By Olivier Boireau, CEO and Founder of Design SHIFT
Blockchain is transforming the way data is shared and value is transferred. However, there remain significant obstacles that must be overcome before blockchain is ready for mainstream adoption—most notably, security. How to protect both the cryptographic keys that allow access to the ledger and blockchain applications remain top concerns for any organization or individual interested in using blockchain to transact anything of significant value.
Many hail blockchain technology as a security innovation because it provides a trusted ledger, which shifts data storage and protection from a centralized to decentralized model. Trust comes from the process itself rather than from the status of any one participant. This allows two untrusted parties to efficiently record transactions in a verifiable, permanent way without using an intermediary.
While blockchain shows promises in its ability to support an endless number of innovative financial trading, payments, healthcare, government and other critical applications, recent high-profile breaches of blockchain exchanges show that blockchain participants and their access to the blockchain represent a security weakness that must be addressed before the technology can reach its full potential.
What is Blockchain?
Blockchain is a distributed ledger technology that provides a historical record of all transactions that have taken place across a peer-to-peer network. Best known as the technology behind Bitcoin cryptocurrency, blockchain takes records—such as proof of ownership, confirmed transactions and contracts—and stores them as “blocks.” New blocks are linked to previous blocks to form a linear and chronological “chain” of events.
Any new record is verified by consensus―meaning that various network participants, called “miners,” work together to verify the integrity of the data. Once verified by a majority of the miners, the block is stored in an encrypted and decentralized fashion across the network. This results in a system of record-keeping that is maintained solely by network participants.
Blockchain is revolutionary because it enables the creation and operation of a “trustless network.” Using blockchain, unrelated parties can transact with one another without pre-existing trust, middlemen, or supervisory authorities. In the case of Bitcoin, for instance, blockchain helps create new depository and transaction mechanisms that no longer rely on banks or other third-party intermediaries. This gives blockchain the power to disrupt existing financial systems and create a new financial architecture based on computer algorithms rather on interpersonal trust.
The power of blockchain to decentralize markets and undermine the control of existing middlemen has captured the imagination of Silicon Valley and Wall Street alike. Moving forward, blockchain isn’t just about disintermediating the middleman, but rather about solving problems or seizing opportunities that have eluded current systems.
Despite all the allure of blockchain, significant security challenges still remain. A recent Greenwich Associates survey underscores the importance of overcoming these security roadblocks—85% of survey respondents are concerned or very concerned that permissioned networks and centralized identity management systems are creating a big target for hackers.
Private Keys: The Keys to the Blockchain Kingdom
In blockchain applications, the digital asset and the means to protect it are combined in one token. Nobody can steal or copy the digital asset unless they have the secret code or “private key” that unlocks the cryptographic protection on the asset. However, storing private keys in software or on a piece of paper is the equivalent of leaving your house keys under the welcome mat.
While blockchain technology secures data in transit from place to place using cryptography, the private key becomes vulnerable to theft when it is stored or displayed at one end or the other—whether that be on a piece of paper, screen, disk, in memory or on the cloud.
To keep digital assets and private keys safe, most people currently use software called wallets or multi-signature wallets, but these solutions are driven more by convenience, than security. Hardware wallets, like Trezor or Keepkey, were designed to offer a higher level of private key security, but even these solutions are vulnerable to various hacks, including fault injections.
A fault injection attack is a procedure used to maliciously introduce an error in a computing device in order to alter the software execution. The goal of the fault injection can be to either (1) avoid the execution of an instruction or (2) corrupt the data the processor is working with. These techniques can be used to compromise the security of hardware wallets by bypassing security checks or leaking the private keys.
Once private keys are stolen, it does not matter how secure the blockchain itself is—anyone can monetize and exploit the asset and any malicious transfer of value is typically instantaneous and irreversible. Today, hackers commonly target online services that store the private keys for a large number of users or infect network participants with a malware that searches for private keys.
In August 2016, hackers stole $72 million worth of bitcoin from accounts at the Hong Kong cryptocurrency exchange Bitfinex. In the Bitfinex hack, at least two private keys stored in a multi-signature wallet hosted by BitGo were compromised. Public blockchain participants have lost millions of dollars as a result of compromised security systems.
Immutability: When Lies Become Truth
Whether executing smart contracts or trading cryptocurrencies, the digital assets that blockchains protect exist only in computer code. When stolen, it is possible for hackers to evade detection by rolling back the blockchain to a previous version of the code that existed before the hack. Basically, if more than half of the computers working as nodes to service the network tell a lie, the lie will become the truth.
