System Network Ensure communication security through the introduction of next generation encryption systems and the highest strength encryption technology SSL Communication In order to protect our customer's personal information, bitFlyer encrypts all customer related data communication. bitFlyer uses higher strength encryption technology than major financial institutions in its communications with customers. TLS1.2 is applied to all connections to bitFlyer, which are encrypted and authenticated using AES_128_GCM. ECDHE_RSA is used as the key exchange mechanism. You can confirm that a website carries out encrypted communication by checking that: the URL displays an image of a key the URL displays "https://" rather than "http:" You can clearly see the presence of an encrypted communication by clicking on the key symbol. Adoption of DigiCert SSL server certificates bitFlyer has adopted SSL server certificates issued from DigiCert. Adoption of DigiCert SSL server certificate's highest level EV. EV stands for Extended Validation, and is what authenticates that the organization described in the certificate exists legally and physically, and that this organization is the owner of the domain described in the certificate. EVSSL has authentication guidelines of global standards, and has the most rigorous server certificate examination. If a website has EVSSL, its address bar becomes green and its business organization shall appear on the site. (※ Browsers such as Internet Explorer 7.0 or later, Firefox, Safari, Google Chrome). Adoption of SHA-2 (SHA-256) SHA, a standard used by the United States government, is a highly secure hash function (data compression summary method). It is possible to verify the presence or absence of data tampering by comparing hash values for both transmission and sending of data summary values. Since the time of SSL server certificate D7applications, hash functions known as SHA-1 and SHA-2 were the primary standards. As of today, many financial institutions have adopted SHA1 as their internet encryption technology. In recent years, however, security vulnerabilities within SHA-1 have been identified. If the vulnerabilities of SHA are taken advantage of by an attacker, the attacker can generate a different certificate with the same signature as the original certificate - this means that the attacker can operate a third party site masquerading as the true site. In the case of SHA-1, in theory, there is a 1/280 chance that this vulnerability can be exposed. SHA-2, which bitFlyer has adopted, surpasses the security strength of SHA-1, reducing the chance that a vulnerability is exposed to 1/2128. This number, approximately 340 x 1036, makes exposing a vulnerability within SHA-2 to a likelihood similar to finding a single grain of sand from all the beaches worldwide - impossible from a practical sense. Adoption of SSL for internal communications bitFlyer uses SSL for internal communications. Protection of the internal environment by firewall A firewall refers to the software and hardware used to protect networks and computers against attacks and unauthorized access from outside the network. The basic function of the firewall is to prevent unauthorized external access. When you use a firewall, you can limit the communication with the services running on the servers. For example, access to an organization's internal file sharing service can be limited to users inside the organization. By limiting access from the Internet, you can prevent unauthorized access to those services. Filtering function: Check the packet to be passed, allow only the packets that are permitted in advance to pass, and block all other packets. Address conversion function (NAT): This is a function that rewrites the packet source and destination address. The presence of the internal client can be hidden from the server of the other party to the communication. Since it is not accessible from the outside, the security of the internal host is strengthened. Remote control, monitoring function: This is a feature which allows firewalls to be set or logs to be checked from another computer. Constant monitoring of unauthorized access and load balancing through Web Application Firewall (WAF) Web Application Firewalls are specifically designed to protect web applications. A WAF can investigate content sent to web applications that firewalls cannot. For example, a distinctive pattern of SQL injection attacks which illegally manipulate the database from an external attacker had been included in the contents of the web application, the WAF can take measures such as blocking its communication. Inspection function: Check the HTTP communication based on the detection pattern The inspection function is the ability to check the HTTP request and HTTP response in the HTTP communication based on a defined detection pattern. The detection pattern defined in the inspection function is comprised of a "whitelist" and a "blacklist". If the HTTP communication is examined using the whitelist, and the content of the HTTP communication does not match the specified value or pattern, the WAF will specify the HTTP communication as unauthorized. If the HTTP communication is examined using the blacklist, and the contents of the HTTP communication matches an invalid value or pattern, the WAF will specify the HTTP communication as unauthorized. Handling function: Run the process for handling HTTP communications The handling function is the ability to handle unauthorized HTTP communications detected through the inspection function and the like, according to a defined process. The three methods which can be defined are pass-through processing, error handling, and blocking. Pass-through processing is a way to either handle an unauthorized HTTP communication as is, or send it to a website. This method is generally used in cases such as inspecting HTTP communications at the time of WAF implementation, or recording an unauthorized HTTP communication that is detected. Error Handling refers to the process through which a WAF generates an error response and sends the error response to the user or web site, rather than sending the unauthorized HTTP communication detected. Blocking refers to the method of intentionally discarding unauthorized HTTP communications that have been detected. When the WAF discards the HTTP communication, one of the following methods are utilized: Send an HTTP communication disconnection response to the user or website, or send nothing in response to the HTTP communication. Log function: Record the activities of WAF The log function records unauthorized HTTP communications detected through the inspection function and WAF activity. Generally, WAF logs are recorded in a file or database. There