Blockchain and distributed ledger technologies -- Security management of digital asset custodians

This document discusses the threats, risks, and controls related to: — systems that provide digital asset custodian services and/or exchange services to their customers (consumers and businesses) and management of security when an incident occurs; — asset information (including the signature key of the digital asset) that a custodian of digital assets manages. This document is addressed to digital asset custodians that manage signature keys associated with digital asset accounts. In such a case, certain specific recommendations apply. The following is out of scope of this document: — core security controls of blockchain and DLT systems; — business risks of digital asset custodians; — segregation of customer's assets; — governance and management issues.

Titre manque

Blokovno veriženje in tehnike razpršenih glavnih knjig - Upravljanje varnosti pri skrbnikih digitalnih sredstev

General Information

Status
Published
Publication Date
09-Dec-2020
Current Stage
5060 - Close of voting Proof returned by Secretariat
Start Date
19-Nov-2020
Completion Date
19-Nov-2020

Buy Standard

Technical report
ISO/TR 23576:2020 - Blockchain and distributed ledger technologies -- Security management of digital asset custodians
English language
35 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/PRF TR 23576:Version 28-okt-2020 - Blockchain and distributed ledger technologies -- Security management of digital asset custodians
English language
35 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

TECHNICAL ISO/TR
REPORT 23576
First edition
2020-12
Blockchain and distributed ledger
technologies — Security management
of digital asset custodians
Reference number
ISO/TR 23576:2020(E)
ISO 2020
---------------------- Page: 1 ----------------------
ISO/TR 23576:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TR 23576:2020(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative reference ......................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Abbreviated terms .............................................................................................................................................................................................. 2

5 Basic description of a model of online system for digital asset custodianship ...................................3

5.1 General ........................................................................................................................................................................................................... 3

5.2 Example of a system for digital asset custodians and its functional components ........................ 3

5.3 Examples of transactions ............................................................................................................................................................... 5

5.4 Description of keys used for signature and encryption ....................................................................................... 6

5.4.1 Type of keys .......................................................................................................................................................................... 6

5.4.2 Flow for key generation and key usage ........................................................................................................ 6

5.4.3 Using multiple keys ....................................................................................................................................................... 8

5.4.4 Suspension of keys ......................................................................................................................................................... 8

5.5 Characteristics of digital assets held in DLT / blockchain systems ........................................................... 8

5.5.1 General...................................................................................................................................................................................... 8

5.5.2 Importance of signature keys ............................................................................................................................... 8

5.5.3 Diversity of implementations ............................................................................................................................... 9

5.5.4 Possibility of blockchain forks ............................................................................................................................. 9

5.5.5 Risks for unapproved transactions ...............................................................................................................10

6 Basic objectives of security management for digital asset custodians .....................................................11

7 Approaches to basic security controls ........................................................................................................................................11

8 Digital asset custodians’ risks .............................................................................................................................................................12

8.1 General ........................................................................................................................................................................................................12

8.2 Risks related to the system / platform of the digital asset custodian ..................................................12

8.2.1 General...................................................................................................................................................................................12

8.2.2 Signature key risks ......................................................................................................................................................13

8.2.3 Risks on asset data ......................................................................................................................................................16

8.2.4 Risks related to suspension of systems and operations .............................................................17

8.3 Risks from external factors ......... ...............................................................................................................................................17

8.3.1 General...................................................................................................................................................................................17

8.3.2 Risks related to the internet infrastructure and authentication infrastructure ....18

8.3.3 Risks inherent to digital asset DLT systems / blockchains .......................................................18

8.3.4 Risks arising from external reputation databases and anti-money-

laundering regulations ............................................................................................................................................19

9 Consideration on security controls of digital asset custodians ........................................................................20

9.1 General ........................................................................................................................................................................................................20

9.2 Basis for considerations about security management .......................................................................................20

9.3 Considerations about security controls on digital asset custodians .....................................................21

9.3.1 Guidelines for the information security management .................................................................21

9.3.2 Information security policies .............................................................................................................................21

9.3.3 Organization of information security..........................................................................................................21

9.3.4 Human resource security ......................................................................................................................................22

9.3.5 Asset management ......................................................................................................................................................22

