When it comes to the professional safekeeping of crypto values (custody solutions), a comprehensive security concept is indispensable. A guest article on the secure storage of crypto currencies by Dr. Robert Rogenmoser.
Principles of the analogue world also apply in the digital environment
Where can I keep my money safe? The simple answers – under the mattress, in a vault, or at the bank – unfortunately don’t apply when talking about Bitcoin and other crypto currencies. This digital money is created by means of cryptographic processes. These processes determine the account number (called address or public key) and allow access to the corresponding account, while the blockchain corresponds to the account management and the bank ledger. So how can I tell if my digital money is secure?
The principles of the analog world with its “Fiat” money also apply in a digital environment. You can easily carry around small amounts or store them on your own, for example, in your smartphone. Larger reserves, however, require more sophisticated security. The effort required to keep them safe is considerable, especially for a layperson, which is why it makes sense to commission an intermediary, like a bank, as the custodian.
Challenges in the institutional custody of digital assets
For banks that want to act as custodians for crypto currencies, tokens, or the like, completely new requirements arise. The quandary is that while the private key must never be copied or used illegally under any circumstances, it must also never be lost. Both requirements have to be taken into account. Some solutions are simply useless in an automated environment. Familiar old-school methods, such as saving the private key on a USB stick or printing it out on paper, aren’t suitable for banking. We need methods and processes that are scalable and have guaranteed reliability so that the private keys aren’t lost. Their storage must be geo-redundant, which will ultimately provide even better protection than what is possible for physical items such as gold. Above all, the security priority must be the protection of the private keys, which can be equated to access to the accounts. Unlike in the old Fiat world, transactions and payments can’t simply be reversed. Anyone who has access to the private key also has a way to anonymously retrieve the values stored on the blockchain. The risk of misappropriation thus increases by multitudes.
“The danger of embezzlement increases many times over with crypto currencies.”
As is always the case with problems affecting people’s assets, there are many providers offering solutions – the same applies to the crypto-custody environment. While basically anything is better than paper and USB sticks, and most of the offers out there grant a decent resolution, the security differences between providers are tremendous.
Hardware Security Modules (HSM) are used to protect payment transactions in the traditional Fiat banking world. They should also be used with crypto currencies, as they were specifically developed for the use and protection of private keys.
Hardware Security Modules (HSM) offer high security standard
The providers of crypto-custody solutions can be divided into three groups: those that forgo HSMs altogether, those that use programmable HSMs, and those that use an HSM that inherently offers the necessary additional functions required for the secure management of digital assets (like multi-authentication).
Why would one eschew the protection of HSMs? With the rise of crypto currencies, new solution providers rushed to flood the market with a Minimum Viable Product (MVP). This MVP is offered on a server in the cloud or, for better security, in a hardened server. In both cases, countless attack vectors open up access to the private keys. The private keys are stored somewhere in the file system that every program can access. In the current IT thread situation, where one assumes that attackers are already inside the network, such a solution is completely inadequate: the private keys simply aren’t secure. Hardened servers are very well suited to protect critical programs during execution, but are clearly insufficient for storing private keys.
“Only HSMs with inherent multi-authentication offer secure protection for cryptocurrencies –
the idea that private keys stored on servers or programmable HSMs are safe is a sham.”
A series of cryptographic protocols, known as Multi-Party Computation (MPC), has been used in an attempt to improve the situation. The private keys are split and stored on multiple servers. However, the security services available on the market today don’t even reach the MVP standard. They simply store these divided key parts in the file system, deprived of a dedicated HSM’s protection. MPC only provide marginally better protection than hardened servers, yet require a much greater effort to implement and complicate operations.
In some respects, the use of programmable HSMs is even worse. It creates the illusion of the safety that would be established by a dedicated HSM. However, by being able to install programs on the HSM system, security falls back to the level of a hardened server. One group of researchers found innumerable vulnerabilities in programmable HSMs, which were not completely corrected even after the manufacturer’s security update – some of them can’t even be fixed with a software patch.
Strict separation of application and storage of private keys essential
The third group – using a dedicated Blockchain HSM for the protection of the private keys – moves a crucial step in the right direction. The application and storage of private keys are strictly separated: application on the server, private keys in the HSM. These HSMs do not offer the option of running third-party programs, which drastically reduces the possibility of attacks. In addition, while a normal, general purpose HSM still executes every authenticated request, access to the private keys is further impeded by these HSMs’ inherent integration of multi-authentication. Specific rules for each private key can be setup to control how many people have to sign off before a private key can sign a transaction. Anonymous access is thus impossible – you can immediately see who allowed the transactions. It effectively reduces the risk of embezzlement to the point where even a “super admin” wouldn’t stand a chance. In the auditable log one can see, who the people who approved the transactions were. Furthermore, the private keys are secure even if your networks have already been infiltrated by attackers. If that isn’t enough yet, it’s actually possible to further increase security by using protected authorization terminals.
Banks and providers of crypto-custody services, as well as the customers of these services, must be aware of which security level they are at: minimal protection with a MVP on a server, “fake” security with a programmable HSM, or the best protection available: an HSM offering block-chain functionality with native multi-authentication.