are two types of logs: The record of unauthorized HTTP communications and their handling, and the record of WAF activity and error information. From this record, it is possible to check the detection and number of handling events for unauthorized HTTP communications, and eliminate the effort involved in updating detection patterns. Load balancing the network through the introduction of DNS server IP Anycast In communications through IP Anycast, one IP address is assigned to multiple devices on the Internet simultaneously and shared. In all nodes, by operating the same service in the shared address, the setup is such that the same service is provided regardless of which node does the handling. By implementing IP Anycast, it becomes possible to distribute requests to multiple servers and multiple locations, and the service can be protected from DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks. For example, a DoS attack from one place is localized to the closest node network wise so that other nodes are not affected. Also, because DDoS attacks are distributed across multiple nodes, the effects can be suppressed. Thus, by implementing IP Anycast, it is possible to improve the performance and resiliency of the DNS server. bitFlyer uses multiple layers of security to defend against DDoS attacks. Login Password strength check For your security, bitFlyer requires a password of sufficient strength. bitFlyer recommends for customers to use very strong passwords which avoid the use of commonly used character strings. bitFlyer's password requirements are shown below. Putting such limitations on customer passwords prevents brute force attacks in which passwords of various character strings are randomly tested for one ID, or dictionary attacks in which password candidates that exist in advance in a dictionary are randomly tested. There is also something known as an account list attack in which ID and password combinations are stolen from a web service and used in an attack. Please note that the same ID and password should never be used across multiple services. Account lock function When you log in to bitFlyer, if you enter the password incorrectly a certain number of times, your account will be locked. This is to protect customer accounts from attacks such as brute force attacks. Two-step authentication through mobile phone or device Two-step authentication function can be set by SMS, e-mail address, or an authentication application. For normal services, login is achieved through authentication of ID and password. However, when connected to the internet, this service can be accessed from anywhere, and as such security may be breached when ID and password pairs are stolen, or a malicious third party obtains the ID and runs a brute force or dictionary attack to forcibly login. This is where, in addition to the original ID and password, an additional six digit number known as an authentication code is entered, hence strengthening security. Because the authentication code changes over time, as well as whenever a login occurs, even if a malicious third party steals the ID and password, obtaining access will be more difficult. Managing login history Each time you log in to bitFlyer, a login confirmation email is sent to your registered e-mail address from bitFlyer that includes a link to freeze your account. This is done so that in the event a third party logs in to your account, you can immediately freeze your account. Additionally, after logging in, you will be able to confirm your login history, including IP address, date, and time. Automatic Timeout To prevent unauthorized operations by a third party, you will be logged out in the case that there are no operations performed in a fixed amount of time. Bitcoin Multi-Signature Multi-sig is the latest in Bitcoin security measures designed to ensure that your Bitcoin transactions are safe. Unlike a typical Bitcoin address, multi-sig Bitcoin addresses require two or more separate signatures to send Bitcoin. The number of signatures required is represented as a proportion of the total number of possible signatures - for example, 2 out of 3 means that 2 signatures are required out of 3 possible signatures before Bitcoin can be sent. Multisig allows for extremely secure wallets, as even if a private key is leaked or hacked, unless all keys required have been compromised, no coins can be released from the wallet. It is extraordinarily difficult for an attacker to penetrate 2 or more highly secure platforms within a short period of time. Storing one of the required addresses in a location that is not connected to the internet provides an even further level of protection and security. Over 80% of bitcoins are stored in a cold wallet To protect our customers' funds, 80% or more of bitFlyer owned bitcoins are stored in a cold wallet that is isolated from the network. The cold wallet is protected by several physical locks as well as a robust 24-hour surveillance system. In-house developed Bitcoin daemon The source code for the generally available Bitcoin daemon is available to the public, and as such, there is a risk that potential vulnerabilities could be identified and exploited. Due to this, bitFlyer has developed a proprietary Bitcoin daemon to reduce the probability of an attack. In the small chance of any issue with the proprietary daemon, it is possible to cross check the behavior of the bitFlyer daemon with the commonly used daemon (bitcoind), and modify the proprietary daemon immediately as appropriate. Infrastructure Latest OS patches are applied automatically When patches are released to fix a variety of OS issues including security, they will be downloaded and updated automatically. Information regarding the latest patch releases is checked frequently to ensure the most recent security patches are applied. Encryption of the customer information database All customer information is stored in encrypted form. Self diagnosed health check on all servers bitFlyer systems are constantly undergoing checks. As an example, in the case there is even a slight amount of inconsistent data in customer Bitcoin or JPY deposit balances, the system will forcibly shutdown in order to minimize damage. In the small of event of an issue, the system is designed to respond quickly to prevent larger damage. Program XSS (Cross Site Scripting) measures XSS is an attack technique in which a malicious program is fed to site visitors via a vulnerable website. The below basic and specific measures have been taken to prevent XSS. SQL Injection prevention measures A SQL Injection is a method to illegally access or operate the database of a web application. Secret information, data leakage, or tampering of important data or personal