This is exactly what happened with the Ethereum blockchain when an attacker tried to steal about $50M of the digital currency, Ether. Two other blockchains based on Ethereum, Krypton and Shift, suffered what are commonly referred to as 51% attacks in August 2016.
The attack works when hackers are able to compromise over half the nodes participating in the distributed ledger. In which case, they can prevent new transactions from gaining confirmations and halt transactions between some or all users. They also can reverse transactions that were completed while they were in control of the network, meaning they could double-spend coins if attacking a cryptocurrency blockchain.
Blockchains (like all distributed systems) are not so much resistant to bad actors as they are ‘anti-fragile’ – meaning, they respond to attacks and grow stronger. However, this requires a large network of users. If a blockchain is not a robust network with a widely distributed grid of nodes, it becomes more difficult to ensure the immutability of the ledger.
How to Protect Blockchains Against Hacks
Today, many security-conscious organizations rely on hardware security modules (HSMs) to safeguard and manage their digital keys. An HSM is a crypto-processor that securely generates, protects and stores keys. HSMs typically guarantee a level of regulatory assurance, in compliance with either the Federal Information Processing Standard (FIPS) certification or Common Criteria, an international standard—meaning that each device meets strict industrial-grade security control requirements.
HSMs are designed to protect potential access points in virtually any application that requires secure, verified digital signatures. People rely on the security provided by HSMs in their everyday life without even knowing it. HSMs housed in bank data centers verify PIN numbers every time a customer withdraw cash from an ATM and validate transactions at merchant POS terminals when consumers purchase goods.
Using HSMs to protect blockchain ledgers, digital wallets and applications against hacks can provide the trusted computing environment necessary to take full advantage of the blockchain protocol. To execute a successful attack, attackers would either need to have administrative privileges, access to data before it is encrypted, or physical access to the HSM(s), which makes the attack vector extremely difficult and unprofitable for a hacker. Fifty-eight percent of Greenwich Associates study participants agreed that HSMs are an essential part of addressing blockchain security concerns.
What Makes HSMs Virtually Impenetrable to Attacks?
It seems to be obvious that cryptographic operations must be performed in a trusted environment—meaning no possibility of exposure due to viruses, malware, exploits or unauthorized access. But an ordinary wallet mixes the access code, business-logic and cryptographic calls in one big application. This is a dangerous approach because an attacker can then use crafted data and vulnerabilities to access cryptographic material or steal keys.
HSMs are dedicated hardware systems specifically designed to store and manage private and public keys. The entire cryptography key lifecycle — from provisioning, managing, and storing to disposing or archiving the keys — occurs in the HSM. Digital signatures also may be captured via an HSM, and all access transactions are logged to create an audit trail.
An HSM is hardened against tampering or damage and may be located in a physically secure area of a data center to prevent unauthorized contact. The module may be embedded in other hardware, connected to a server as part of a network, or used as a standalone device offline.
An HSM is a trusted computing environment because it:
1. Is built on top of specialized hardware, which is well-tested and certified in special laboratories.
2. Has a security-focused OS.
3. Limits access via a network interface that is strictly controlled by internal rules.
4. Actively hides and protects cryptographic material.
Delivering Industrial-Grade Security to the Masses
Previously, HSMs were mainly used to protect digital assets and keys in institutional settings due to the high cost and complexity of solutions developed to meet the needs of large data centers. But recently a new category of personal computers has emerged that makes industrial-grade security available to the masses in a form factor that is affordable and easy to use.
This next-generation of ultra-secure PCs come with an embedded HSM and requires two factors of authentication (a key and a password) to make sure that unauthorized users cannot access the device. Additionally, the PC is protected against physical attacks with a tamper-proof casing and the private key is erased if any of the PCs physical or logical security controls are breached.
Using trusted computers in place of digital wallets and as blockchain nodes provides the missing link that will give security-conscious users and organizations assurance that no matter what blockchain application they choose, they have the means to protect digital assets using a turnkey solution that is virtually impenetrable.
Innovations in blockchain security will make the technology increasingly attractive – and usable – for a wider number of organizations and consumers. It is difficult to predict where blockchain technology is headed next, but it has all the makings of a truly disruptive technology.
About Olivier Boireau
Further to leading Design SHIFT, Olivier develops hardware and software design for POS, cameras, smartphones, netbooks, and consumer electronics devices. He specializes in defining wireless HW architecture, developing strategies for HW device design (ODM, Silicon Partners, SW platforms) and has received numerous industry awards for his innovations.