TalkingTrust with Thales and ConsenSys Quorum
– Security for Ethereum Blockchains
Listen to this short video to learn about Blockchain. Sharing decentralized data via blockchain, and how this builds trust is critical to its evolution and adoption. As user adoption increases, ensuring trust and integrity in the Blockchain network is paramount.
View this video to learn how:
- developers can easily build next generation blockchain with “security built-in”
- applications for new blockchain systems are more efficient & flexible, but also more secure
- securing the Blockchain identity keys with a hardware root of trust is critical to the integrity of an organization’s products and services
- high quality entropy results in strong keys and identities
- strong access controls and separation of duties means high assurance protection
- you can assure trust for your blockchain projects
Watch this video to learn how Thales Luna Hardware Security Modules (HSMs) provide a foundation of trust for ConsenSys Quorum blockchain solutions, enabling developers to establish trust and high data security through distributed ledgers.
Blair Canavan, Director Business Development, Thales
Arash Mahboubi, Product Manager for ConsenSys Quorum
Partner website: consensys.net
TalkingTrust Series - ConsenSys – Blockchain
00:10 Welcome everyone. This is the latest in
00:12 our TalkingTrust video series.
00:14 With me today is Arash.
00:16 Arash, I know you're calling in from a
00:19 long way away,
00:20 I believe, Canberra Australia, for this call.
00:23 I just want to say how much I
00:25 appreciate that and it's early morning
00:27 for you so I hope you've had
00:28 enough coffee to get through our webinar today.
00:33 Hey Blair, yeah morning! Thanks for
00:35 having me. I did have my cup of coffee, it
00:37 was a few hours ago.
00:38 I probably need another one, but I think
00:40 I've got just enough right to get me going
00:43 to this presentation today. So yes, thanks
00:45 for having me. It'll be a great chat.
00:47 Well good, we're looking forward to
00:49 it. As I said, this is our Talking
00:51 Trust video series and today we're
00:52 talking with ConsenSys and Arash.
00:54 I understand you've been with the
00:55 company for a few years and I just want
00:57 to make sure I have it correct but
00:59 you are the Protocol Engineering Lead
01:02 for ConsenSys.
01:04 Yes, I'm one of the Product Managers of
01:06 ConsenSys. I've been with them for
01:08 nearly about three years and I've been
01:11 in the blockchain space
01:13 for a little bit longer than that.
01:15 It's a fantastic space and you know it
01:19 moves very, very fast and has been rapidly
01:22 developing and growing and changing.
01:25 Which is very, very exciting, but you know
01:27 sometimes really hard to keep up with
01:29 and I'm sure so that you're aware
01:31 there's a lot of things going on
01:34 in the blockchain space in the
01:35 cryptocurrency market.
01:37 It's becoming it's been a big hike
01:4001:41 and continues to be. I think
01:44 as it continues to mature and grow the technology,
01:47 the cat's out of the bag so to
01:49 speak and it's not going back in.
01:50 Everyone's starting to pop their heads
01:52 up and really
01:53 take notice which is really exciting.
01:55 Well good.
01:56 I should have mentioned I run the
01:57 Business Development Blockchain
02:00 relationship with ConsenSys and I'm part
02:02 of Thales if I didn't say at the beginning.
02:05 We've been working together you and
02:07 I and our companies for the last few
02:08 months putting together what we believe
02:10 to be a pretty exciting
02:11 combination of technologies. What I
02:14 think we could do
02:15 is, no one's looking forward to about 30
02:18 or 40 slides, so we can
02:19 assure you that if you listen in, this is
02:21 only going to be a few short slides.
02:23 I'm excited because
02:24 I don't like those long type
02:28 of deep dives. So we're going to go at a
02:30 very high level, explain a little bit
02:31 about our two technologies coming together,
02:33 and again what I would like to do is
02:37 is give you the opportunity to talk
02:39 about ConsenSys,
02:40 talk about the Ethereum aspect of what
02:42 you're doing and if you could pull up
02:44 the slides we'll do so.
02:47 We'll get through the slides and then
02:48 come back at the end to do some wrap-up.
02:50 Great, sounds good. I might jump
02:54 straight in and start talking a little bit about
02:58 all the exciting work that ConsenSys and
03:00 Thales have been
03:01 doing together and but just to
03:05 kind of level set and make sure we're
03:07 all on the same page,
03:08 I find it useful to briefly touch on
03:12 what my definition of blockchain is.
03:14 And you know,
03:15 our viewers could be
03:17 someone that's very familiar with
03:18 the concepts of blockchain and
03:20 blockchain technology or
03:21 this is a little bit more new.
03:25 At a high level,
03:26 what does a blockchain mean?
