System Performance Analysis of ABIT — Secure, Efficient and Robust
ABIT.com is an international exchange established in Australia. It is officially certified by AUSTRAC, and has a full set of compliance qualifications. Since the platform launched the Beta version, it received enthusiastic response from the users and project teams around the world.
As an emerging exchange in the cryptocurrency trading industry, ABIT is driven by technology, and constantly polishes its technology and product details to satisfy the increasing user needs.
The ABIT technical team has been deeply delved into the field of digital asset derivatives for many years. In the past, it has provided full-site technical support for multiple exchanges, with accumulated safe running hours for the trading platforms and security products it has served exceeding 16000.
In order to ensure the rights and interests of customers and create the smoothest and most stable user experience, the ABIT technical team attaches great importance to the security, usability and efficiency of the platform. Here, this article will introduce some advantages and characteristics of ABIT in regards to its system performance.
For digital asset exchanges, asset security is the foundation of everything. Many international hacking teams or individuals have long been coveting the wallet system of digital asset platforms, and scandals of platform asset theft have also occurred repeatedly in the past few years. At the same time, the leakage or fraudulent use of user information is quite severe at this stage. Therefore, how to improve system security in all aspects is the primary task of all trading platforms. Since the very beginning, ABIT takes the system security as its first priority and is equipped with a comprehensive safety prevention and control system.
1) Tamper resistance
All business and records are tamper resistance. The risk service modules are independently deployed and operated, and the authenticity of business records is guaranteed.
2) Attack defense
a. DDoS attack defense
DDoS attack（Distributed Denial of Service）, refers to the attacker uses proxy servers to initiate a large number of “HTTP get” requests to the victim, mainly requesting dynamic webpages (often involve database access operations), causing database load and database connection pool load to be extremely high, and cannot respond to normal requests. Defense methods against DDoS attacks include:
Flow cleaning: Real-time monitoring of user request data, and detect abnormal traffic such as DOS attacks promptly. Once detected, clean these abnormal flow without affecting normal business operation.
CDN acceleration: The CDN service distributes website access traffic to each node, so that on one hand, the real IP of the website is hidden, on the other hand, even if a DDoS attack is encountered, the traffic can be distributed to each node to prevent the source site from crashing.
b. Penetration attack defense
Penetration attack is a systematic and progressive comprehensive attack method. Compared with ordinary network attacks, penetration attacks are more purposeful. In order to achieve system goals, they often use multiple methods such as remote overflow, ARP, Trojan horse attacks, password cracking, sniffing, and even deception. Their impact is often Worse. For the prevention of penetration attacks, ABIT mainly adopts the method of penetration testing, conducts security audit of the code based on the PHP source files on the official website, and regularly filters and validates the parameter values to prevent the attack from happening.
3) Hot and cold wallet isolation
For the wallet of digital currency, as long as the private key and public key are obtained at the same time, it is equivalent to obtaining the digital currency of the corresponding address. Therefore, it is particularly important to use the physical isolation method to put disconnection wallets into use. ABIT uses Hierarchical Deterministic Wallet and offline signature technology, and the machine storing the private key is never connected to the Internet, which eliminates hacker attacks from the source and guarantees the security of user property.
4) User behaviour perception
Collect and analyse big data for the behaviour of online users for the entire period of time. The team marks users with special operations and intercepts high-risk behaviours and malicious operations.
5) Prevention and control of mischief
Separation of power and responsibility: Separation of code, database, and backend authority. Multiple confirmation of sensitive operations.
6) Withdrawal prevention and control
Real-time monitoring and early warning of wallet fund security to limit problematic funds of withdrawing and fiat payment.
Although there are countless exchange platforms on the market, not many of them actually satisfy high usability from user level. To ensure that the system can provide a high level usability user experience in various scenarios, it requires the technical team and product team to work closely to grind every detail for a long time.
1) System robustness
The entire technical structure design is service-oriented. With decentralised micro-service clusters, it achieves its superior usability, load balancing performance, system security, robustness and scalability. There is no need to conduct down-time maintenance when new functions or versions are deploying, without direct disturbs on the user interface.
2) Disaster treatment
Since the trading platform involves the user’s personal assets, the technical emergency response capabilities are extremely important. A reliable exchange needs to ensure that important information such as user data and assets will not be affected in the event of sudden abnormalities in the system. This requires the full cooperation of sub-control technologies such as automatic backup, multiple server switching, and risk isolation. ABIT’s powerful system has complete disaster treatment capabilities. Automatic server switching and data backup will be triggered if any technical emergencies or natural disasters happen.
3) Real-time monitoring
ABIT has a mature monitoring system overseeing the overall performance of ABIT system, i including hardware, network, service (system health, performance index, visit volume and frequency, error reports, etc.), client end (errors, page performance, network, software and hardware environment), operation indicator (signup volume, visit volume, order volume, etc.). When abnormal signals are detected, corresponding responses will be triggered according to the risk rating, to address issues in time.
4) Multiple terminals
The first launching version of ABIT already supports English, Chinese (Traditional and Traditional), and Korean. Later on, it will support more languages step by step including Japanese, Vietnamese and other mainstream languages. In the hope of removing language barriers for users in different regions of the world to trade in an international platform. In addition, ABIT will also provide support for all client end applications, including WEB browser, H5 mobile browser, Android application, IOS application and PC client. Various platform terminals provide users with high convenience.
As the scale of an exchange continues to grow, its requirements for platform concurrency and matching efficiency will increase exponentially. Topics such as “how to ensure the platform operates stably and smoothly when a large number of users are online at the same time”, and “how to minimize order delays” are the core ones that have been discussed in the technical field for a long time. The order matching algorithms on ABIT adopts a full-link matching and requesting mechanism. The matching efficiency for spot trading has reached 200,000+ TPS/s while 10,000 TPS/s for contract trading matching. Meanwhile, our matching system, quotes system, order system and push system will all fulfil their RAM upgrade. The timing for the processing of the above requests will be at msec-class after the upgrade.
ABIT will launch the official 1.0 version system in May 2020. By then, the exchange performance and product richness will be further improved. The ABIT technical team will always maintain an endless pursuit towards enhancing system performance and user asset security, and will always adhere to the first line of providing users with the ultimate trading experience and asset safety.