There are very few scenarios where security is more important than in the world of digital assets. If the key protecting a digital asset is compromised, then it’s game over. At the same time, trading digital assets will only enter the mainstream when it’s possible to do it quickly and easily. For financial institutions accustomed to making transactions within a fraction of a second, waiting hours or even days for different keyholders to sign off on a digital asset trade is unthinkable. At Unbound Tech, we saw an opportunity. By combining our unique multiparty computation (MPC) software with the IBM Hyper Protect Digital Assets Platform built on IBM LinuxONE, we’re bringing unprecedented liquidity and security to digital asset management.
Sizing up the challengeUnbound is a pioneer in the use of MPC to secure cryptographic keys from every angle, splitting each key into multiple shares that are never united. By distributing trust, we ensure that a breach of any single machine never compromises the integrity of a key. In the cryptographic world, there’s no such thing as “too secure.” However, we recognized that existing enterprise-class digital asset management solutions are forcing customers to choose between security and agility. What use is the most secure platform in the world if it’s unusable in real life? We set out to build a new offering that pushes the boundaries of security without limiting liquidity of digital assets.
Creating the Unbound Crypto Asset Security Platform (CASP)Developed with help from IBM, the Unbound Crypto Asset Security Platform (CASP) solution introduces lucrative benefits for digital assets service providers, including:
- The elimination of any single point of failure across the full digital asset lifecycle. IBM LinuxONE infrastructure offers unique resiliency features such as triple-redundant environmental sensors and Redundant Array of Independent Memory (RAIM) to keep applications running even in the unlikely event of a component failure. IBM LinuxONE can withstand a severe earthquake, with the mean time between failures (MTBF) measured in decades(!).
- Strict policy enforcement and cryptographic signing support across nearly unlimited asset types (no need for programming multi-sig, smart contracts).
- Insider-resistant, hardened infrastructure for Unbound CASP’s critical software elements. CASP services, key management, vaults, databases, chain connectors, and server-side bots all run within IBM Hyper Protect Virtual Servers, which are securely booted, protected memory enclaves. These enclaves help assure that administrators and operators do not have even technical access to the applications managing digital assets, such as policy enforcement mechanisms. For example, if an administrator initiates a memory dump, the dump is encrypted and does not include administrative access to the private key.
- Unbound CASP’s code build, signing, and deployment services run within IBM LinuxONE specialized Secure Image Build enclaves. These enclaves help rigidly enforce software review and attestation procedures, to frustrate potential malware, ransomware, and backdoor attackers. These defenses help assure that MPC is properly deployed without human interference. They also help accelerate testing and deployment of legitimate, authorized code updates if there’s ever an application security vulnerability requiring a quick fix. Secure Image Build solves two critical dilemmas: 1) proving the deployed software image is the right one and has not been modified or replaced by a privileged insider, and 2) proving the signed image is what it was supposed to be through the use of the secured source code manifest.
- Exploitation of IBM Crypto Express Hardware Security Modules (HSMs) for the CASP cold backup key and CASP disaster recovery. IBM Crypto Express is one of the only commercially available FIPS 140-2 Level 4 certified HSM, meaning it meets or exceeds the most rigorous standards for tamper protection and response. It enables exceptional business continuity, which is mandatory for enterprise-grade financial institutions.
- Only clients or their trustees control their assets—not Unbound Tech, nor IBM. Clients are issued special IBM smart card HSMs. During a trusted key ceremony, these smart cards collectively generate AES256 bit key parts that are securely transferred to the platform’s HSM and assembled into a master wrapping key inside an isolated HSM domain. Only the client retains control of their master wrapping key. HSM domains are highly isolated and protected by 360-degree envelope tamper detection and response.
- Solutions can be deployed to the IBM Cloud, on premises, or in a hybrid deployment, giving institutions and service providers full freedom to decide how and where they’d like to manage their digital asset platforms.