9.3.6 Access control ..................................................................................................................................................................22

9.3.7 Security controls on signature keys .............................................................................................................24

9.3.8 Physical and environmental security ..........................................................................................................28

9.3.9 Operations security ....................................................................................................................................................28

9.3.10 Communications security .....................................................................................................................................30

9.3.11 Supplier relationships ..............................................................................................................................................32

© ISO 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/TR 23576:2020(E)

9.3.12 Information security incident management .........................................................................................32

9.3.13 Information security aspect of business continuity management ....................................32

9.3.14 Compliance ........................................................................................................................................................................33

9.4 Other digital asset custodian system specific issues — Advance notice to user for

maintenance ...........................................................................................................................................................................................34

Bibliography .............................................................................................................................................................................................................................35

iv © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TR 23576:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 307, Blockchain and distributed ledger

technologies.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/TR 23576:2020(E)
Introduction

A digital asset custodian holds customers' digital assets for safekeeping in order to minimize the risk

of their theft or loss. This document illustrates the security risks, threats, and measures which digital

asset custodians consider, design, and implement in order to protect the assets of their customers, based

on best practices, existing standards and research. For example, the management of signature keys for

digital assets requires special attention, taking into account the specific nature of blockchains and DLT

systems and the security challenges they face. A key topic discussed is the appropriate management of

signature keys by digital asset custodians in order to prevent misuse and transactions by unauthorized

individuals.
vi © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL REPORT ISO/TR 23576:2020(E)
Blockchain and distributed ledger technologies — Security
management of digital asset custodians
1 Scope
This document discusses the threats, risks, and controls related to:

— systems that provide digital asset custodian services and/or exchange services to their customers

(consumers and businesses) and management of security when an incident occurs;

— asset information (including the signature key of the digital asset) that a custodian of digital assets

manages.

This document is addressed to digital asset custodians that manage signature keys associated with

digital asset accounts. In such a case, certain specific recommendations apply.
The following is out of scope of this document:
— core security controls of blockchain and DLT systems;
— business risks of digital asset custodians;
— segregation of customer’s assets;
— governance and management issues.
2 Normative reference

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 22739, Blockchain and distributed ledger technologies — Vocabulary
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 22739 and the following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
digital asset custodian system

system that holds customers' digital assets for safekeeping in order to minimize the risk of their

theft or loss

Note 1 to entry: In this document, holding assets is considered in a broad sense, as it includes for instance, the case

of physically or digitally storing the assets, but also the case of holding the private keys associated with the assets,

or even the case of protecting access to the assets, like holding one of the keys protecting the access to the assets.

© ISO 2020 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO/TR 23576:2020(E)
3.2
cold wallet
cold storage

offline application or mechanism used to generate, manage, store, or use private and public keys

3.3
hot wallet
hot storage

online application or mechanism used to generate, manage, store, or use private and public keys

3.4
hardware wallet

wallet which leverages a hardware device (e.g. HSM) to generate, manage, store, or use private and

public keys
3.5
deterministic wallet

wallet in which multiple key pairs are derived from a single starting point known as a seed

3.6
hierarchical deterministic wallet

deterministic wallet (3.5) in which child key pairs are derived from the master key pair

Note 1 to entry: Descendant key pairs can be derived from the child key pairs, in a hierarchical manner, hence

the name of the wallet. Child key pairs can be used and shared without having to share the master key pair. It is

defined within Reference [7].
4 Abbreviated terms
AML anti-money laundering
API application programming interface
APT advanced persistent threat
CFT countering financing of terrorism
DLT distributed ledger technology
DNS domain name system
FATF Financial Action Task Force
FQDN fully qualified domain name
HSM hardware security module
SMS short message service
ISMS information security management system
ISP internet service provide
KYC know your customer
OS operating system
OWASP Open Web Application Security Project
PII personally identifiable information
2 © ISO 2020 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TR 23576:2020(E)
PKI public key infrastructure
PoW proof of work
TLS transport layer security
5 Basic description of a model of online system for digital asset custodianship
5.1 General

In this clause, an example implementation for an online digital asset custodian system is presented.

