With the following article, we intend to shed light onto what our products — the HSMs — are, and what use-cases are evident for the blockchain economy. If you want to become part of the Securosys quest, sign up for the whitelist and updates on the dedicated ITO website here.
What is a HSM?
In a nutshell, a HSM is a vault for digital keys. It is a physical unit sitting in a rack that makes sure nothing stored on it ever leaves it or gets corrupted by an unauthorized party entering the vault.
A Hardware Security Module is paramount to generate and store passwords, certificates, and encryption keys. Instead of having this critical information just stored in a file on a network server, it is securely locked away in a HSM. Therefore even if the network is breached and files are accessed, the most critical information, i.e., passwords, certificates and encryption keys, remain protected. Moreover, it also controls who can access and use these keys.
In blockchain and crypto finance systems in particular, the protection of private keys is paramount as it corresponds to the actual assets. If that private key is lost the asset is gone forever. If that private key is stolen, whoever has the key is in total control of the asset (e.g., he can sell it).
Securosys built its first HSM for SIX, the company that runs the Swiss Stock Exchange. Hence, our standards for security were set at a very high level. With the advent of cryptocurrencies, as well as the cryptographic and technological underpinning of it — the blockchain — Securosys discovered a big demand for the same secure key handling they offer to banks in the new economy. In the following paragraph, we will present to you the use cases that will be our primary focus in the next development stage.
Use cases for Securosys’ HSMs in the blockchain and crypto economy
Mt. Gox, never again! Funds, Banks, Exchanges, Trading Platforms, and Wallet Providers
The first extremely prominent and probably still most largescale “hack” of a crypto exchange was the “Mt. Gox hack”. A total of 850,000 Bitcoin were stolen, of which 750,000 were taken from exchange users and about 100,000 from the exchange itself.
That accumulated to around 7% of the total Bitcoin in circulation back then, which would be worth approximately $5.5bn today. No user or exchange wants to experience a debacle like that ever again.
When you sign up to a stockbroker platform or your bank’s stock trading platform and buy Amazon shares to invest your savings, you would never even think that there might be a risk that someone could steal your shares and disappear for good. The same level of security and the same feeling of secure platforms is what is lacking on any cryptocurrency and crypto assets exchange today. However, that is ultimately the level of protection that customers demand from the services they use. This makes the mass adoption of these high standards a necessity for the blockchain economy.
Securosys HSMs can secure any keys used by an exchange, fund, bank exchange, or any other kind of financial intermediary, so that a hack like the notorious Mt. Gox scandal could not happen again.
The same is true for “centralized” wallets. For the everyday user, it is not necessarily user-friendly and practicable to keep their private keys in a safe place. Most of the well-known fiat gateways (platforms that offer to sell you Bitcoin and other cryptocurrencies for USD, EUR or CHF) offer wallets where the users can keep their cryptocurrencies. This setup is convenient, yet poses a significant risk at the same time. The centralized service saves the addresses of private keys where the users’ cryptocurrencies are held. The trade-off is always control and security versus convenience and usability. These centralized services have to avoid security breaches at all costs, as shown by the example above. Take Joe, an average user who wants to buy and hold, or maybe even use cryptocurrency. What he doesn’t want to care about is safe key-keeping, and he definitely doesn’t want to be worried by the horrible breaches he read about in the news.
Some might believe that this is only possible with a significant amount of trust. That is true. However, we firmly believe that trust can be established if the equipment used for security is trustworthy: “Secure your communications — Trust your equipment!“
Safe ICOs
The popularity of initial coin and token offerings as a crowdfunding, seed funding and public funding option has grown massively. In any case, it is paramount to protect the investors’ and the company’s assets in the best way possible. The theft of the ICO proceeds would be a catastrophic event for both the investors and the funding-stage companies, as they’d be at risk to a total loss in that case.
Aside from security, stability and reliability are crucial as well. Bottlenecks in funding rounds are to be avoided at all costs. A participant lost is money lost. Even worse are crashes of ICO platforms due to high demand or malicious attacks. For all these cases, Securosys HSMs can provide the necessary technical platform to guarantee smooth procedures, automation, and compliant operations while also keeping everything exceptionally secure.
