As a security consultant for blockchain projects at Orbs, one of the recurring concerns I hear from customers is how to protect the private keys of their hot and cold wallets.
A hardware security module (HSM) is a tradition security solution which manages digital keys and is been used widely in PKI environments and in the financial sector.
At first glance, using of a HSM might be the perfect solution for blockchain-based solutions. The HSM generates key pairs, has secure storage, and can off-load cryptographic operations from the entire system.
In a series of stories, I will try to answer this hypothesis, by describing authentic use-cases, analysis of the market offering, code examples and a forecast for the future.
What exactly is an HSM?
A HSM is a physical device or a cloud service that safeguards and manages digital keys — facilitating encryption, decryption, signing, verification. The motivation behind HSM is to provide a safe environment to interact with a private key. Without this environment, the key is at risk of being exposed. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.
A HSM is a cryptography device responsible to govern the entire life cycle of private keys. This life cycle includes generation, distribution, rotation, storage, destruction and archiving. It is specifically designed and built to create a tamper-resistant secure environment for cryptographic operations which is fast and secure — without compromising the secret keys it contains .
How are they used today?
Today, HSM devices are primarily used by the retail banking industry to provide high levels of protection for cryptographic keys and customer PINs used during the issuance of magnetic stripe and EMV chip cards — and the subsequent processing of credit and debit card payment transactions.
The focus is usually on hot wallets’ private keys because these have online real-time interactions. Exposure of private keys can be the doomsday for a blockchain project. When a threat actor has access to the private keys, it is usually a game over. This can be either a professional hacker, a script kiddie, or even an insider that could misuse the funds of an organization. On these instances, HSM can be a fantastic security ally for private key management — something with is at the top of everyone’s mind in the blockchain community.
HSM is built on top of specialized hardware and has a security-focused OS. It has a limited monitored access channel and implements a role-separation mechanism for operation and administration of the device. The main supported cryptographic operations are true random number generation (TRNG), symmetric and asymmetric key generation, hash functions computations, encryption and decryption, and signing and signature verification. The HSM generates key pairs, has secure storage, and can off-load cryptographic operations from the entire system.
How could they protect blockchain wallets?
The address of an account in the blockchain is usually derived from the value of a public key. This public key has a correspondent private key, and this key-pair apply the rules specified by the blockchain such as length and encoding schemes. The generation of such key-pairs should take into consideration several fundamentals aspects such as true randomness source, generation algorithm & environment, distribution process, and others.
Blockchain solutions usually store hot wallets’ private keys at databases, local files, often encrypted but sometimes as plaintext, or even as plaintext at public Github repositories — which is a very bad idea. In these architectures, a security breach or a developer mistake might result in exposure of the private keys.
How can HSMs be used to improve blockchain security?
There are many ways in which HSM devices can be used in blockchain, leveraging this established hardware technology to protect keys. After all, this emerging industry needs more and better solutions to protect currencies and mitigate risks of theft, hacks, or security breaches.
Below, I’m outlining six potential uses of HSM hardware to foster security in blockchain:
- Generation of private and public key pairs: the HSM needs to support the blockchains specific elliptic curves, Bitcoin and Ethereum blockchain uses Secp256k1 elliptic curve, Stellar uses Ed25519.
- Secure storage for private keys : Elementary but important to keep in mind. Your private key(s) must remain secure and private — just like you would keep your credit card’s PIN number guarded. Failing to do so could lead to disastrous consequences. Your private keys unlock access to something that it’s yours. From access to your funds or your employees’ identities. Protecting your private keys equates to protecting your fingerprints when using biometric credentials.
- Sign and verify transaction : send valid transactions to the blockchain by signing them and verify transactions whenever needed. This is a common use case of HSM in the banking industry, where people connect their devices to their account in order to approve a transaction.
- Hierarchical deterministic wallet support : Ability to derive key-pairs in a secure environment from a single key master according to BIP32.
- Encrypt, decrypt and use keys records from key databases : Solutions which maintain a significant number of keys need to use key databases to store these keys. The HSM can receive an encrypted key and use it within the secure environment to use it.
- Logging : Track usage of keys in a way that is more robust than normal logging. Being able to audit and monitor how and when keys are used can offer an additional layer of security.
There are many security breaches in the blockchain space, and as the industry grows so does the demand for better and safer ways to interact with the blockchain. From making secure crypto transfer to sharing confidential corporate data, security will remain at the top of the agenda.
Banks and other institutions have been wrestling with this type of challenges for decades and it is important for the blockchain community to embrace tried and tested solutions such as HSM, which might be crucial in helping blockchain evolve and mature.