This model will then be used to explain the concepts and provisions in this document. However, it is

also worth noting that other types of custodian systems exist. For example, decentralized exchanges

(DEXs), have quite a different implementation compared to the one illustrated in Figure 1. Furthermore,

protocols like atomic swap and multisignature can be considered a type of custodian as well. Therefore,

although most of the content of this document applies to any kind of custodian, some of the risks and

potential controls discussed may or may not apply to other types of custodian systems.

5.2 Example of a system for digital asset custodians and its functional components

Figure 1 shows an example model for a digital asset custodian system.
Figure 1 — Basic example model of a digital asset custodian
Table 1 — Functional components of a digital asset custodian
Functional components Explanation

Interface (web application, APIs) Provides screen and input functions such as login, account management (deposit/

withdrawal) and trading for the customers (users). The most common interfaces
are web applications, APIs, and mobile apps.

Customer authentication function Performs user authentication for login purposes to the system.

Customer credential database Manages required IDs for login and verification information related to user au-

thentication process (e.g. password verification information).
© ISO 2020 – All rights reserved 3
---------------------- Page: 9 ----------------------
ISO/TR 23576:2020(E)
Table 1 (continued)
Functional components Explanation

Transfer validation function Verifies the granted permission to proceed to the transfer of digital data or assets

by the owner or co-owners when the transfer implies the validation of multiple

parties. For example, the use of multisignatures schemes to validate an authorized

outgoing transaction.

Customer assets management A group of functions which provide customer account management. For example,

function these functions perform deposits or withdrawals (output coins) and, more gen-

erally, other asset manipulation processes according to user instructions. The
functions provided may refer to or update asset data.

DLT / Blockchain node A node in a DLT / blockchain system, which communicates with its peers (i.e.

other nodes).

Incoming transaction manage- Verifies transactions stored in DLT / blockchain to confirm whether incoming

ment function assets refer to the specified addresses.
Updates the asset database according to the transaction retrieved from the DLT
/ blockchain.

Order processing function A group of functions for the management of sales instructions from customers.

The order processing function performs actions related to trading of digital assets.

This function refers to and updates asset data.

Assets database Manages the record of assets both for fiat currencies and digital assets. The asset

database does not include the signature keys for signing transactions. These are
managed separately from the assets for each customer.

Transaction Transaction Generates transactions to be sent to the DLT / blockchain based on instructions

signing mod- generator from the customer asset management function or the custodian’s operation function.

ules

Transaction Sends the signed transaction to the DLT / blockchain. Transactions are broadcasted

broadcaster to blockchain nodes through network protocols.

Transaction Generates digital signatures based on the instructed transaction contents using

signing func- the relevant signature key (i.e. IDs and addresses).
tion

Address Manages verification keys related to the signature keys, or to addresses (i.e. such

management as values calculated from the verification keys).
function

Signature key Manages the signature keys of the digital assets (i.e. the keys used for the sig-

management nature of the transactions). Signature keys may be stored in a cold wallet as a

function security measure.

Signature key Generates signature keys. The generated keys are registered in the signature key

generator management function, and the verification keys and addresses are registered in

the address management function.

Custodian operation functions A group of functions dedicated to the custodian's operators and/or administrators.

Administrator and operators can instruct the module to perform function such
as generating new signature keys or transfer digital assets.

Operator authentication function Authenticates the operators and administrators of the system.

Operator audit database Manages auditing data related to the authentication processes of operators and

administrators for the system.

The functional components described in Table 1 are intended to logically distinguish the various

functions within the system, and do not represent an actual architecture of such a system. As

an example, in a real-world implementation, the address management function would probably

be implemented using a database. Also, there are implementations in which multiple functional

components are packaged together. All the functional components of the transaction signature system

could be integrated within the customer asset management system, or they could be operating as a

separate system. Many implementations of Bitcoin wallets provide all functions for the transaction

signature system as a single atomic system. It is also possible to imagine some of these functions being

provided by an external “subcontractor” system, such as a remote server.
4 © ISO 2020 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/TR 23576:2020(E)
5.3 Examples of transactions
— Fiat currency deposit
a) The customer sends fiat currency to the custodian's bank account.

b) The custodian confirms the reception of the fiat currency transfer and updates its assets

database to reflect the customer’s asset status in relation to the transfer just received.

