What To Consider When Choosing Key Management Options For Enterprise Blockchain Projects
For the uninitiated, terms like key management, HSMs, hot-keys, and cold keys can make enterprise blockchain implementation seem more confusing than it is.
It’s helpful to think of key management as another type of password storage.
You probably have a multitude of passwords you use every day. Some are stored on a keychain provided by a browser or a third-party password manager. Others, you may have written down and placed somewhere safe.
No matter the storage method, if your passwords are compromised, so is the information they protect.
Key management is the same principle. The alphanumeric keys you use to access services or information on the blockchain are essentially just long, complex passwords. But they need to be protected as carefully as (or probably even more than) the passwords you use to log into accounts online.
I’ve been leading the key management strategy at Chronicled, and I think an explanation of the various options available would be beneficial to anyone looking into an enterprise blockchain project.
Here’s what I’ve found:
You have several options for keeping your keys secure.
The simplest option is known as a paper wallet.
Essentially, you write down the string of letters and numbers that make up your private key on a piece of paper and place it somewhere secure, like a safe deposit box. While it may seem oddly low-tech, remember that a paper wallet is completely offline. There’s no way for it to be hacked, which is an important consideration.
Another offline, yet electronic, option is storing your private key on a USB device. Again, the safest option while using a USB is to leave it in a bank or some secure location you feel confident it cannot be compromised.
But physical key storage isn’t the only method.
You can also store your private key within a software application such as a key management system. It’s similar to how Google or Amazon stores your password for you.
There are key management providers who will securely hold onto you key for you. They may actually be using some of the same methods mentioned in this article to secure it, but they’ll likely have much more robust security than the average company, as they’re focused only on that specific task.
Many people in the crypto space also choose to use a hardware security module (HSM), which is a specialized device that generates and stores private keys. These are often known as the most secure option for key management.
The private and public keys are generated by the hardware device, with the private key never leaving the device or being seen by anyone. These devices are expensive but are ideal for enterprise blockchain deployments because they provide hardware protection in addition to software for key generation and storage.
Choosing the right key management depends on your needs.
Not every company will need to use the same combination of key management tools, so there are several points to remember while making the decision.
For one, consider the tradeoff between convenience and security. The most convenient options that give immediate access, like plugging in a USB drive, are often the least secure. If you lose that USB drive, your private key and access to the system is gone for good. If it’s stolen and copied, your key will be compromised — perhaps without your knowledge.
The most secure options are, unfortunately, a bit slower.
Let’s say you’re the leader at a bank. To participate in a significant financial transaction, you may have to go through a lengthy process to access a key.
That process might involve multiple levels of approval resulting in a trip to a secure physical location somewhere outside the office that contains the key. This dedicated location would require strict identification procedures before you’re let in. Once inside, you use the key at that location to perform the transaction, and then leave the key there. Even the computer you use is dedicated to that one task in order to keep it safe from any viruses or malware. Every step along in the process is diligently logged.
Now, that hypothetical system sounds very secure, but it’s not very convenient for everyday use.
The decision will be based on each individual company’s needs, and there may even be multiple processes in place at one company.
For instance, a system with an average transaction of $500 may use one type of key management method that is relatively simple. Another system with an average transaction of $1,000,000 would use a different, more secure method.
After deciding on a key management system, it’s best to create a policy.
Whatever your choice, it’s imperative to create a policy that will keep your key safe — and give you recourse if it’s stolen or compromised.
First, eliminate single points of failure. Distribute trust and some of the risk so that if one provider is compromised, it doesn’t mean you’re completely out of luck. Using a mix of key management providers is one way to do this.
Also, remember to be wary that physical media can degrade over time. Paper is obviously sensitive to environmental conditions, but so is a USB or hard drive. It’s possible these fail after being used for long periods of time.
You should also check the keys often, just as an exercise, so you don’t forget the procedures for accessing them.
Additionally, you may want to use “key rotation.” This simply means that you change your keys periodically. It protects you if someone gets access to your keys because the damage is contained. Another software solution is to use multi-access smart contracts that require both cold keys and hot-keys. The hot-key is the operational key to access the blockchain, while the cold keys are stored separately and are used to revoke hot-keys and generate new hot-keys.
Every month, or at set times during the year, the hot-key can be revoked and a new one generated using the cold keys. This decreases the likelihood of a compromised hot key causing significant damage as it’s changed again and again over time.
Basically, you want to be ultra paranoid about how the system is accessed. As security experts say, always assume a breach will happen — no matter how secure your system is — and prepare to minimize the impact of that breach accordingly.
Key management doesn’t have to be confusing. If you want more information to help guide your decision-making, you can read through this guide from Coinbase that I found very helpful.
Thanks for reading!
Want to learn more? Get in touch with the Chronicled team here.