There is a great probability that initial token offerings will evolve to the “IPO 2.0” (article by our advisor Michael Guzik). In that case, the compliance and security demands will rise to a level heretofore unseen in the blockchain economy. Securosys lives up to this high standard by preparing and manufacturing its products accordingly.
Securosys is involved with several parties that are developing such ICO platforms at the moment. They are trusted and highly experienced players in both the IT and the blockchain economy.
Blockchain platforms and systems
The actual blockchains also need secure key handling to guarantee the safety of their users’ assets. In Bitcoin, for example, off-chain signing systems like Lightning Network need protection. Proof of stake protocols require the validating parties to keep a large amount of their assets in their wallets. Keeping these funds or assets in a “hot wallet”, which is connected to the network and easily accessible, makes them vulnerable to attacks and theft attempts. The Securosys trusted execution platform (TEP) HSM creates a safe environment to run these PoS operations.
Miners, particularly large-scale mining operations, accumulate large amounts of funds that they don’t necessarily move or sell for extended periods of time. They too might want to secure their mining proceeds with top-notch secure solutions, which can easily be done by using Securosys HSMs to store their keys.
Securosys products
HSMs
Securosys currently offers three different families of HSMs:
- Primus HSM S500
- Primus HSM X-Series X200, X400, X700, X1000
- Primus HSM E-Series E20, E60, and E150
The Primus S500 is exclusively used in the Swiss Interbank Clearing System operated by SIX-SIC under the supervision of the Swiss National Bank (SNB). The Primus X-Series and E-Series HSM are generally available and can be used without any restrictions. When combined with the Decanus remote access device, visits to the data center can be avoided as most operations can be performed remotely without compromising security.
Using HSMs as a service
The Securosys Clouds HSM offers data security at minimal effort and cost for the user. It is a HSM offered and used as a service. This service will suit organizations that handle sensitive customer data and consider owning, operating, and maintaining a HSM as too burdensome or not a part of their key capabilities.
The HSM as a service is built on top of the Securosys Primus HSM. This very secure and high-performance Clouds HSM is located in and operated from Switzerland. This means the data is subject to Swiss data protection law, which is one of the strictest in the world.
The Clouds HSM service cluster is set up in two geo-redundant and dual-homed Swiss data centers. One is situated in the Zürich area, and the other one in the Swiss Alps in a former bunker of the Swiss Air Force. It is EMP secure underneath 1000m of solid rock, powered by green hydroelectric power.
Network Encryption Appliances
The Centurion encryption appliances secure broadband multi-site communications easily and cost-effectively. The built-in support of Ethernet and IP makes the devices ideal for all layer-2 and layer-3 carrier Ethernet, MPLS and IP networks in any configuration. It supports link, point-to-point, point-to-multipoint, or mesh networks. Neither network reconfiguration nor a sacrifice of performance is required. The mature and proven devices handle even the most complex network topologies with ease.
The Centurion is based on a platform of a vetted German partner and is enhanced with a Securosys true random number generator for key generation. The Centurion can perform the key management either itself or the Primus HSM can perform this task for it.
The following devices are available:
- Centurion H-Series H100M, H1G, H10G (100Mbit/s to 10Gbit/s)
- Centurion F-Series F40G, F100G (40Gbit/s to 100Gbit/s)
Conclusion
Securosys is the trusted partner for enterprise-grade key handling — for finance, FinTech, blockchain based projects, and cryptocurrencies. With our high performance, dedicated team specialized in hardware Securosys can serve a host of clients, ranging from those from the financial world to the ones working in the new blockchain economy.
If you want to become a part of our evolving business, sign up for updates about our upcoming security token offering. Click “TOKEN SALE” on the top left to sign up:
If you want more information on Securosys, please take a look at the following resources.
Website: https://ito.securosys.ch/
Whitepaper: https://ico.securosys.ch/downloads/Securosys_whitepaper.pdf
You can find all our social media links in the footer of this post — follow us for more updates!