— Digital asset deposit

a) The customer transfers digital assets to an address specified by the custodian. The transfer

is performed by using the customer’s digital assets wallet (i.e. other custodian or web/app

wallet).

b) The custodian confirms that the digital assets have been transferred to the correct address

and updates its assets database to reflect the customer’s asset status in relation to the transfer

just received.
— Trading transaction

a) The customer accesses the interface made available by the custodian and instructs the system

to perform some actions (e.g. trading).

b) The instructions to perform an action are received by the custodian and are processed by the

custodian operations functions module. The result of the trade operations is processed by the

custodian operations functions module which updates the asset database accordingly.

— Customer digital asset withdrawal

a) The customer accesses the interface made available by the custodian and instructs the system

to transfer their digital assets to another address (i.e. output coins).

b) The instruction to output coins is processed by the customer assets management functions

module. The transaction generator creates a transaction message based on the received

instructions such as receiving address and the amount of digital assets to transfer.

c) The transaction message will be digitally signed by the transaction signing functions module.

d) The signed transaction message is delivered to all nodes on the DLT / blockchain by the

transaction broadcaster module.
— Internal transfer by operator or administrator

a) The administrator or operator instructs the system to transfer digital assets to another

address through the custodian operations functions module. For example, the digital assets

may be sent between addresses managed within the custodian.

b) The instructions to output coins are then processed by the custodian operations functions

module. The transaction generator creates a transaction message based on the received

instructions such as receiving address and the amount of digital assets to transfer.

c) The transaction message will be digitally signed by the transaction signing functions module.

d) The signed transaction message is delivered to all nodes on the DLT / blockchain by the

transaction broadcaster module.
© ISO 2020 – All rights reserved 5
---------------------- Page: 11 ----------------------
ISO/TR 23576:2020(E)
5.4 Description of keys used for signature and encryption
5.4.1 Type of keys

Table 2 describes the different types of keys which can be used for signature and encryption within a

digital asset custodian system.
Table 2 — Types of keys
Types Description

Signature key A signature key for signing transactions (for digital signature schemes standard-

ized in ISO/IEC 9796 (all parts) and ISO/IEC 14888 (all parts))

Verification key A public key for verification of transactions (for digital signature schemes

standardized in ISO/IEC 9796 (all parts) and ISO/IEC 14888 (all parts))

It is common practice in public blockchains to calculate addresses as unique values

derived from the verification key. In private DLT systems / blockchains this may
not be necessary

Encryption/decryption key for Secret key (symmetric key cryptography) used to keep signature key confidential

signature key / protected
Master seed A seed to generate a signature key in a deterministic wallet
5.4.2 Flow for key generation and key usage

Figure 2 shows a typical lifecycle for the different type of keys described in Table 2.

Figure 2 — Lifecycle of signature key, verification key and encryption/decryption key for

signature key
6 © ISO 2020 – All rights reserved
---------------------- Page: 12 ----------------------
ISO/TR 23576:2020(E)

After a pair of keys (signature and verification, hereafter "key pair") is generated, an address, which

will be used to receive transactions, is derived from the verification key. A sender will only need this

address to be able to transfer one or more assets to it.

A signature key is considered inactive, when it is stored in a manner in which it cannot directly be used

to sign (i.e. if it is encrypted). As an example, within the key management function module in Figure 1,

a signature key could be encrypted using a pass phrase, rendering it inactive. Decrypting the signature

key will return the key in an active state.

In the example model presented in Figure 1, the activation of a key is assumed to be executed within

the transaction signing function module. Activation and deactivation of keys are standard functions

provided by most wallets. The signature key is only needed when a transaction needs to be signed.

Therefore, these can be stored offline for increased security, until needed. On the other hand, verification

keys and addresses are stored online as they are needed more often for verification purposes.

Figure 3 — Lifecycle of the signature key, verification key and encryption/decryption key for

signature key in a deterministic wallet

A deterministic wallet uses a mechanism by which after generating one master seed, multiple signature

key pairs are derived from it. Figure 3 shows the lifecycle of the different types of keys within a

deterministic wallet. On the one hand, by backing up and restoring the master seed, all derived

signature key pairs can be recalculated. On the other hand, if the master seed is compromised (i.e.

stolen), all crypto assets which are managed by any of the derived keys (and related addresses) may

© ISO 2020 – All rights reserved 7
---------------------- Page: 13 ----------------------
ISO/TR 23576:2020(E)

be stolen as well. Also, if the master seed is lost, the derived signature key pairs cannot be recalculated

and access to the assets managed by these will be impossible.
An extension to the deterministic wallet model is provided by the hier
...

TECHNICAL ISO/TR
REPORT 23576
First edition
Blockchain and distributed ledger
technologies — Security management
of digital asset custodians
PROOF/ÉPREUVE
Reference number
ISO/TR 23576:2020(E)
ISO 2020
---------------------- Page: 1 ----------------------
ISO/TR 23576:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TR 23576:2020(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative reference ......................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Abbreviated terms .............................................................................................................................................................................................. 2

5 Basic description of a model of online system for digital asset custodianship ...................................3

5.1 General ........................................................................................................................................................................................................... 3

5.2 Example of a system for digital asset custodians and its functional components ........................ 3

5.3 Examples of transactions ............................................................................................................................................................... 5

5.4 Description of keys used for signature and encryption ....................................................................................... 6

5.4.1 Type of keys .......................................................................................................................................................................... 6

5.4.2 Flow for key generation and key usage ........................................................................................................ 6

5.4.3 Using multiple keys ....................................................................................................................................................... 8

5.4.4 Suspension of keys ......................................................................................................................................................... 8

5.5 Characteristics of digital assets held in DLT / blockchain systems ........................................................... 8

5.5.1 General...................................................................................................................................................................................... 8

5.5.2 Importance of signature keys ............................................................................................................................... 8

5.5.3 Diversity of implementations ............................................................................................................................... 9

5.5.4 Possibility of blockchain forks ............................................................................................................................. 9

5.5.5 Risks for unapproved transactions ...............................................................................................................10

6 Basic objectives of security management for digital asset custodians .....................................................11

7 Approaches to basic security controls ........................................................................................................................................11

8 Digital asset custodians’ risks .............................................................................................................................................................12

8.1 General ........................................................................................................................................................................................................12

8.2 Risks related to the system / platform of the digital asset custodian ..................................................12

8.2.1 General...................................................................................................................................................................................12

8.2.2 Signature key risks ......................................................................................................................................................13

8.2.3 Risks on asset data ......................................................................................................................................................16

8.2.4 Risks related to suspension of systems and operations .............................................................17

8.3 Risks from external factors ......... ...............................................................................................................................................17

8.3.1 General...................................................................................................................................................................................17

8.3.2 Risks related to the internet infrastructure and authentication infrastructure ....18

8.3.3 Risks inherent to digital asset DLT systems / blockchains .......................................................18

8.3.4 Risks arising from external reputation databases and anti-money-

laundering regulations ............................................................................................................................................19

9 Consideration on security controls of digital asset custodians ........................................................................20

9.1 General ........................................................................................................................................................................................................20

9.2 Basis for considerations about security management .......................................................................................20

9.3 Considerations about security controls on digital asset custodians .....................................................21

9.3.1 Guidelines for the information security management .................................................................21

9.3.2 Information security policies .............................................................................................................................21

9.3.3 Organization of information security..........................................................................................................21

9.3.4 Human resource security ......................................................................................................................................22

9.3.5 Asset management ......................................................................................................................................................22

9.3.6 Access control ..................................................................................................................................................................22

9.3.7 Security controls on signature keys .............................................................................................................24

9.3.8 Physical and environmental security ..........................................................................................................28

9.3.9 Operations security ....................................................................................................................................................28

9.3.10 Communications security .....................................................................................................................................30

9.3.11 Supplier relationships ..............................................................................................................................................32

© ISO 2020 – All rights reserved PROOF/ÉPREUVE iii
---------------------- Page: 3 ----------------------
ISO/TR 23576:2020(E)

9.3.12 Information security incident management .........................................................................................32

9.3.13 Information security aspect of business continuity management ....................................32

9.3.14 Compliance ........................................................................................................................................................................33

9.4 Other digital asset custodian system specific issues — Advance notice to user for

maintenance ...........................................................................................................................................................................................34

