Autonomy KMS design

###### tags: `Autonomy` # Autonomy KMS ## Introduction The Key Management System (KMS) is a core service of the Autonomy app, a secure and user-friendly cryptocurrency wallet. The Autonomy app utilizes the HD Wallet model, following the BIP-44 standard, to derive a master seed that can generate multiple child wallets. Additionally, the app complies to the BIP-39 standard, allowing users to back up their seed as a recovery phrase and use with other wallets. This document aims to provide a comprehensive overview of the Key Management System within the Autonomy app. It will cover the functionality, security measures, and processes involved in managing cryptographic keys and securing user funds. By understanding the KMS, developers and stakeholders can gain insights into the technical aspects of the system and ensure its robustness, security and reliability. ## Key Management System Overview The Key Management System in the Autonomy app is responsible for generating, storing, and managing cryptographic keys used to secure user funds. It employs the HD Wallet model, based on the BIP-44 standard, to derive a master seed that can generate an unlimited number of child wallets. The system ensures that each child wallet has a unique address and corresponding private key. The KMS also supports the import of recovery phrases from external sources, enabling the management of multiple HD wallets. ## Recovery Phrase and Key Storage The Autonomy app provides multiple options for backing up and securing the HD wallet seeds. By default, the app employs a technique to store the HD wallet seeds on the iCloud Keychain (on iOS) and Blockstore (on Android). These storages offer end-to-end encryption per device at the operating system level, providing a secure environment for storing the wallet seeds. The use of iCloud Keychain and Blockstore leverages the security features offered by Apple and Google, respectively. Both platforms have undergone rigorous audits over the years, providing a balance between security and usability for the Autonomy app. Storing the wallet seeds in these encrypted storages eliminates the need for users to memorize recovery phrases or encryption passwords, enhancing the overall user experience. The users can also choose to get the recovery phrases out and import to other wallet applications. ``` User: - Device 1 - HD Wallet 1 - ETH - BTC - Tezos - HD Wallet 2 - ETH - BTC - Tezos - Device 2 - HD Wallet 1 - ETH - BTC - Tezos - HD Wallet 2 - ETH - BTC - Tezos ``` ## KMS and the public database The Autonomy app utilizes a public SQLite database to store derivation paths, associated addresses, and other metadata for each wallet. When a user queries the list of wallets in the app, the app looks at the public database first. The database stores the derivation paths, allowing the app to derive child wallets on-demand. The KMS interacts with the public database to retrieve the appropriate derivation path for deriving a child wallet. The KMS ensures that each child wallet has a unique address and corresponding private key, which are securely generated. The public database is stored on the cloudstorage (as database form), makes sure it will be synchronized among the devices within the same cloud account. Thus, the user can use the Autonomy app in any device as long as they are in the same cloud storage. ## Signing Process The signing process in the Autonomy app involves two parts: authentication and cryptographic signing. The authentication part is performed through the user interface (UI) and requires biometric authentication from the device. This ensures that only authorized users can initiate signing operations. Once authenticated, the app accesses the KMS to retrieve the child wallet associated with the user's request. The KMS provides the necessary cryptographic keys to perform the signing operation securely. The resulting signature is then used to verify and authorize the requested transaction. ## Design ### Flows ```mermaid sequenceDiagram actor User participant UI participant KMS participant Public Database rect rgb(191, 223, 255) note right of User: Generate a new wallet. User->>UI: Generate new wallet UI->>+KMS: GenerateWallet() KMS->>KMS: Generate master seed KMS-->>-UI: Master seed UI-->>+Public Database: Save wallet derivation path Public Database-->>-UI: Success end rect rgb(191, 223, 255) note right of User: Import a wallet. User->>UI: Import wallet UI->>+KMS: ImportWallet(recoveryPhrase) KMS->>KMS: Verify and import recovery phrase KMS-->>-UI: Success UI-->>+Public Database: Save wallet derivation path Public Database-->>-UI: Success end rect rgb(200, 150, 255) note right of User: Sign a message or transaction. User->>+UI: Go to address list UI->>+Public Database: Child wallets' address list Public Database-->>-UI: Address list UI-->>-User: Present address list User->>UI: Pick an address (child wallet) to Sign a transaction UI->>+KMS: GetWallet(walletId) KMS->>+Public Database: Retrieve derivation path Public Database-->>-KMS: Derivation path KMS-->>-UI: Child wallet UI->>UI: Prompt for transaction details UI->>+User: Biometric authentication User-->>-UI: Authenticated UI->>+KMS: SignTransaction(childWallet, transactionDetails) KMS->>KMS: Perform cryptographic signing KMS-->>-UI: Transaction signature end ``` ### Components interaction ```mermaid graph LR UI -- Generates --> KMS UI -- Imports --> KMS KMS -- Saves derivation paths to --> PublicDatabase UI -- Requests signing --> KMS KMS -- Retrieves derivation paths--> PublicDatabase KMS -- Signs transaction --> UI UI -- List of addresses --> PublicDatabase ``` ## Security Measures The Autonomy app's Key Management System (KMS) incorporates several security measures to ensure the safety of user funds and data while adhering to industry standards and leveraging trusted platforms. The following security measures are implemented: ### 1. Compliance with BIP Standards: The KMS follows the BIP standards, including BIP-32, BIP-44, and BIP-39. These standards are widely used in popular wallets and have undergone extensive review and testing. By complying to these standards, the Autonomy app ensures compatibility and industry best practices for key management. ### 2. Utilization of iOS's iCloud Keychain and Android's Blockstore: The Autonomy app leverages the robust security features offered by Apple's iCloud Keychain (on iOS) and Google's Blockstore (on Android). These secure key storage solutions have been in production for years and have undergone rigorous security audits. By utilizing these trusted platforms, the app benefits from end-to-end encryption per device at the operating system level, enhancing the security of stored wallet seeds. ### 3. Secure Public Database: The public database, which stores derivation paths and wallet addresses, is designed with security in mind. It only exposes the necessary information, such as derivation paths and addresses, minimizing the exposure of sensitive data. The public database is stored locally on the user's device and synchronized over the user's cloud storage, which is also end-to-end encrypted (depends on platform). This ensures that the database remains protected from unauthorized access. ### 4. Isolation of the KMS: The KMS module is implemented in a separate, isolated process from the main application. This isolation minimizes the risk of memory sharing with the main app, reducing the possibility of private keys being intercepted by components in the UI. By maintaining separation and isolation, the KMS strengthens the security posture of the app and mitigates potential threats to private keys. These security measures collectively enhance the overall security of the Autonomy app's Key Management System, ensuring the protection of user funds, adherence to industry standards, and the utilization of trusted and audited platforms. By following these practices, the Autonomy app provides a secure and reliable environment for managing and utilizing cryptographic keys.