LINE, the platform that serves nearly 187 million users deal with a countless amount of private information and financial transactions every day. Sometimes the messengers can become good target for the hackers since they exchange a variety of information like sensitive private info, and credit score info, etc. At LINE, we value user information protection the utmost priority and our beliefs and philosophy are applied in designing and operating the system.
Graylab, the center of the information security
There are many information security-related teams in LINE. Especially the Graylab oversee the programming codes of services and products developed by LINE and troubleshoot/eliminate the security vulnerabilities. Since the security vulnerabilities can be found and misused by the others, prevention plans are very important. When security vulnerabilities are found outside the system, we quickly analyze the issue and come up with the proper resolutions to prevent the damages.
No matter how hard we try, it is nearly impossible to build a 100% secure system just with the works done within the company. So a lot of top-tier global IT companies are running ‘Bug Bounty Programs’ and LINE is one of the most actively engaging companies in Asia. Through the Bug Bounty Program, the company receives suggestions about the weaknesses found on its products/software from the outside security researchers, and reward the ones who made the suggestions once the suggestions are validated. Since the program encourages different perspectives from the 3rd party participants, it has advantages in diversity and a lot of companies that are running the Bounty Programs are appreciating the good effects off the program.
LINE’s endeavour to make the blockchain platform secure
Graylab is doing its best to build a safer blockchain platform. We have been engaging in the project since beginning of the LINK Chain and exchange system planning, and we review the designs, validate the system with code reviews, and also regularly run mock hacking. Especially, we cooperate with developers so that the SDL (Security Development Lifecycle) culture can be operated well.
The current version of LINK is built with an agreement algorithm adopting the PBFT deformation, a structure that can guarantee the integrity while quickly process the agreement. LINK has the security technology elements that meet the essential requirements of a Private Blockchain, and is also adopting and implementing various technologies for the future transition to a Public Blockchain. Agreement algorithm and governance policy are important in the blockchain field, however, validating if the blockchain is produced as planned is also important.
LINE’s strict security standard
LINE abides the strict standards related to blockchain services that each regulatory country demands. As the fintech business area is deemed a ‘basic industry’ in each country, the service business providers must protect the customers’ assets with a high responsibility. As mentioned earlier, everyone at the LINE’s Information Security team is dedicated to create a safer environment.
LINE’s Infra Security team is building a network with a high reliability to protect the customers and LINE’s assets from the outside intrusion. Also, in order to prevent the cyber attack, we run the all-time security monitoring and the pre-preventive maintenance once a suspicious sign is detected.
When developing and operating a service, a lot of tech and non-tech elements must be taken into consideration. The IT Compliance and Information Protection Legal Teams don’t just understand and apply each regulation, but create more intensified policies than the average for the customers. Also, through Risk Management, we detect and prevent the problems that may arise from the service operation.
Another important viewpoint in blockchain business in the customer’s perspective is the capability to steadily operate and develop the service. LINE has long been proactively investing in the blockchain ecosystem in a company-wide manner. Blockchain technology has been applied into several LINE’s platforms and we continue to build more of user-friendly blockchain services.
There are many outstanding and talented developers working at LINE corp. The Development Team has a proven record of development and maintenance with safe and steady platforms that hundreds of millions of people use every day. The key strength of the Development Team comes from the great cooperative spirit with Security Department like Graylab, which is a very rare spirit to find in other regular companies.
Security: The Simpler, The Safer
Cryptoasset is the very essential element of Blockchain that cannot be missed out in any cases. In most blockchain ecosystem, cryptoasset is the crucial element and the crypto exchanges are where the cryptoassets are dealt with. The crypto exchanges of these days had some entry barriers for the potential users. It was difficult for the users to get the necessary info, and there is also risks for the exchange hacks. Even if some users found the exchanges interesting and had the willingness to start investing, they had to face the entry barriers that come with difficult registration process, complicated purchase and cash back procedures.
LINE wants to resolve those issues. We are preparing for some convenient service features so that anyone can easily access the blockchain platform. We believe that we can bring seamless blockchain platform user experience that is no different from that of the currently available IT services through high service accessibility and usability, so even the users with no special knowledge in blockchain can use the services without trouble.
Security is the most highlighted feature for achieving our vision. Contrary to the prevailing belief of ‘the more complicated services can have higher safety,’ LINE’s security philosophy is “Simpler is Safer.” And in order to follow our philosophy, we are building delicate structures and policies behind the visible layer of the service building and maintenance.
Graylab’s security duties cover a wide range of services. For the Security Team, enhancing security of the LINK and BITBOX is surely one of the most highly complicated and demanding task. The reason we call the task particularly difficult comes from the characteristic of Blockchain. If the service is not completely ready in terms of the security, only one attack can lead into a massive asset leak and then turn into a substantial damage. And once damaged by an accident, it is nearly impossible to fully recover the system.
For instance, if a web board that can be commonly found on the Internet is hacked, the security manager can deal with the issue by removing the preexisting vulnerability and simply recovering the data. Another example can be the traditional finance field. When the financial system is hacked, the database can be recovered and it is relatively easier to track and find the attacker’s identity through the asset flow tracking. And that is why most attackers don’t target the financial systems.
Compared to the above examples, blockchain security is much more challenging. Nevertheless, there is definitely a way to make the blockchain system secure. To make it happen, we are doing the followings. First, we train the developers since they can be the main target for the attackers. We protect the developers from the outer attacks, and provide and suggest safe development environment. Second, we run regularly-held security training sessions for the employees so they themselves can have stern awareness on the security.
The Network security is configured so that critical systems cannot be accessed even when a particular individual’s computer is hacked, and an ‘integrity audit system’ has been established to monitor the system and manage the future records.
We compose a solid security policy. Even if there is an accident and some partial damages arise from it, we try to minimize the damage so that there is no caused effect on the customer asset. The security policies also make the business quickly recoverable in case of the accident as well. The assets are protected in a safe way since the technology reflects the industry standards, and we also follow a transparent procedure in terms of the security with the concept ‘the security through obscurity is not security.’
The LINK Chain and exchange module that did not go through the code review of the Security Team cannot be serviced to any user at any case. The Security Team also has a fully-equipped process from the pre-preventive step to post-action steps in regards to the security problems. Also, we also run a regularly-held permeation reality-like test that is nearly on the same level on the attack from a specialized hacker.
Working at Blockchain and blockchain-based exchanges requires a comprehensive knowledge in security since the technology itself is very complicated and the field’s nature makes blockchain a tempting target with its social issues and attacker’s interest. Thus, LINE values security the utmost priority and the system is overseen and protected by the specialized personnels at all times. Graylab will continue to strive for building a bright future of the blockchain and bringing the ‘WOW’ experience to the users.
Executive at LINE Plus corp.
Twitter : @beist
Seungjin Lee is the CEO at ‘Gray Hash,’ the former entity of ‘Graylab’ before the acquisition to LINE and also the lead at Graylab. Graylab consists of experts in security with average 10+ years of experience. The members at Graylab have experiences in winning awards in global hack competitions, presenting as speakers and working as judges at the world’s most respected security conferences. Also, in order to make a safer Internet environment, the members inspect the vulnerability of other companies’ products and help them to fix them with reports. With the so-called ‘White Hat Hacker’ activity, Graylab is interacting with communities and running Information Security Meetups in Taiwan and Japan.