Threat Model
CRYMBO's security architecture is designed to defend against the following threat categories.
Threat Categories
| Threat | Mitigation |
|---|---|
| Man-in-the-middle | TLS 1.3 for all communications; end-to-end encryption for PII |
| Unauthorized data access | Role-based access, jurisdiction scoping, all access audit-logged |
| Validator collusion | Quorum-based consensus; slashing for malicious behavior; stake requirements |
| Key compromise | Immediate key revocation; HSM-backed storage recommended; rotation policies |
| On-chain data exposure | No PII on-chain — only attestation hashes and signatures |
| Replay attacks | Nonce-based request validation; timestamp verification |
| DDoS | Rate limiting, CDN protection, auto-scaling infrastructure |
| Smart contract exploits | Formal verification; multi-sig admin controls; bug bounty program |
| Insider threat | Separation of duties; encrypted data; audit logging |
Security Testing
- Penetration testing — Conducted annually by independent security firm
- Bug bounty program — Public program for responsible disclosure
- Code audits — Smart contracts audited before mainnet deployment
- Continuous monitoring — 24/7 infrastructure and anomaly monitoring