Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

8/22/2018
02:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Fortanix Flexible Key Management Service Addresses Critical Enterprise Blockchain Security Requirements with Unique Private Key Protection

Fortanix self-defending key management service delivers new encryption-based data protection and enhanced cryptographic algorithms to help address blockchain security gaps

MOUNTAIN VIEW, Calif. – Fortanix Inc. today announced it is addressing critical enterprise blockchain security requirements by enhancing its Self-Defending Key Management Service (SDKMS) next-generation Hardware Security Module (HSM) solution with advanced cryptographic algorithms and new data protection features and to help organizations secure encryption keys for blockchain and financial information.

Enterprise blockchain has the potential for transformative benefits. By adopting a blockchain style ledger system, organizations can significantly increase efficiency and enhance collaboration internally and across business ecosystems. However, blockchain has the potential to carry significant economic value. Private keys, regarded as the identity and security credential, are associated with financial value, which is attractive to attackers.

According to Gartner, "While the blockchain ledger uses sound cryptography, the collection of technologies that make up the entire blockchain still carries significant risks…The use of certificates in the blockchain poses some unique challenges. For example, if a user's private key is lost or stolen, it could potentially lock them out of the blockchain permanently."1

"iExec is building the first marketplace for trading computing resources in the world," said Lei Zhang, Security R&D manager, iExec. "iExec platform provides blockchain-based DApps (Decentralized Applications) with scalable, secure, and easy access to computing resources they need. We are very pleased to collaborate with Fortanix to protect DApps running in iExec decentralized cloud. Fortanix SDKMS delivers secure provisioning of secrets for blockchain DApps ensuring the data remains completely protected."

Fortanix SDKMS eliminates one of the largest obstacles to blockchain adoption – secure and compliant encryption key management – by delivering security for the generation and use of keys. Complete key management and key usage policies are enforced inside Intel Software Guard Extensions (Intel SGX) enclaves, ensuring confidentiality and integrity of the policies and private key protection even when in use. SDKMS delivers HSM-grade security designed for easy integration into blockchain environments with complete flexibility of deployment model, application integration with RESTful API support, support for enhanced cryptographic algorithms, and policies for key signing and access control.

New SDKMS capabilities helping address blockchain security concerns include a quorum approval (M of N) policy, or multi-signatures (multisig) support, for enhanced protection of highly sensitive key operations. Organizations can define flexible quorum approval policies, such as approval required by three out of five users, with approval required by specific users or multi-level approvals. Easy-to-use intuitive workflows enable secure remote collaboration.

Fortanix SDKMS supports comprehensive NSA Suite B algorithms. Additionally, with its software-defined approach to HSM and key management, Fortanix continuously delivers support for new algorithms, such as support for ECDSA secp256k1 used by Bitcoin applications.

"Enterprise blockchain can be useful for business transactions and has the potential to carry significant economic value, which inevitably increases the risk of theft and misuse," said Ambuj Kumar, Fortanix co-founder and CEO. "Organizations are turning to Fortanix for their blockchain security needs, in order to have complete control over who is allowed on the network, while uniquely securing their blockchain transactions with the industry's first runtime encryption operating in a secure enclave."

Organizations can deploy Fortanix SDKMS appliance nodes centrally or in a distributed manner. In each case, the Fortanix SDKMS cluster delivers centralized key management capabilities to any blockchain application or any device. For organizations that prefer a SaaS consumption model, Fortanix-powered Equinix SmartKey delivers HSM and key management as a global cloud service. Regardless of the deployment model, organizations have centralized visibility and control over the entire solution. Multiple clusters can also be deployed to separate hot and cold wallets – hot wallets being used for frequent usage, while cold wallets keep the majority of tokens in secure tamper-proof storage.

In addition, the Fortanix Runtime Encryption plug-in capability allows organizations to customize cryptographic logic and run it securely inside the trusted execution environment of Intel SGX. This allows unique policies for key usage, such as applying thresholds, as well as access control to be enforced per an organization’s requirements. Plug-ins can also support secure key derivation for HD wallets, such as defined by BIP 32. SDKMS runs on hardened FIPS 140-2 Level 3 compliant appliances that deliver enhanced physical security.

For more information see: https://fortanix.com/solutions/use-case/blockchain/

Note 1 – Gartner, Inc., "Evaluating the Security Risks to Blockchain Ecosystems," by Mark Horvath, Jonathan Care, David Anthony Mahdi. March 21, 2018.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14230
PUBLISHED: 2019-07-21
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user ...
CVE-2019-14231
PUBLISHED: 2019-07-21
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/un...
CVE-2019-14207
PUBLISHED: 2019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error).
CVE-2019-14208
PUBLISHED: 2019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary.
CVE-2019-14209
PUBLISHED: 2019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm.