Fortanix Inc., a leader in
Runtime Encryption, today
announced it is uniquely addressing critical enterprise blockchain security
requirements by enhancing its Self-Defending
Key Management Service (SDKMS)
next-generation Hardware Security Module (HSM) solution with advanced
cryptographic algorithms and new data protection features and to help
organizations secure encryption keys for blockchain and financial information.
Enterprise blockchain has the
potential for transformative benefits. By adopting a blockchain style ledger
system, organizations can significantly increase efficiency and enhance
collaboration internally and across business ecosystems. However, blockchain
has the potential to carry significant economic value. Private keys, regarded
as the identity and security credential, are associated with financial value,
which is attractive to attackers.
According
to Gartner, "While the blockchain ledger uses sound
cryptography, the collection of technologies that make up the entire blockchain
still carries significant risks...The use of certificates in the blockchain poses
some unique challenges. For example, if a user's private key is lost or stolen,
it could potentially lock them out of the blockchain permanently."
"iExec is building the first
marketplace for trading computing resources in the world," said Lei Zhang,
Security R&D manager, iExec. "iExec platform provides blockchain-based
DApps (Decentralized Applications) with scalable, secure, and easy access to
computing resources they need. We are very pleased to collaborate with Fortanix
to protect DApps running in iExec decentralized cloud. Fortanix SDKMS delivers
secure provisioning of secrets for blockchain DApps ensuring the data remains
completely protected."
Fortanix SDKMS eliminates one
of the largest obstacles to blockchain adoption - secure and compliant
encryption key management - by delivering unmatched security for the generation
and use of keys. Complete key management and key usage policies are enforced
inside Intel® Software Guard Extensions (Intel
SGX) enclaves, ensuring
confidentiality and integrity of the policies and private key protection even
when in use. SDKMS delivers HSM-grade security designed for easy integration
into blockchain environments with complete flexibility of deployment model,
application integration with RESTful API support, support for enhanced
cryptographic algorithms, and policies for key signing and access control.
New SDKMS capabilities
helping address blockchain security concerns include a quorum approval (M of N)
policy, or multi-signatures (multisig) support, for enhanced protection of
highly sensitive key operations. Organizations can define flexible quorum
approval policies, such as approval required by three out of five users, with
approval required by specific users or multi-level approvals. Easy-to-use
intuitive workflows enable secure remote collaboration.
Fortanix SDKMS supports
comprehensive NSA Suite B algorithms. Additionally, with its software-defined
approach to HSM and key management, Fortanix continuously delivers support for
new algorithms, such as support for ECDSA secp256k1 used by Bitcoin
applications.
"Enterprise blockchain can be
useful for business transactions and has the potential to carry significant
economic value, which inevitably increases the risk of theft and misuse," said
Ambuj Kumar, Fortanix co-founder and CEO. "Organizations are turning to
Fortanix for their blockchain security needs, in order to have complete control
over who is allowed on the network, while uniquely securing their blockchain
transactions with the industry's first runtime encryption operating in a secure
enclave."
Organizations can deploy
Fortanix SDKMS appliance nodes centrally or in a distributed manner. In each
case, the Fortanix SDKMS cluster delivers centralized key management
capabilities to any blockchain application or any device. For organizations
that prefer a SaaS consumption model, Fortanix-powered Equinix SmartKey delivers
HSM and key management as a global cloud service. Regardless of the deployment
model, organizations have centralized visibility and control over the entire
solution. Multiple clusters can also be deployed to separate hot and cold
wallets - hot wallets being used for frequent usage, while cold wallets keep
the majority of tokens in secure tamper-proof storage.
In addition, the Fortanix
Runtime Encryption plug-in capability allows organizations to customize
cryptographic logic and run it securely inside the trusted execution
environment of Intel SGX. This allows unique policies for key usage, such as
applying thresholds, as well as access control to be enforced per an
organization's requirements. Plug-ins can also support secure key derivation
for HD wallets, such as defined by BIP 32. SDKMS runs on hardened FIPS 140-2
Level 3 compliant appliances that deliver enhanced physical security.
For more information see:
https://fortanix.com/solutions/use-case/blockchain/