Bibliography .............................................................................................................................................................................................................................35

iv PROOF/ÉPREUVE © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TR 23576:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 307, Blockchain and distributed ledger

technologies.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved PROOF/ÉPREUVE v
---------------------- Page: 5 ----------------------
ISO/TR 23576:2020(E)
Introduction

A digital asset custodian holds customers' digital assets for safekeeping in order to minimize the risk

of their theft or loss. This document illustrates the security risks, threats, and measures which digital

asset custodians consider, design, and implement in order to protect the assets of their customers, based

on best practices, existing standards and research. For example, the management of signature keys for

digital assets requires special attention, taking into account the specific nature of blockchains and DLT

systems and the security challenges they face. A key topic discussed is the appropriate management of

signature keys by digital asset custodians in order to prevent misuse and transactions by unauthorized

individuals.
vi PROOF/ÉPREUVE © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL REPORT ISO/TR 23576:2020(E)
Blockchain and distributed ledger technologies — Security
management of digital asset custodians
1 Scope
This document discusses the threats, risks, and controls related to:

— systems that provide digital asset custodian services and/or exchange services to their customers

(consumers and businesses) and management of security when an incident occurs;

— asset information (including the signature key of the digital asset) that a custodian of digital assets

manages.

This document is addressed to digital asset custodians that manage signature keys associated with

digital asset accounts. In such a case, certain specific recommendations apply.
The following is out of scope of this document:
— core security controls of blockchain and DLT systems;
— business risks of digital asset custodians;
— segregation of customer’s assets;
— governance and management issues.
2 Normative reference

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 22739, Blockchain and distributed ledger technologies — Vocabulary
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 22739 and the

following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
digital asset custodian system

system that holds customers' digital assets for safekeeping in order to minimize the risk of their

theft or loss

Note 1 to entry: In this document, holding assets is considered in a broad sense, as it includes for instance, the case

of physically or digitally storing the assets, but also the case of holding the private keys associated with the assets,

or even the case of protecting access to the assets, like holding one of the keys protecting the access to the assets.

© ISO 2020 – All rights reserved PROOF/ÉPREUVE 1
---------------------- Page: 7 ----------------------
ISO/TR 23576:2020(E)
3.2
cold wallet
cold storage

offline application or mechanism used to generate, manage, store, or use private and public keys

3.3
hot wallet
hot storage

online application or mechanism used to generate, manage, store, or use private and public keys

3.4
hardware wallet

wallet which leverages a hardware device (e.g. HSM) to generate, manage, store, or use private and

public keys
3.5
deterministic wallet

wallet in which multiple key pairs are derived from a single starting point known as a seed

3.6
hierarchical deterministic wallet

deterministic wallet (3.5) in which child key pairs are derived from the master key pair

Note 1 to entry: Descendant key pairs can be derived from the child key pairs, in a hierarchical manner, hence

the name of the wallet. Child key pairs can be used and shared without having to share the master key pair. It is

defined within Reference [7].
4 Abbreviated terms
AML anti-money laundering
API application programming interface
APT advanced persistent threat
CFT countering financing of terrorism
DLT distributed ledger technology
DNS domain name system
FATF Financial Action Task Force
FQDN fully qualified domain name
HSM hardware security module
SMS short message service
ISMS information security management system
ISP internet service provide
KYC know your customer
OS operating system
OWASP Open Web Application Security Project
PII personally identifiable information
2 PROOF/ÉPREUVE © ISO 2020 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TR 23576:2020(E)
PKI public key infrastructure
PoW proof of work
TLS transport layer security
5 Basic description of a model of online system for digital asset custodianship
5.1 General

In this clause, an example implementation for an online digital asset custodian system is presented.

This model will then be used to explain the concepts and provisions in this document. However, it is

also worth noting that other types of custodian systems exist. For example, decentralized exchanges

(DEXs), have quite a different implementation compared to the one illustrated in Figure 1. Furthermore,

protocols like atomic swap and multisignature can be considered a type of custodian as well. Therefore,

although most of the content of this document applies to any kind of custodian, some of the risks and

potential controls discussed may or may not apply to other types of custodian systems.

5.2 Example of a system for digital asset custodians and its functional components

Figure 1 shows an example model for a digital asset custodian system.
Figure 1 — Basic example model of a digital asset custodian
Table 1 — Functional components of a digital asset custodian
Functional components Explanation

Interface (web application, APIs) Provides screen and input functions such as login, account management (deposit/

withdrawal) and trading for the customers (users). The most common interfaces
are web applications, APIs, and mobile apps.

Customer authentication function Performs user authentication for login purposes to the system.

Customer credential database Manages required IDs for login and verification information related to user au-

thentication process (e.g. password verification information).
© ISO 2020 – All rights reserved PROOF/ÉPREUVE 3
---------------------- Page: 9 ----------------------
ISO/TR 23576:2020(E)
Table 1 (continued)
Functional components Explanation

Transfer validation function Verifies the granted permission to proceed to the transfer of digital data or assets

by the owner or co-owners when the transfer implies the validation of multiple

parties. For example, the use of multisignatures schemes to validate an authorized

outgoing transaction.

Customer assets management A group of functions which provide customer account management. For example,

function these functions perform deposits or withdrawals (output coins) and, more gen-

erally, other asset manipulation processes according to user instructions. The
functions provided may refer to or update asset data.

DLT / Blockchain node A node in a DLT / blockchain system, which communicates with its peers (i.e.

other nodes).

Incoming transaction manage- Verifies transactions stored in DLT / blockchain to confirm whether incoming

ment function assets refer to the specified addresses.
Updates the asset database according to the transaction retrieved from the DLT
/ blockchain.

Order processing function A group of functions for the management of sales instructions from customers.

The order processing function performs actions related to trading of digital assets.

This function refers to and updates asset data.

Assets database Manages the record of assets both for fiat currencies and digital assets. The asset

database does not include the signature keys for signing transactions. These are
managed separately from the assets for each customer.

Transact ion Tr a n s a c t io n Generates transactions to be sent to the DLT / blockchain based on instructions

signing mod- generator from the customer asset management function or the custodian’s operation function.

ules

Tr a n s a c t io n Sends the signed transaction to the DLT / blockchain. Transactions are broadcasted

broadcaster to blockchain nodes through network protocols.

Tr a n s a c t io n Generates digital signatures based on the instructed transaction contents using

signing function the relevant signature key (i.e. IDs and addresses).

Address man- Manages verification keys related to the signature keys, or to addresses (i.e. such

agement func- as values calculated from the verification keys).
tion

Signature key Manages the signature keys of the digital assets (i.e. the keys used for the sig-

m a n a g ement nature of the transactions). Signature keys may be stored in a cold wallet as a

function security measure.

Signature key Generates signature keys. The generated keys are registered in the signature key

generator management function, and the verification keys and addresses are registered in

the address management function.

Custodian operation functions A group of functions dedicated to the custodian's operators and/or administrators.

Administrator and operators can instruct the module to perform function such
as generating new signature keys or transfer digital assets.

Operator authentication function Authenticates the operators and administrators of the system.

Operator audit database Manages auditing data related to the authentication processes of operators and

administrators for the system.

The functional components described in Table 1 are intended to logically distinguish the various

functions within the system, and do not represent an actual architecture of such a system. As

an example, in a real-world implementation, the address management function would probably

be implemented using a database. Also, there are implementations in which multiple functional

components are packaged together. All the functional components of the transaction signature system

could be integrated within the customer asset management system, or they could be operating as a

separate system. Many implementations of Bitcoin wallets provide all functions for the transaction

signature system as a single atomic system. It is also possible to imagine some of these functions being

provided by an external “subcontractor” system, such as a remote server.
4 PROOF/ÉPREUVE © ISO 2020 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/TR 23576:2020(E)
5.3 Examples of transactions
— Fiat currency deposit
a) The customer sends fiat currency to the custodian's bank account.

b) The custodian confirms the reception of the fiat currency transfer and updates its assets

database to reflect the customer’s asset status in relation to the transfer just received.

— Digital asset deposit

a) The customer transfers digital assets to an address specified by the custodian. The transfer

is performed by using the customer’s digital assets wallet (i.e. other custodian or web/app

wallet).

b) The custodian confirms that the digital assets have been transferred to the correct address

and updates its assets database to reflect the customer’s asset status in relation to the transfer

just received.
— Trading transaction

a) The customer accesses the interface made available by the custodian and instructs the system

to perform some actions (e.g. trading).

b) The instructions to perform an action are received by the custodian and are processed by the

custodian operations functions module. The result of the trade operations is processed by the

custodian operations functions module which updates the asset database accordingly.