information is possible with this type of attack. The below basic and specific measures have been taken to prevent SQL Injection. CSRF (Cross Site Request Forgery) measures CSRF is a type of malicious exploit of a website whereby HTTP requests from an external web page which should be denied are executed on the website. CSRF attacks can cause sites to perform unauthorized processing, illegal or nuisance writes, redirection to unauthorized sites, or DoS attacks due to large amounts of illegal writes. The below basic and specific measures have been taken to prevent CSRF. Brute force attacks, dictionary attacks (including password list attacks), reverse brute force attack measures Brute force attacks are an attempt to decrypt or decode passwords, encryption, encryption key lists, or other ciphers by attempting to use all possible character combinations. Dictionary attacks are attempts to use user password candidates prepared in dictionary form in an attempt to gain access to a target website. Reverse brute force attacks are a variation of the brute force attack. In a normal brute force attack the login ID is fixed, while the attack targets the password. In a reverse brute force attack, the password is fixed while the attack targets the login ID. Basic and specific measures have been taken to prevent brute force, dictionary, and reverse brute force attacks. Some of these measures are introduced in the Login field. Password hashes and salts We do not store customer passwords in plain text form. Passwords are stored in the form of hash strings. Consequently, even if the password hashes are obtained by a third party, it is practically impossible to derive the original password from the hash strings. A hash string is a random string generated from a customer password via multiple hashing operations with salts. Recovering the original password string from a hash processed via multiple salts would require an astronomical amount of computing time and electricity expenditure, making it virtually impossible. IP Address Restriction Access to the terminal and services is controlled based on the connection source by IP address. Only connections from pre-registered IP addresses can access the terminal and services, and access from third parties is restricted. Auto alert with self diagnosis function If illegal operations related to bitFlyer services are detected, alerts will be automatically sent to employees by the self diagnosis system. This allows bitFlyer to be able to react quickly in the small chance of illegal access or operations performed. Usage of a cryptographically secure pseudo random number generator A cryptographically secure pseudo random number generator (CSPRNG) satisfies the following 2 conditions: (1) There is no way to guess the next bit to be generated from the current generated bit sequence with a greater than 50% probability. (2) Even if the middle of the internal state of CSPRNG is revealed, the past random number sequence can not be reproduced. The quality of the random numbers is secured with (1). As such, an attack by an attacker who is aware of the middle of the internal state of CSPRNG can be withstood. By using CSPRNG for generating private keys and digital signatures, these types of attacks can be prevented. Operations Identity verification Identity verification for major changes Identity verification by bitFlyer is performed multiple times. Through multiple identity verifications, we endeavor to prevent spoofing attacks of customers by third parties. We appreciate your cooperation in these matters. As an example, customers cannot change their registered information directly via the website after the corresponding information is confirmed by bitFlyer. Instead, bitFlyer will proceed to update the requested information after confirming the customer's personal information over the phone. *As for some items which is related to the login information, identity verification over the phone is required regardless of whether the information is confirmed or not. Cell Phone Authentication Identity verification is also done via cell phone through SMS. SMS authentication is a way of verifying personal identity by sending a unique code to the customer's registered cell phone number. As only one cell phone number is applied to a cell phone terminal, bitFlyer is able to identify the owner of the cell phone and complete identity verification. Facebook Authentication Identity verification is also performed via linkage to a customer's Facebook account. Bank Account Confirmation (Name of bank and branch, account type, account number and bank registered name) Once a customer registers the bank account information, bitFlyer will proceed with the bank account confirmation process to verify the validity of the bank account and the associated account information. Proof of identity verification (Full name, address and date of birth) bitFlyer confirms customer identities by requesting customers to upload an image of the customer's official proof of identity (i.e. driver's license or passport). An ID selfie of the official proof of identity next to the customer's face is also required in certain cases. Anti-social force check by external agency database To confirm that bitFlyer customers are not members of any anti-social forces, regular queries are run against a database of third-party organizations. Verification of deposit and withdrawal transactions Upon the deposit, withdrawal and/or remittance of Japanese yen or virtual currency, an advanced algorithm and visual checks are applied to maximize protection against fraudulent transactions. Additionally, when funds are moved from an account, an alert e-mail is sent prompting the user to confirm his/her identity in order to complete the transaction. Plans to prevent viruses and hacking attacks Virus checks and hacking prevention exercises Frequent virus checks are required to ensure good security. bitFlyer implements full scan filesystem virus checks on a daily basis with multiple virus scanning software, in addition to virus scanning all packets sent from external environments. To protect against hacking, bitFlyer checks security vulnerabilies by executing various attacks thousands of times on a periodical basis. As new viruses or hacking methods are introduced, bitFlyer makes sure to regularly update its security with careful consideration to risk exposure. Segregated management of assets Segregated management of customer assets Customer assets, including Bitcoin and JPY, are clearly segregated from bitFlyer's own assets. Each customer's bank account is unique to ensure customer assets can be properly segregated. In addition, customer cash is managed in a separate bank account from bitFlyer's own bank account.