# Neovestor Security Architecture ### **User Wallet Security** **Tool**: **Web3Auth** (MPC + MFA + Social Logins)\ **Objective**: Secure, user-friendly wallet creation and authentication. * **Seed Phrase-Free Design**: * Eliminates seed phrase vulnerabilities (e.g., phishing, loss) using **Multi-Party Computation (MPC)**. Private keys are split across devices/networks. * **Multi-Factor Authentication (MFA)**: * Requires **two or more factors** (e.g., Google Authenticator, biometrics, email) for wallet access. * **Social Logins**: * Users onboard via Google, Apple, or Discord, simplifying access while maintaining security. *** ### **Cold Storage & Asset Custody** **Tool**: **Ledger Enterprise**\ **Objective**: Protect institutional and user funds in offline vaults. * **Cold Vaults**: * 90%+ of assets stored offline in Ledger’s HSM (Hardware Security Module) devices. * **Multi-Signature Approvals**: * Critical withdrawals require **3/5** signers from geographically dispersed custodians. * **Audit Trails**: * All vault transactions logged on-chain and monitored in real time. *** ### **Treasury & Protocol Governance** **Tool**: **Squads Protocol** (Solana Multi-Sig)\ **Objective**: Secure management of protocol funds and upgrades. * **Multi-Signature Wallets**: * Treasury transactions require **3/5** approvals from core team and DAO delegates. * **Programmable Policies**: * Time-locked transactions for governance proposals (e.g., 72-hour delay before execution). * **Solana Integration**: * Native support for SPL tokens and seamless interaction with Solana programs. *** ### **Data Encryption & Network Security** **Tool**: **SSL/TLS with AES-256**\ **Objective**: Protect data in transit and at rest. * **End-to-End Encryption**: * All user data (KYC documents, transaction histories) encrypted with **AES-256**. * **SSL/TLS Certificates**: * Secure APIs and web interfaces with HTTPS and HSTS protocols. * **Key Management**: * AWS Key Management Service (KMS) for rotating encryption keys. *** ### **Cloud Infrastructure Security** **Tool**: **AWS Cloud**\ **Objective**: Enterprise-grade security for backend infrastructure. * **Network Security**: * VPC (Virtual Private Cloud) isolation, WAF (Web Application Firewall), and DDoS protection via AWS Shield. * **Access Control**: * **AWS IAM** with role-based permissions and MFA for admin accounts. * **Monitoring & Logging**: * **AWS CloudTrail** for audit trails and **GuardDuty** for threat detection. * **Disaster Recovery**: * Multi-region backups and automated failover via AWS S3 and RDS. *** ### **Security Workflow Integration** ```plaintext User Onboarding → Web3Auth (MPC/MFA) → AWS Cloud (Encrypted Data) ↓ Transaction Request → Squads Multi-Sig (3/5 Approval) ↓ Asset Movement → Ledger Cold Vault (Offline Storage) ``` *** ### **Risk Mitigation Alignment** | **Risk** | **Mitigation Tool** | **How It Works** | | ------------------- | --------------------------- | ------------------------------------------------ | | **Phishing/Theft** | Web3Auth (MPC + MFA) | No seed phrases; MFA blocks unauthorized access. | | **Insider Threats** | Squads Protocol (Multi-Sig) | Requires 3/5 approvals for treasury actions. | | **Data Breaches** | AWS KMS + AES-256 | Encrypts sensitive data end-to-end. | | **Exchange Hacks** | Ledger Cold Storage | Offline vaults prevent hot wallet exploits. | *** ### **Compliance & Audits** * **Third-Party Audits**: * Annual penetration testing of AWS infrastructure and smart contracts. * **Regulatory Compliance**: * GDPR-ready data encryption (AWS KMS) and FATF Travel Rule adherence. * **Transparency**: * Public audit reports and real-time dashboards for treasury balances. *** ### **Why This Stack?** * **User Experience**: Social logins and MPC eliminate seed phrase friction. * **Institutional Trust**: Ledger + Squads meet enterprise custody standards. * **Scalability**: AWS ensures global, low-latency access while maintaining security. *** **Audit Reports**: Available Soon