We are witnessing the rapid rise of blockchain technologies in many sectors: banks, transportation, automotive, the public sector, etc. Blockchain appears often as the universal panacea and the remedy to many problems and requirements.
Some examples of this are fighting against fraud and counterfeiting and providing trust in a digital economy. For this, blockchain technologies rely entirely on cryptographic operations like hashing and signatures. The difference with banks, blockchain makes relatively small use of symmetric cryptography (3-DES, AES, etc.)
In this article, we examine why Hardware Security Modules (HSMs) matter to blockchains and why blockchain systems can no longer afford not to use them.
The Danger of Not Using HSMs with Blockchain: Example Case with Public Cryptocurrencies
Since there is no standard for blockchains, it is impossible in principle to rule out any type of cryptographic system or algorithm. However, blockchains are always based on a variant of the ‘initial’ blockchain system developed by the Bitcoin cryptocurrency.
Blockchain per se is not using Public Key Infrastructure. However, its operation mode is not so different. This is where PKI withing a Blockchain environment becomes vital.
For instance, in the Bitcoin architecture, which is a public blockchain, users are provided with their own key pairs. The algorithm used is ECDSA (Elliptic Curve Digital Signature Algorithm) and the private keys are always 256 bits long.
In Bitcoin, it’s up to each user to generate a key and register to the Bitcoin. Once the registration is completed, the user is given a unique SHA-256 hash that serves as an ID for their account
Without using an HSM (or any equivalent device), the protocol is highly insecure. For example, anyone can offer software or online services for key creation with poorly designed random number generators.
Since the Bitcoin system (and most of the other public cryptocurrencies and token systems) is entirely anonymous, ownership of private keys equals ownership of the account (and of the corresponding amount of crypto money). There is no possibility in the ‘raw’ Bitcoin system to use passports or any credentials to restore or block Bitcoin funds. Therefore, any user using a computer or any unprotected electronic device to store his/her private key is using Bitcoin insecurely. This applies to any blockchain system.
In general, Bitcoin users and crypto token users can register with third-party financial services to generate keys on their behalf. Yet, the third-party service must securely generate and store the keys. With millions of wallets managed, competent and professional companies must use HSMs in combination with being compliant with standards such as the ANSI X9.24-1-2017, such as shared secrets, secure cryptographic devices, etc., for instance.
However, many cryptocurrency exchange online wallets do not use such systems and instead store the keys inside USB sticks that are stored in bank vaults, which is as insecure.
Regardless of this ‘cold storage’, online wallets must keep a copy of the private keys in order to spend the bitcoins, such as signing the transactions during the blockchain operations. Bitcoins are stored in the blockchain and associated with the hash of a given ECDSA private key.
If the hash or signature operation is performed solely in software-based systems, there is a great risk that the keys may be intercepted, tampered with, their destination address replaced, and that the amount will be fraudulently modified. Keys that are not properly managed might also be damaged or lost.
To illustrate these risks we state the following facts:
- About 20% of all bitcoins in the world are believed to be lost (private keys are lost). One estimate is that they would have a market value of around $20 billion at July 2018 prices;
- 150,000 ETHERS (the equivalent value of several million dollars) have been stolen by attackers that could guess badly generated Ethereum keys;
- There are many records of major thefts in exchange companies where attackers were insiders and stole thousands of unprotected private keys just by copying them over USB devices.
HSM and Permissioned Blockchains
Permissioned blockchains are ‘just starting’ when compared to cryptocurrencies that have already been active for over a decade.
Although their design is more business-oriented, they bear the same weaknesses as their public counterparts if HSMs are not used.
Corda Notary HSM support
In Corda, notaries nodes that act as critical trusted authorities for timestamping and/or consensus use three private keys that must be ideally stored inside HSMs:
- The distributed notary identity (shared between notaries) used for ‘notarization’ operations (e.g., signing transactions, etc.);
- The node certificate authority used for CA generation purposes and for TLS (messaging);
Corda supports the Utimaco SecurityServer Se Gen2 for storing the legal identity keys of nodes.
Hyperledger & HSMs
Hyperledger fabric supports HSMs.
When creating a blockchain network, keys can be generated inside an HSM using PKCS#11. HSMs are used to store Hyperledger Admin Certificate Authority (CA), Peer, and Orderer private keys as well.
Please refer to “The Key Role of HSMs in Secure Permissioned Blockchains for Banking and Payment Services” for a further explanation of why HSMs are important to permissioned blockchains.
Conclusion
Not using HSMs in a permissioned blockchain can result in the same damage that may occur with public cryptocurrencies, including stolen account keys being stolen or easily guessed. The security of the private keys guarantees the security of blockchain operations that are heavily dependent on asymmetric cryptography.
Many security breaches have occurred in the blockchain realm, and as the business grows, so does the desire for better and safer ways to connect with the blockchain. Blockchain HSM technology from Utimaco has been specifically designed for the protection of the blockchain system.
Blog post by Martin Rupp, Priyank Kumar and Dr. Ulrich Scholten
