to be safely stored within Zenfuse, as both the data and its data key are protected by encryption. Furthermore, the Digital Envelope encryption method combines multiple encryption algorithms. For public-key encryption, a specific algorithm will be used to meet specific requirements. For example, public key algorithms will have to provide a separation of roles, whereas, in other cases, symmetric key algorithms may be used to achieve the best performance.

🔐 Key Management With HSM

The Zenfuse system will be additionally secured on a hardware layer. Hardware Security Module (HSM) is a physical or cloud device that manages keys. HSM provides secure storage and generation of master keys. It provides both logical and physical protection of the data by keeping it inaccessible to destructive forces and unauthorized users.

This layer depreciates social engineering attacks by requiring physical access to HSM. The master key will be managed by the Zenfuse team and stored in the HSM.

While we are confident in our team’s talents, part of our budget is assigned to performing prudent additional security audits before each major release.