When dealing with cryptocurrencies and blockchain applications, users and companies are directly or indirectly forced to deal with cryptography.
In doing so, it quickly becomes apparent that practical use entails a number of security and usability issues that differ from simple password-based authentication. The user must ensure that blockchain key management and the keys required for security are simultaneously available, secure, and non-compromisable.
The list of blockchain security incidents that resulted in digital cryptocurrency theft is long. It is constantly growing, not only destroying public trust in cryptocurrencies and blockchain technology, but also ruining businesses, customers, and investors.
The main causes of these incidents are varied and often complex. However, most of these breaches could have been prevented or at least severely limited with a best-practice approach to security.
Best practice refers to what banks, telecommunications companies, and governments have relied on for decades in the use of cryptography and secure key management: reliable and secure key generation and storage inside tamper-proof hardware security modules.
Hardware Security Modules (HSM)
A hardware security module (HSM) is a physical system that protects and manages cryptographic keys and enables the secure execution of crypto operations.
Hardware security modules (HSMs) ensure:
- blockchain key management - the secure storage of (private) keys
- execution of cryptographic operations only within the HSM
- token-based multi-user authentication
- physical protection against attacks (tamper resistant)
- secure backup mechanism of the entire key material
HSMs have long been used in a wide variety of industries and sectors with high security requirements, such as finance (transactional business), healthcare (telematics infrastructure), and even energy (smart meters).
They provide the necessary blockchain-specific algorithms while also increasing the security of blockchain processes, allowing the user to:
- access the blockchain by providing strong identities and authentication,
- secure fundamental blockchain technology,
- ensure secure communications within the blockchain network.
Security for wallets/blockchain
A standard server architecture should be relied upon to manage private keys that cannot be revoked and whose compromise can lead to significant (crypto) currency theft.
Most wallets hold the vast majority of their assets in cold wallets. This means that the keys are always offline and therefore out of reach of hackers. However, to be able to use them, for example to trigger a cryptocurrency payout, they need hot wallets. These are controlled via APIs and receive commands to sign outgoing transactions. For this purpose, the keys need to be "online" and potentially compromise the cold keys. Therefore, they should be stored on a secure hardware security module.
The scenario in which hackers succeed in extracting keys from an HSM is extremely unlikely and requires extreme effort. These security modules are subject to regular certifications and are carefully tested. In addition, most exploits are limited to the misuse of the administrative interfaces, which in turn requires the misuse of multiuser authentication.
Hardware Security Modules minimize the risk of cryptocurrency assets from digital wallets being tampered with, stolen or lost many times over, as they have been specially developed for use and securing crypto applications. This is also continuously confirmed by certifications in accordance with recognized security standards such as Common Criteria or FIPS 140-2.
As blockchain gains traction across an abundance of sectors, blockchain and cybersecurity become an ongoing requirement that should be implemented to better leverage the security opportunities of blockchain technology. The advantages of centralizing cryptography onto HSMs result in scalable, efficient and highly secure blockchain solutions.
Blog post by Alfonso Concellón.