03:29 There's two kind of words in
03:31 that, so there's this concept of blocks,
03:33 that I'll touch on in a second,
03:34 and these chains. You can think
03:37 of a blockchain network as
03:39 really a ledger of transactions.
03:42 Illegal transactions
03:44 of who sent what to whom,
03:47 on what date, and that might seem
03:50 like a very common concept that we're
03:52 very used to with things like databases for
03:55 example, and the distinction with
03:57 blockchain technology
03:59 is that it's distributed and
04:00 decentralized. What that means
04:02 is that everyone has a copy of the data.
04:05 So, Blair if you and I are on a
04:08 blockchain network,
04:09 we both have a copy of that
04:12 database in a traditional sense.
04:14 You might hold the copy of that database and you
04:17 gave me access and I can access your database.
04:20 But, there's no way for me to really know
04:22 if you go behind
04:23 my back and change anything on the
04:24 database, when I have a copy of that
04:27 if yours looks different to mine then
04:28 that's very clear.
04:30 And if things are distributed then we
04:34 both kind of share ownership over maintaining
04:37 that database and making sure it's
04:39 robust and secure.
04:41 These concept of blocks
04:44 is what you can imagine is a blockchain
04:47 is a set of transactions that take place
04:49 on the network. I send you
04:51 five dollars on a particular date
04:53 and all these transactions that take
04:55 place get put into a box
04:57 and these boxes get sent around the network.
05:01 They stack up on top of each other, so
05:04 block one, then two, then three, then four, in
05:08 sequential order and that's what forms
05:09 this chain concept.
05:11 The key differentiator
05:14 and the value add that blockchain networks provide
05:16 is to be able to guarantee the
05:18 authenticity of who produced these blocks.
05:21 What we're going to talk a little
05:22 bit more about here today, are these
05:25 cryptographic keys. We use these keys
05:28 to sign our transactions and sign our blocks
05:31 to validate that this block was produced by me.
05:34 I am sending you this block
05:36 and I own it. These keys are what
05:39 we want to really secure
05:40 and make sure there's control over
05:44 because losing our keys and losing our identity
05:47 essentially is what compromises the network.
05:50 We'll talk about that a little bit more.
05:53 The main thing that we want to do with these
05:58 cryptographic keys is make sure that
06:00 they are robust and safely secured because if
06:04 someone gets access to their keys
06:06 then they can imitate us on our network
06:08 and they can pretend
06:09 pretend to be me on the network so
06:11 although blockchain technology itself is
06:14 tamper proof, losing your keys
06:19 is where trouble comes in. I
06:20 was listening to a podcast the other day
06:23 about a heist on the most secure vault
06:28 in the world. I think it was back in the
06:31 90s. The vault
06:34 had all the security measures in place
06:36 that it needed.
06:37 One of the security measures was
06:38 this two-key system so
06:40 that you actually needed two physical
06:42 keys that could be detached
06:44 and stored separately to access the vault but
06:47 what the burglars realize is
06:50 that the security guards just
06:53 kept those two keys together
06:56 in the room right next door to the vault.
06:58 You can produce the more secure vault,
07:01 but if you don't keep
07:02 your keys secure, locked away somewhere,
07:05 then it's very easy to hack into.
07:07 Lots of lessons learned over the years.
07:12 I don't think that they
07:14 were too clever about their separation
07:16 of duties in that
07:17 example. We'll talk as well
07:18 on the HSM side how we could make
07:20 that problem go away quite easily.
07:24 We've talked about what is a
07:27 blockchain network. The
07:29 next question that we usually get asked is,
07:32 why is this important? How big
07:34 is this space? If we're talking about
07:37 hundreds of dollars being
07:39 run on the blockchain network or
07:40 even potentially thousands, and the
07:42 remote possibility of a hack,
07:44 how big of an impact can it really be?
07:46 What I wanted to bring to everyone's attention
07:50 is really how big this market is and how rapidly it's
07:54 growing and what I want to talk about is
07:57 just very briefly the growth of the
07:59 enterprise market.
08:01 When we're talking about the
08:04 Ethereum, let's just take
08:05 one blockchain example. At ConsenSys
08:08 we believe in the value of Ethereum as
08:11 the kind of biggest blockchain network,
08:12 with the most number of active users and developers in
08:15 the space, and excluding the
08:20 mainnet network, which is the
08:22 permissionless network that anybody
08:24 can join and transact on.
08:26 There's billions of dollars
08:28 secured on that at the moment
08:30 but even putting that aside and
08:32 looking just for growth of
08:33 enterprise adoption,
08:34 there's nearly seven billion dollars in
08:36 value that they're projecting to be used in the system
08:40 within 2021 and the growth of
08:43 Fortune 500 companies coming
08:47 into space and moving their projects from
08:50 what they term, proof of concept
08:52 and R&D projects that
08:54 started a number of years ago
08:56 to real production, value ads with end
08:59 user access, is really rapidly increasing.
