When dealing with cryptocurrencies and blockchain applications, users and companies are directly or indirectly forced to deal with cryptography.
In doing so, it quickly becomes apparent that practical use entails a number of security and usability issues that differ from simple password-based authentication. The user must ensure that the keys required for security are simultaneously available, secure, and non-compromisable.
The list of blockchain security incidents that resulted in digital cryptocurrency theft is long. It is constantly growing, not only destroying public trust in cryptocurrencies and blockchain technology, but also ruining businesses, customers, and investors.
The main causes of these incidents are varied and often complex. However, most of these breaches could have been prevented or at least severely limited with a best-practice approach to security.
Best practice refers to what banks, telecommunications companies, and governments have relied on for decades in the use of cryptography and secure key management: secure hardware in the form of hardware security modules.
A hardware security module (HSM) is a physical system that protects and manages cryptographic keys and enables the secure execution of crypto operations.
Hardware security modules (HSMs) ensure:
- secure storage of (private) keys
- execution of cryptographic operations only within the HSM
- token-based multi-user authentication
- physical protection against attacks (tamper resistant)
- secure backup mechanism of the entire key material
HSMs have long been used in a wide variety of industries and sectors with high security requirements, such as finance (transactional business), healthcare (telematics infrastructure), and even energy (smart meters).
The only mission-critical industry that does not use HSMs so far is the blockchain industry. For reasons that cannot be explained, so-called hot wallets for cryptocurrencies are based on security architecture solutions that are built on standard hardware and thus cannot be certified according to common security standards for cryptographic components such as Common Criteria or FIPS 140-2.
Security for wallets/blockchain
A standard server architecture should be relied upon to manage private keys that cannot be revoked and whose compromise can lead to significant (crypto) currency theft.
Most wallets hold the vast majority of their assets in cold wallets. This means that the keys are always offline and therefore out of reach of hackers. However, to be able to use them, for example to trigger a cryptocurrency payout, they need hot wallets. These are controlled via APIs and receive commands to sign outgoing transactions. For this purpose, the keys need to be "online" and potentially compromise the cold keys. Therefore, they should be stored on a secure hardware security module.
The scenario in which hackers succeed in extracting keys from an HSM is extremely unlikely and requires extreme effort. These security modules are subject to regular certifications and are carefully tested. In addition, most exploits are limited to the misuse of the administrative interfaces, which in turn requires the misuse of multiuser authentication.
Hardware Security Modules minimize the risk of cryptocurrency assets from digital wallets being tampered with, stolen or lost many times over, as they have been specially developed for use and securing crypto applications. This is also continuously confirmed by certifications in accordance with recognized security standards such as Common Criteria or FIPS 140-2.
Blog post by Alfonso Concellón.