Securing Blockchains with Hardened Encryption, Part 2
This is 2nd installment of a two-part blog post dedicated to blockchain technology. In it, we'll discuss some of the security risk factors associated with blockchain technology and how those factors can be mitigated with hardened encryption. Part one is located here.
When looking at the encryption needs of any blockchain environment, one of the most important operations is key management, especially high-volume key management. Blockchain relies heavily on public key infrastructure (PKI). PKI is a form of asymmetric encryption that uses both public and private keys. Public keys are used to encrypt data and private keys, which are unique to each user, are used for decryption. In blockchain-based PKI, every node on the network requires a unique private key to decrypt and access the data on the blockchain. Additionally, a public key is needed for encrypting data into the blockchain.
There are some concerns with key operations in blockchain. As discussed in part 1 of our blog post on blockchain security, many public blockchain keys are stored in software-based key management programs. Software-based encryption operations are vulnerable to a variety of virtual attacks because they are not partitioned from the network. A hardware-based key management solution, such as Futurex’s Key Management Enterprise Server (KMES) Series offers a solution to this. The KMES Series stores keys in a physically secure HSM equipped with a variety of physical security and anti-tamper measures. The KMES Series and all Futurex products meet FIPS 140-2 Level 3 validation. This includes a physically reinforced casing, features for making tampering attempts evident to system administrators, and measures for automatically deleting or "zeroing" out sensitive data to prevent encryption keys from becoming compromised.
Unlike the public-facing blockchains that are used in cryptocurrency, the type of blockchains that will be used in the commercial and government sectors will likely be private blockchains. These blockchains will be internal to an organization's network and only approved members will be able to contribute to the blockchain. This will also allow the administrators of the blockchain network to set their own standards for security and how their nodes will add data to the blockchain. For companies to develop their own private blockchains and incorporated them into their existing system applications and infrastructures, they must have access to a secure environment to safely developed their applications within a risk-free framework. Futurex’s Vectera Series offers a Secure Code Environment designed specifically for organizations needing to extend cryptographic command sets to support proprietary or environment-specific functionality with custom applications and API extensions. The Vectera is tailor made for organizations wishing to develop solutions for incorporating blockchain-style record keeping into a cryptographic environment.
In addition to secure development, Futurex's Vectera Series contains an ideal blend of general purpose cryptography and transactions processing capabilities. While the transaction processing features are most used by those within the financial sector, the cryptographic processes involved with processing payments are also applicable to numerous other industries.
Understanding blockchain and its applications is not an easy task, but the importance of secure and compliant encryption processes with in a blockchain-style ledger is apparent. Whether you’re looking to develop your own blockchain ledger for your applications, or you're seeking to step into the growing world of Blockchain as a Service (Baas), Futurex’s Hardened Enterprise Security Platform is flexible enough to fit your needs. Feel free to reach out to our Solutions Architect with any inquiries on Futurex’s products or service.