NRI Secure provides comprehensive support for companies to improve their Web3 business cybersecurity
*NRI Secure Technologies*
Press release: August 22, 2024
**
NRI Secure provides comprehensive support for companies to improve their Web3 business cybersecurity
*A lineup of 10 types of services including Web3 consulting, guideline provision, diagnosis, and solutions*
NRI Secure Technologies Co., Ltd. (hereinafter referred to as NRI Secure) provides comprehensive support for Web3 businesses using blockchain [i] and distributed ID technology [ii], from the
consideration stage to the start of operation. “Support” will start today. Through 10 types of related services, we present the security measures necessary to realize safe Web3 services and support the implementation of each measure required in each process.
*What is Web3*
Web3, which is currently attracting attention, refers to a distributed environment in which users maintain and manage their own information (data) and exchange that information among themselves. On the other hand, in the centralized Web 2.0 environment, data is maintained and managed by a company or organization’s platform, and is linked to users via that platform. Web3 was made possible by the advent of decentralized technologies such as blockchain. These days, these technologies are being incorporated into finance, digital art transactions, identity verification, and more.
Figure 1: Conceptual diagram of Web2.0 and Web3
As Web3 businesses become more widespread, there are deficiencies in blockchain implementation and operation, such as exploits of vulnerabilities in service specifications, vulnerabilities in smart contracts [iii], and deficiencies in private key management of wallets [iv]. Many incidents have been reported. For example, in the development of Web3 services, upstream It is even more important to avoid creating vulnerabilities in the process.
*Overview of “Web3 Security Comprehensive Support”*
While the number of companies working on Web3 businesses is
increasing, there are many cases where security measures taken in the Web2.0 environment are applied to the Web3 environment as is, and service development is proceeding without considering the viewpoints that should be considered in the Web3 environment. Web3 Security Comprehensive Support consists of 10 types of services, including not only consulting but also the provision of proprietary guidelines, security diagnosis, and solutions (see Figure 2). By providing these services according to each company’s situation, we provide
comprehensive support for improving the security level of Web3.
Figure 2: Overall picture of “Web3 Security Comprehensive Support” The outline of each service of Web3 Security Comprehensive Support is as follows. Please refer to the reference for a list of services. *1. Consulting for the upstream process of Web3 business (corresponds to 1. to 5. in Figure 2)*
By using “1. Web3 Security Governance Planning and Construction”, you can forecast security measures from the planning and consideration stage of Web3 business to the start of operation. Furthermore, in the planning and requirements definition process, “2. Web3 risk analysis” analyzes whether there are any vulnerabilities that could allow fraudulent activities in Web3 services, and “3. Web3 requirements definition support” includes key management and authentication. We support requirements definition and security design.
If you are considering introducing DID (distributed identifier) or VC (digital identity certificate), “4. DID/VC concept and design support” will provide related examples, technical research, and security evaluation support. I will. Furthermore, as part of “5. Governance for Web3 outsourcing/partners,” it is also possible to evaluate the safety of outsourcing companies and solutions used when developing Web3 services.
*2. Blockchain security guidelines/diagnosis (corresponding to 6. to 7. in Figure 2)*
“6. Blockchain Security Guidelines” utilizes knowledge based on many years of providing blockchain diagnostics to discuss security requirements related to private key management in smart contracts and custodial wallets [v], and provides various attack examples. This is a compilation of best practices. By assigning importance to the measures to be implemented in each development process, we efficiently support decisions that take into account the nature of the development system and business, the importance of the information to be protected, and the environment to be disclosed.
By using “7. Blockchain diagnosis (architecture evaluation, smart contract diagnosis)” in combination with the Web2.0 system guidelines [vi], you can achieve secure design and development of the entire Web3 system using blockchain. Masu.
*3. Web3 solution (Uni-ID Wallet Connector) (corresponds to 8. in Figure 2)* Decentralized ID is an architecture in which a digital identity certificate (VC) is stored in a “digital identity wallet” used on a smartphone, etc., and used for authentication and identity
confirmation of various services.
“8. Uni-ID Wallet Connector” is a service that allows you to It functions as a conversion connector that connects a federated ID management system in which there is a management entity called Provider (IdP) and a distributed ID management system. It is possible to implement VC issuance and verification functions in conjunction with digital identity wallets without making major modifications to existing systems, making it possible to quickly expand services that incorporate new technologies. Uni-ID
Wallet Connector is NRI Secure’s federated IdP solution “Uni-ID It can be used in combination with “Library” [vii], or it can be installed alone.
Figure 3: Image of inter-system connection using Uni-ID Wallet Connector *4. Web3 monitoring/operation support (corresponding to 9.~10. in Figure 2)* “9. Web3 Security Monitoring” includes “External Attack and Internal Fraud Detection” that supports the design and operation of blockchain monitoring for suspicious behavior in wallets and smart contracts used within the company. In addition to “blockchain monitoring for blockchain monitoring,” we also provide monitoring design and operation to check whether illegal activities such as money laundering are occurring in wallets provided by our company as anti-money laundering/counter-terrorism financing (AML/CFT) measures. We provide “blockchain monitoring for AML/CFT” that supports *Blockchain monitoring for AML/CFT is scheduled to be provided in 2024.
In addition, as part of “10. Web3 Security Operations,” we support SIRT operations through the formulation of response policies required in the event an incident occurs in Web3 services. In response to these Web3-specific issues, we can support the monitoring and operation that should be performed in the Web3 business, along with the conventional security monitoring and SIRT operation.
NRI Secure will continue to provide a variety of products and services that support information security measures for companies and organizations, contributing to the realization of a safe and secure information system environment and society.
[i] Blockchain: A technology for recording digital data on a decentralized network in a secure and tamper-resistant manner. [ii]
Decentralized ID technology: Distributed management of user identity information on a base registry such as blockchain, realizing self-sovereign identity without relying on a central authority. [iii] Smart contract: A system in which a program automatically executes a predetermined contract when an application for a
transaction that meets preset conditions occurs.
[iv]
Wallet: A system that acts as a virtual wallet for managing crypto assets and NFTs (non-fungible tokens) that are traded using blockchain technology.
[v] Custodial wallet: A wallet provider is the main entity managing the wallet, and the wallet’s private key is managed on the provider’s server.
[vi]
Web2.0 system guidelines: NRI Secure also provides security
development guidelines for web applications, smartphone applications, and IoT devices. Please refer to the following website for details. https://www.nri-secure.co.jp/service/assessment/guideline
[vii] Uni-ID
Libra: An integrated IAM solution for BtoC services developed and provided by NRI Secure. Please refer to the following website for details.
https://www.nri-secure.co.jp/service/solution/uni-id_libra
[Reference]
“Web3 Security Comprehensive Support” related service list
*Please see here for the URLs in the table.
6. Blockchain security guidelines
https://www.nri-secure.co.jp/service/assessment/guideline
7. Blockchain diagnosis
・Architecture evaluation
https://www.nri-secure.co.jp/service/assessment/blockchain
・Smart contract diagnosis
https://www.nri-secure.co.jp/service/assessment/blockchain_smartcontract 8. Introduction and construction of Web3 tools
・Uni-ID Wallet Connector
https://www.nri-secure.co.jp/service/solution/uni-id-wallet-connector ・Walletech https://www.nri.com/jp/news/info/cc/lst/2023/0803_1