Points of Failure: Why HSMs Fall Short for Securing Digital Assets
When most cryptocurrency investors in the B2B space think of security, they think: hardware. Mostly cold wallets (not just for B2C, but also for exchanges and for a signer in a multi-sig scheme) — but also, possibly, Hardware Security Modules (HSMs) — today considered the most secure option for financial/fintech organizations for cryptographic key management.
For the uninitiated: an HSM is a physical computing device purpose-built for secure key storage and cryptoprocessing. Its purpose: to maintain key confidentiality. Operations can be made with keys, but the keys can’t be moved. While HSMs can be connected to a network, they can also be used in offline mode to protect wallets that are completely disconnected from the Internet, also known as “cold storage.”
Those familiar with the cold storage/hot storage debate know that in the eyes of the public, cold storage wins. The average crypto investor (B2C included) is likely familiar with the concept of a USB or even a paper wallet; the average conversation I’ve encountered on social revolves around the cold storage vs. multi-sig debate. Google trends data from the past 5 years reveals that while multi-sig has the most buzz, cold storage is more talked about than hot wallets; and cryptocurrency hardware searches, specifically, spiked around the beginning of the 2018 string of exchange breaches.
It’s little surprise, then, that for the traditional financial sector institution expanding into blockchain or cryptocurrency — and even for several crypto-native exchanges — HSMs are the usual choice.
Today, I’m going to explain why HSMs have several limitations for the blockchain key management use case — and what it has to do with the essential nature of money, and of the movement to make assets digital instead of physical.
Cryptocurrency: Not Your Average Key
Cryptocurrency and blockchain are game-changers for any industry which involves transactions. Before, keys provided access to the data or asset: e.g. a password to grant access to a bank account, a physical key to grant access to a physical safe deposit box.
However, cryptocurrency in particular is not only a digital form of money; it’s changing the nature of money — where the private key is the asset, and there are no do-overs once a transaction took place. One misuse of a key is enough to lose it all; the malicious actor does not even need to have the key in his/her possession.
This is why protection from malicious key usage is so vital to crypto asset security. And this is precisely why HSMs face limitations for cryptocurrency and blockchain transactions at scale.
HSMs: Security — Only to a Point
HSMs do keep keys confidential, in a safe physical location which is tamper resistant. But when it comes to undesired or malicious usage of the key, HSMs provide very limited controls.
HSMs do not typically provide mechanisms for detection of key misuse and have no quorum authorization structures for key usage in place (quorum authorization structures do exists in HSMs, however they’re typically applicable only to sensitive administrative operations and not for key usage). If an attacker compromises a system or application that has permissions to use keys in the HSM, or if a rogue insider abuses such permissions, they can sign fraudulent cryptocurrency transactions. One such signature is enough to empty all cryptocurrency in a specific address.
What all of this means, in practice, is that without robust usage controls in place, HSMs holding crypto-asset private keys, which only need to be used once to transfer ownership of potentially all funds in a wallet, have a vital vulnerability.
HSMs present unique challenges re: upgrades. Because the security is tied up in the hardware, it’s not a crypto-agile technology.
Updating HSMs to counter newfound vulnerabilities is both time-consuming and costly. In practice, upgrading an HSM may not only involve a firmware upgrade — but, in some cases, replacing the physical appliance itself. Either of these upgrades can take months to years, particularly for production systems.
From a business perspective, HSMs present a risk of being outdated due to the demands of a constantly changing cryptocurrency market and the rapid-fire growth and development of decentralized ledger technology (DLT) as a whole.
Let’s examine the latter point for a second. Security-wise, we know that a product must be kept up to date in order to remain secure. But as a business model, the success of a cryptocurrency provider rides on whether they can provide the most popular ledgers (at the very least) — and whether they can keep up with demands for transactions as their business grows.
HSMs are decidedly not ledger-agnostic, requiring customization to accommodate new curves — each curve supports a series of ledgers, so in the event of a curve update to a particular ledger, custom coding is needed to keep up with the upgrade. And while the average reader may be thinking that providing the Big 2–3 (Bitcoin, Ripple, Ethereum) — or specializing in a select few altcoins, as the situation warrants — may be enough to keep a solid user base moving forward, I have two words for you: Market volatility.
HSMs: Hard As…Hardware.
From a usability perspective, HSMs stand to lose out by the definition of their own inaccessibility and inflexibility. HSMs, when used as cold storage in the purest sense, requires physical access and manual input. (A connected HSM is a whole ‘nother issue.) Ergo, relying on a system which is difficult to automate and has limited upgrade capability is the kiss of death for an agile, lightning-fast, ultra-mobile society.
From an administrative perspective, dealing with HSMs and multi-sig combination to institute quorum approval structures for cryptocurrency transactions is doable, but highly expensive and difficult to manage. If an approval policy changes, if an approver changes, it’s not easy to make the change.
There’s a further scalability issue here: as an institution’s clients grow, so do the demands on the security system — and adding additional physical hardware components can get very costly, very fast. Or on the other end: if an exchange splits or downsizes, it will have hardware components to configure and/or remove — a waste of money, time, and resources.
In short: HSMs fall short because they are still hardware and pose the scalability issues of dedicated hardware. Thus, the TCO can quickly climb up in the highly dynamic cryptocurrency market.
MPC: The Next-Gen HSM Alternative
The next solution accepted today for crypto-asset security is multi-signature — a software-based, reasonably-flexible secure signing solution. We’ve explored the limits of multi-sig elsewhere.
The next-gen for security is multi-party computation (MPC) technology, a mathematically-based, flexible, scalable signing solution with a rock-hard cryptographic foundation that lives only in software.
With MPC-based solutions, keys are broken into multiple key shares placed in multiple endpoints and servers. Trust is distributed across the endpoints and servers, therefore reducing risk of hacking; multiple authorized approvers, each holding a key share, must approve the transaction for it to be signed.
Unbound Tech’s Crypto Asset Security Platform (CASP) goes a step further: it offers a cryptographic level of security equal to or better than hardware, and a range of features that tier-1 cryptocurrency service providers need to provide institutional-level security measures similar to fiat money. (If you want to learn more about MPC for blockchain and cryptocurrencies, click here .)
As we move to digital assets that fundamentally change the nature of money, financial institutions need new security mechanisms fit for these assets. An MPC-based approach to crypto-asset key management, as an alternative to traditional HSM-based security, offers advantages for both security and speed.
Have questions about MPC vs. HSM? Points we missed? Let us know in the comments below.