Improving blockchain security with HSMs
Decentralization, immutability, security, and transparency are the primary advantages of blockchain. Blockchain technology enables verification without the requirement for dependency on third-parties. A blockchains data structure is append-only meaning that data can only be added to the blockchain in a time-ordered sequential order and, as a result, the data cannot be modified or erased.These combined advantages turn blockchains into a valuable asset to protect stored data from alienation or falsification.
Protecting keys is paramount to ensuring the robustness of a blockchain system. A successful blockchain system requires highly reliable methods of interfacing with strong key protection controls that can be achieved by use of HSMs to deliver the necessary scaling and agility a decentralized blockchain model requires. Some of the use cases are;
- Cryptocurrency & Wallets- storage and access of private keys used in crypto currency and blockchain systems. Track transaction signing, preventing a hacker from replacing or making new transactions.
- Smart Contracts- self-executing the terms of the contract through using strong authentication and storage of encryption keys ensures that parties are identified and data remains secure
- Smart IoT- enables cryptographic encryption for authentication and validation of data
Utimaco HSMs provide solutions that enable organizations to implement secure and resilient blockchain applications.
Business value
Protection of cryptographic material for the blockchain
- For the generation of private and public key pairs: Utimaco HSMs support the required blockchains-specific elliptic curves
- Provides strong identities and authentication, enabling access to the blockchain
- Provides the ability to digitally sign, verify and approve blockchain transactions, including smart contracts
- Provides secure storage for private keys
- Provides hierarchical deterministic wallet support assuring the ability to derive key pairs in a secure environment from a single key master
- Enables encryption and decryption
- Provides the ability to audit and monitor- tracking usage of keys offers an additional layer of security
Compliance for many industries
- The FIPS 140-2 L3 compliant Utimaco Block-safe HSM provides unrivaled key generation and protection for Blockchain specific elliptic curves.
- Protects and manages encryption keys needed for key derivation.
- Includes hash-based deterministic random number generator (DRG.4 acc. AIS 31), a true random number generator (PTG.2 acc. AIS 31)and a consensus model requiring M keys for digital signature before addition on the ledger
High Performance & Crypto Agile
- Built-in Post-Quantum safe Dual TRNG + PRNG entropy source, and NIST SP800-90 compliant RNG
- Asymmetric Key derivations including BIP-32, NIST SP800-108, ECDSA (NIST SP800-56A), DSA (ANSI X9.42)
- Fingerprint for public key address generation
- Consensus signing and verification using MultiSign
- SDK for customization by own developers involving sensitive code and IP
- Built-in support for several models for HA redundancy and performance scalability
- Role based access control (RBAC) with multi factor authentication for segregation of duties
- Up to 10,000 RSA or 6,000 ECDSA signing operations in bulk processing mode
Remote Access
- Remote Key Delivery- Supporting the remote distribution of keys to deployed (POI) terminals
Software Simulator included
Included simulator allowing for evaluation and integration testing to benchmark the best possible solution for each specific case
Deployment options
On Premise
- Useful for centralized use cases without a requirement of scalability or remote accessibility and existing legacy infrastructure
- Defined total cost of ownership
- Complete control on hardware and software, including configuration and upgrades
- Secured uptime in areas with insatiable internet connectivity
- Preferred choice in industry-segments where regulation imposes restrictions
In the Cloud
- Strategic architectural fit & risk management for your high value assets
- Provides flexibility, scalability and availability of HSM-as-a-service
- Ideal for a multi-cloud strategy, supporting multi-cloud deployments & allows for migration flexibility
- Allows you to seamlessly work with any Cloud Service Provider
- Easy-to-use remote management and on-site key ceremony service option
- Full control over data through encryption key life-cycle and key administration
- Secured data privacy through Bring-Your-Own-Key procedures