How to Reap the Benefits of Blockchain with the Security of HSM
By Sharon Rosa-Bohrer
Blockchain is intended to be highly secure because it’s allegedly an immutable distributed ledger technology that decentralizes data storage and protection. Connecting unrelated parties without middlemen, blockchain provides a historical record of all data and financial transactions. However, the promise of blockchain going mainstream and someday facilitating a universal payment network is compromised by the risk of data breaches that threaten servers and app vulnerabilities.
The top security concerns: protecting the “keys” for digital wallets and electronic signatures and the process that surrounds them. This is where HSMs (hardware security modules) come in.
The Risk of Blockchain Breaches
The cost implications of blockchain data breaches made headlines in January 2018 with the record-breaking $500M heist at Coincheck, a Japan-based currency exchange. Hackers had gained access to a single private key to unlock the digital wallet. This private key breach attack also occurred in the Parity (2017) and Bitfinex (2016) hacks as well. Clearly, protecting the keys becomes paramount. Encrypted data is only as secure as the keys used for the encryption. Once keys are compromised, so is the data.
Securing the “process” is also critical so that transactions cannot be modified. For example, in the “Mt. Gox” hack the signature was manipulated prior to the transaction closing. In this second-largest crypto-heist in history, also in Japan, hackers diverted $473M worth of Bitcoin by submitting code changes to the blockchain ledger before the initial transactions posted. This hack bankrupted the Mt. Gox exchange!
Once an asset is embedded into a blockchain, the only way to retrieve or move the asset is to possess the associated cryptographic key. The risk? Anyone who can obtain the key can monetize or exploit the asset instantly.
To keep private keys safe, most companies use digital wallets or multi-signature wallets. However, these options are more about convenience than security. Consequently, they are targets for hackers.
So, what can your business do to protect its blockchain transactions? Incorporate hardware security modules (HSMs).
What is an HSM?
An HSM is a crypto-processor that securely generates, protects and stores digital keys. Rather than storing keys on the server or in the software, which leaves them vulnerable to attack, the keys always stay within the secure HSM boundary. HSMs also use a certified, cryptographically secure random number generator to create keys that are superior quality to those generated by a typical computer system.
HSM is Critical to Blockchain Security
HSMs are used every day by banks who verify customer PINS to secure payment transactions at ATMs and POS terminals. Similarly, HSMs can be used to decrypt digital keys and protect blockchain ledgers and digital wallets. Digital signatures can also be captured via an HSM. Therefore, integrating HSMs with blockchain provides added security in two ways:
- Prevents risk to virtual attacks
- Deters physical theft by following government regulated physical security standards
By using an HSM, businesses have a dedicated hardware system to secure all keys and the process. Next, businesses must consider the rules for accessing the keys: control of key use and different levels of authentication as to how many and who has access. It is up to each company to determine the process for blockchain security and control based on its specific needs.
“Protecting private keys and processes are critical for effective and broad adoption of the technology in financial services.”
Blockchain: Does Security Matter?
“Blockchain technology has generated great interest among financial services organizations due to its ability to speed up transactions, cut costs and lower the risk of fraud,” explains Jose Diaz, Director, Payment Strategy at Thales eSecurity. “However, we need to learn from the breaches in cryptocurrency applications and address the critical issue of security with a strong root of trust. Protecting private keys and processes are critical for effective and broad adoption of the technology in financial services.”
Attendees at MPC 2018, will have the opportunity to hear Diaz present a Keynote on “Blockchain: Does Security Matter?”. Key takeaways of the sessions will be:
- An understanding of the main technology components that comprise a functioning blockchain implementation and their role in the security of the system.
- How to build appropriate levels of security into a blockchain implementation
- What kinds of questions to ask and which trade-offs need to be made when deciding to incorporate blockchain technology into their solution stack.
Register here for Mobile Payments Conference 2018 and Learn from the Best!
Hear MPC Speaker, Jose Diaz, Director, Payment Strategy at Thales eSecurity, present in his Keynote “Blockchain: Does Security Matter?” the challenges with blockchain security and how to incorporate blockchain best practices into your business. Thales eSecurity, part of Thales Group, is a leader in advanced data security solutions and services.
Mobile Payments Conference, August 22- 24, 2018 in Chicago brings together experts to discuss the latest in mobile payments, digital wallet, blockchain, cryptocurrency, cybersecurity, machine learning, artificial intelligence and more. See MPC 2018 Agenda and Speakers for more information. Register now!