This blog post is created to best analyze and explain the security of one of the most interesting crypto-currencies in 2017 – Ripple.
Ripple is a cryptocurrency like no other and its main goal is to attack and replace a bit more outdated financial transfer services such as SWIFT, which handle extremely large amounts on a daily basis globally. The company has been able to create a real-time gloss settlement system (RTGS) which is a specific network, built via a distributed open source internet protocol. It also has it’s own native cryptocurrency, called XRP, released back in 2012. The company’s main purpose is to create a real-time financial transaction technology which is cheap and most of all, secure. In this review, we will accent on the company’s main security features used within the network to outline the strengths and weaknesses of this crypto.
Why Is Ripple the World’s Third Largest Cryptocurrency?
The phenomenon of Cryptocurrencies, starting with Bitcoin has boomed in hundreds of alternative cryptocurrencies out there and all of them have a lot to offer for the years to come. What separates the leaders from the pack, however is not only when they entered the market, but also that they have created strong communities and developers who contribute to those community. However, unlike most cryptocurrencies, which are decentralized by nature, the management of Ripple and XRP is done by a clearly established company, which like any other company is well-structured, has clear goals, deadlines and a dedicated team that works around the clock to improve the technology.
And by clear objectives, we mean one of the most ambitious ones – to go straight where the money is moving and solve a major logistical issue – the delays during wire transfers. And while people have already developed many payment and transfer methods online, they do not have either the speed or the direct approach such as Ripple. One big key to Ripple’s success is that the cryptocurrency aims to transfer funds directly between banks. To put this in perspective, you can imagine that Bank A, located in Europe has to transfer 50 thousand U.S> dollars to bank C, located in South America. However, to perform transfers, banks have to exchange an equalizing amount of the currency of the transfer between each other in order to make it happen. And let us assume that bank C does not have the currency or relationship with bank A. In this case, the transfer happens via an intermediary bank, let’s call it Bank B. This process generally takes some time to happen and hence so is the transfer. What Ripple aims for is to directly perform the transfer from bank A to bank C in a matter of seconds, by converting the money into XRP and then making the transfer in this cryptocurrency, after which converting it again to the U.S. dollars being sent. This procedure has many benefits for both banks and the one who is doing the transfer, such as:
- Transaction of the funds in seconds.
- Much cheaper transaction fees.
This technology and mindset has made Ripple one of the key players in modern times, resulting in many banking and financial organizations to establish relationships in Ripple and the number is growing as you read this.
Ripple’s Security
The transactions performed over the ripple network are secured using a method that is not this uncommon anymore – encryption. In addition to this, the network adds security measures, such as:
- KeyPassX – offline password generator, requiring not just a passcode to unlock but a file used as a key.
- Stronger passwords which are at least 36 characters with different symbols.
- Each password symbol typed on the computer will be hidden, to prevent screen capturing.
- 2fa Google Authernticator for all Ripple accounts in order to safely store the ripples.
- Encrypted PGP e-mail account which is security-oriented and deviates from the mass-used Gmail, Yahoo or other well-known services.
Furthermore, besides using cryptography to secure a transaction, the guys at Ripple have also developed a system which regularly cross-checks the validity of those transactions. And while the transactions being performed are not smart contracts, like on the Ethereum network, they are completely transparent, allowing for experts to perform analysis of the network and hence become familiar with them.
This allowed for experts, such as Pedro Moreno-Sanchez and friends at Purdue University in West Lafayette, Indiana to study the open source code of the network and conclude how evolved it has become since it’s official launch 5 years ago. But the researchers were not only looking for improvements, since their main focus was on vulnerabilities as well.
For starters, one fact to consider is that by 2016, the Ripple network has had more than 100,000 wallets created, meaning it has grown a lot in the previous couple of years. During this, the structure of the cryptocurrency has maintained stability, without any major disruptions.
The researchers have also reported that some nodes in the Ripple network can act as intermediary ones, meaning they have the potential to hold actual funds in them, acting like online banks. In addition to this, the average user of ripple needs to provide different credentials, such as personal information in order to be linked to such gateway. And this is a good thing, because the community of Ripple is growing significantly, with Israel becoming the country with one of the biggest communities of Ripple out there.
But when we look at a security perspective, Moreno-Sanchez and team have established that small-sized networks could be potentially vulnerable to attacks, because the Ripple network always finds an alternative way to move a transaction via it’s network, even if one of the important “gateways” nodes is removed.
So can this be secure? To test the transactions via small networks, the researchers performed a simulation, where they simulated the removal of important nodes in the Ripple network, similar to what a financial event leading to those circumstances would occur. The results of the simulation was that removing those nodes would isolate the amount of Ripples stored within them, if they are already on those nodes, since they become offline, but not lost forever. According to the researchers this may result in approximately 50,000 wallets to be vulnerable to a disruption and the XRP’s in them are also at risk.
However, this is not a horror scenario, since there is a solution for it, the researchers say. According to them, this problem can be solved by interconnecting the wallets more and this should cope with those risks. And weaknesses are also good for Ripple as well, because they help identifying flaws that will enable them to further increase security. The company even has created a bug bounty program to provide bug hunters with an incentive to discover new risks on the Blockchain.
Conclusion
Ripple is a strong and stable company and has proven its stability in time. However, it is also open source and publicly available, so we can think of it as the Android of cryptocurrencies. And while it is centralized, there is a big push to decentralize the coin and begin applying it to our everyday lives. Nobody knows what the future holds for Ripple, but considering the reputation of banking and financial institutions all over the world that are already testing it, Ripple looks like a promising cryptocurrency to watch in the future, especially since it has evolved in both security and speed as well.
Ventsislav Krastev
Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.
Follow Me: