You’d have to be something of a technological hermit not to have heard of Bitcoin. The word ‘disruptive’ is used all too often, but for once it may be no exaggeration when discussing this innovative cryptocurrency. Many top technologists, investors, and even bankers are now appreciating how blockchain technology has the ability to transform the way people and businesses transmit value and establish trust.
Yet the hype surrounding Bitcoin hasn’t yet translated into mainstream business and consumer adoption. Speculators in a new currency expect a bumpy ride, but even for users that just want real-time transactions, the Bitcoin community can sometimes look like the Wild West of payments. Public attacks and accidents such as Mt. Gox, BitStamp, the Silk Road, Neo & Bee, etc. mean the cryptocurrency world can seem a scary place.
Free Cyber Security Training! Join the revolution today!
Here’s a stat that may shock you: about 10% of all Bitcoins that have ever existed have been lost or stolen. At the time of writing, that represents over $350m in lost value. These losses have almost entirely stemmed from weak security practices, in particular poor management and protection of the keys that quite literally translate to cash.
The Achilles heel of Bitcoin as a means of transmitting value is that it relies on keeping private cryptographic keys secure from theft, loss and misuse. For decades, the payments industry has mandated the use of hardware security modules or HSMs to keep private keys secure. Time and time again, they have been proven to be the best means of safeguarding payments related data such as PINs and card details. The trouble is that they don’t speak Bitcoin…
…until now. This week, Gem, a bright new innovator in the Bitcoin ecosystem, announced an important partnership with Thales to bring HSM security to Bitcoin transactions and wallets. Their COO and ex-PayPal exec, Ken Miller, described what they do brilliantly, ”We empower Bitcoin companies to build incredibly secure products and services with our multi-signature platform. By abstracting away the hard parts of blockchain development, we offer our developers the simplest way to get up and running, giving them expert security by default.”
Their CEO, Micah Winkelspecht, explained the challenge they faced in executing their vision: “The payments industry has been using this hardware technology for years. But we looked at every HSM on the market to find one that could support Bitcoin wallets, and none of them could do it, so we built it ourselves. Thales really came through for us, and the level of enthusiasm they have for our growing industry is incredible.”
What Micah is talking about when he says “we built it ourselves” is our unique nShield HSM capability called CodeSafe. Cryptographic signing operations are central to every Bitcoin transaction, and HSMs are perfect for securing not just the private wallet keys but also creating the signatures to transfer funds. However, Gem wanted to go further and lead the industry with higher order security techniques such as hierarchical deterministic key derivation and multi-signature transaction authorization. This required securing application code as well as keys and crypto to create a tamper-resistant application – and that’s precisely what CodeSafe was designed to do.
Gem have the potential to become a powerful enabling force in the Bitcoin industry to help a wide range of both disruptive as well as traditional banking players to focus on what they do best: avoiding the complexity of securing the core technology themselves. Failure to bring Bitcoin up to the security grade of today’s trusted payments network could spell disaster, no matter how high the disruptive potential and media buzz.
By Richard Moulds, VP Strategy, Thales e-Security
About Thales e-Security
Thales e-Security is a leading global provider of data protection solutions with more than 40 years experience securing the world’s most sensitive information. Our customers—businesses, governments, and technology vendors with a broad range of challenges—use Thales products and services to improve the security of applications that rely on encryption and digital signatures. By protecting the confidentiality, integrity, and availability of sensitive information that flows through today’s traditional, virtualized, and cloud-based infrastructures, Thales is helping organizations reduce risk, demonstrate compliance, enhance agility, and pursue strategic goals with greater confidence.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.