• About Us
    • PRODUCTS

  • Blog
  • Contact

APRIL 6 2021

Hardware Security Modules Protect Blockchain

Blockchain is a technology that is already familiar to the whole world. Developed almost 30 years ago, now blockchain is finding applications in financial services, logistics, proof-of-concept systems, as well as sales and tracking of digital products. However, the use of blockchain comes with certain sensitive data protection risks that, if underestimated, can lead to huge losses for organizations. But today there are solutions that can guarantee cybersecurity of an unsurpassed level, based on the reliable and certified root of trust – Hardware Security Modules.

According to researchs, already in 2016, more than 15% of financial institutions actively used blockchain in their various implementations, and today the governments of many countries are planning or are already conducting a pilot implementation of their national digital currencies.

Risks and implications of blockchain and digital currencies

Despite the growth in the number and variety of applications, blockchain, like many other digital technologies, carries many risks, the incorrect assessment of which can lead to the most serious consequences, both for organizations and enterprises, and for customers and users. In particular, vulnerabilities in the cryptocurrency ecosystem include the inability to return stolen funds, partial or complete anonymity of users, and the absence of legal regulations on the protection of user data. There are many known incidents that resulted in tangible losses, in which intruders chose encryption keys for sensitive user data as a target, after taking possession of which they got access to cryptocurrency management and stole them.

In this way, in January 2018, cybercriminals committed a theft worth about half a billion dollars by attacking the crypto exchange Coincheck. Having sent out malicious code to employees using e-mail, the hackers found on the exchange servers a private key from the wallet, where the entire traded volume of one of the cryptocurrencies was stored. The funds were withdrawn through several transactions, and hundreds of thousands of users were affected by the hack.

 Another example was the hacking of the Parity. Company, whose private keys from users’ wallets were also stored on the company’s servers, encrypted with a set of owners’ keys. However, at the time of the transaction, the keys were decrypted in a vulnerable environment, which ultimately led to the theft of cryptocurrency from the company’s clients.

That is why the cryptocurrency market needs an enterprise-grade solution that can increase the security of storing customer keys to a bank-level

General purpose HSM - hardware protection of blockchain systems

One of the best practices for protecting sensitive user data is to use general purpose hardware security modules (HSMs). The physical and logical architecture of these modules ensures the protection of user data encryption keys throughout their life cycle from both external and insider threats (owners and administrators of such services), and also allows cryptographic operations within the HSM security boundaries, which brings the reliability of such systems to absolute.

Protecting digital assets with a general purpose HSM

An example of integrating hardware security modules into a cryptocurrency environment is the HSM Wallet project, which emerged as part of a comprehensive banking and cryptocurrency integration project. Since 2014, HSM Wallet has been providing customers with flexible solutions with high security requirements.

HSM Wallet is a server-side platform for managing cryptocurrency transactions. The platform provides a secure runtime by leveraging nShield Connect hardware security modules, FIPS 140-2 Level 3, USGv6 accreditation, eIDAS, Common Criteria EAL4 and more, to ensure that only authenticated users can access secure wallets with cryptocurrency.

HSM Wallet is designed in such a way that all confidential activities are performed inside a secure and trusted device – HSM. Client private keys can never be exported outside the keystore in an open format. This ensures maximum protection, including from employees and company administrators. In the event of a hardware failure, the backup module operating in the cluster can be automatically connected, or all keys can be restored from an encrypted format using encrypted master key components from smart cards of security officers.

At the moment, such an approach is the only completely reliable and safe for the implementation of the security of any blockchain systems, since it is based on a security scheme that has been improved for decades in traditional banking systems, while being much cheaper in implementation and operation.