— Customer digital asset withdrawal

a) The customer accesses the interface made available by the custodian and instructs the system

to transfer their digital assets to another address (i.e. output coins).

b) The instruction to output coins is processed by the customer assets management functions

module. The transaction generator creates a transaction message based on the received

instructions such as receiving address and the amount of digital assets to transfer.

c) The transaction message will be digitally signed by the transaction signing functions module.

d) The signed transaction message is delivered to all nodes on the DLT / blockchain by the

transaction broadcaster module.
— Internal transfer by operator or administrator

a) The administrator or operator instructs the system to transfer digital assets to another

address through the custodian operations functions module. For example, the digital assets

may be sent between addresses managed within the custodian.

b) The instructions to output coins are then processed by the custodian operations functions

module. The transaction generator creates a transaction message based on the received

instructions such as receiving address and the amount of digital assets to transfer.

c) The transaction message will be digitally signed by the transaction signing functions module.

d) The signed transaction message is delivered to all nodes on the DLT / blockchain by the

transaction broadcaster module.
© ISO 2020 – All rights reserved PROOF/ÉPREUVE 5
---------------------- Page: 11 ----------------------
ISO/TR 23576:2020(E)
5.4 Description of keys used for signature and encryption
5.4.1 Type of keys

Table 2 describes the different types of keys which can be used for signature and encryption within a

digital asset custodian system.
Table 2 — Types of keys
Types Description

Signature key A signature key for signing transactions (for digital signature schemes standard-

ized in ISO/IEC 9796 (all parts) and ISO/IEC 14888 (all parts))

Verification key A public key for verification of transactions (for digital signature schemes

standardized in ISO/IEC 9796 (all parts) and ISO/IEC 14888 (all parts))

It is common practice in public blockchains to calculate addresses as unique values

derived from the verification key. In private DLT systems / blockchains this may
not be necessary

Encryption/decryption key for Secret key (symmetric key cryptography) used to keep signature key confidential

signature key / protected
Master seed A seed to generate a signature key in a deterministic wallet
5.4.2 Flow for key generation and key usage

Figure 2 shows a typical lifecycle for the different type of keys described in Table 2.

Figure 2 — Lifecycle of signature key, verification key and encryption/decryption key for

signature key
6 PROOF/ÉPREUVE © ISO 2020 – All rights reserved
---------------------- Page: 12 ----------------------
ISO/TR 23576:2020(E)

After a pair of keys (signature and verification, hereafter "key pair") is generated, an address, which

will be used to receive transactions, is derived from the verification key. A sender will only need this

address to be able to transfer one or more assets to it.

A signature key is considered inactive, when it is stored in a manner in which it cannot directly be used

to sign (i.e. if it is encrypted). As an example, within the key management function module in Figure 1,

a signature key could be encrypted using a pass phrase, rendering it inactive. Decrypting the signature

key will return the key in an active state.

In the example model presented in Figure 1, the activation of a key is assumed to be executed within

the transaction signing function module. Activation and deactivation of keys are standard functions

provided by most wallets. The signature key is only needed when a transaction needs to be signed.

Therefore, these can be stored offline for increased security, until needed. On the other hand, verification

keys and addresses are stored online as they are needed more often for verification purposes.

Figure 3 — Lifecycle of the signature key, verification key and encryption/decryption key for

signature key in a deterministic wallet

A deterministic wallet uses a mechanism by which after generating one master seed, multiple signature

key pairs are derived from it. Figure 3 shows the lifecycle of the different types of keys within a

deterministic wallet. On the one hand, by backing up and restoring the master seed, all derived

signature key pairs can be recalculated. On the other hand, if the master seed is compromised (i.e.

stolen), all crypto assets which are managed by any of the derived keys (and related addresses) may

© ISO 2020 – All rights reserved PROOF/ÉPREUVE 7
---------------------- Page: 13 ----------------------
ISO/TR 23576:2020(E)
be stolen as well. Also, if the master seed is
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.