09:02 You can see this across
09:06 and we talked a bit about this
09:08 previous to the call today but it's really
09:11 an element of the maturity of
09:13 blockchain, so what you're saying
09:16 is that a great deal of fine
09:19 the transactional value of seven billion
09:22 pales in comparison to the
09:24 to the traditional markets. You're
09:26 seeing an emerging technology. The
09:28 trust and integrity is becoming
09:30 an issue and with what you're just
09:33 just describing today
09:34 is if people trust, it they will use it.
09:37 Is a that a fair statement?
09:38 Trust and integrity of a blockchain network is
09:44 very paramount and as
09:46 one of the one of the fundamental
09:48 elements that blockchain
09:50 tries to bring in is this concept of
09:53 distributed trust. It's a
09:54 trustless technology because you can
09:56 trust in the protocol in the system,
09:58 rather than necessarily trusting
10:00 the person that you're interacting with.
10:02 Having that trust in
10:05 integrity of the solution is paramount,
10:07 because if you don't have that
10:09 then what else is there?
10:12 It's really the market,
10:16 it’s rapidly growing and
10:18 it's moving from a stage of a number of
10:23 technologists really using these solutions to
10:26 mainstream adoption.
10:27 We're really seeing that pick up
10:29 over the last few years. Today we'd like to talk
10:33 about that in the application side,
10:35 moving from theory to
10:37 practice. Maybe you could talk a
10:38 little bit about how ConsenSys Quorum
10:42 is a product that is
10:46 unique but also adopting and
10:48 adapting, and providing those
10:50 those trust elements that you described
10:52 in your previous slide. I'll
10:53 let you walk through this slide for us a little bit.
10:56 at a high level touching on what ConsenSys Quorum is.
11:01 ConsenSys Quorum is an open source
11:04 blockchain platform that you can use
11:06 for a permissioned or permissionless
11:09 network. It supports a
11:11 permissionless network, a public
11:13 chain that anybody can use.
11:15 What we've also seen is a wide range
11:17 of adoptions across different use cases for
11:20 permission chains so consortium chains
11:22 that are coming together to
11:24 transact and have for some particular
11:28 use case. We've seen this from
11:30 financial use case predominantly
11:32 to reduce the cost of operation
11:35 in supply chain for tracking food for example.
11:38 You can kind of build any sort of platform
11:42 that you want on top of that.
11:44 ConsenSys Quorum so consistently
11:46 provides that base layer application,
11:49 which is the trust of the distributed
11:50 technology and running the blockchain
11:52 network for you.
11:54 There's a number of features and things
11:57 that it brings to place both in permission network,
12:01 where you know things like private
12:02 transactions and privacy
12:04 and security is quite paramount. You
12:07 might have a number of organizations that are
12:10 transacting with each other on the network,
12:12 but some of those transactions need to
12:14 be private, so it supports that as well, allowing
12:19 permission access so you know who is
12:21 joining your network and what kind of
12:22 transactions are taking place.
12:24 This kind of starting capability,
12:29 which we're going to dig into a little
12:30 bit more, about providing
12:32 keys and securely storing those keys
12:36 separately to your application layer.
12:39 You can provide that
12:41 differentiation but ConsenSys Quorum
12:43 is a really customizable solution
12:46 that you can pick up as an open source tool
12:49 and start developing your application on
12:50 it straight away.
12:53 I think that's a great segue into
12:55 the next slide. We're going to talk a
12:56 little bit about the key security
12:58 elemental to the integrity of the entire blockchain.
13:03 As we put the slide up here and
13:05 to the right we show
13:06 a typical HSM. Maybe you could talk a
13:09 little bit about your perspective on the attack
13:13 vectors and what that could mean to
13:15 a blockchain environment and why it's
13:17 important to protect that infrastructure.
13:20 I guess as I keep talking about these keys, one
13:24 of the paramount things that we
13:27 identified while we're building
13:28 solutions for our customers
13:30 is how do you store these keys? Where
13:32 do you put these keys to provide a level
13:34 of integrity and access that's required
13:37 but also make sure they are in a tamper-proof,
13:40 sealed environment that can't be accessed?
13:44 The integration that we did
13:48 with Thales was essentially an
13:50 integration with ConsenSys Quorum
13:52 and a Luna Network HSM module which
13:55 allows for these keys to be stored
13:57 securely in a separate device, an off-chain device.
14:00 That integration allows ConsenSys Quorum
14:04 to communicate with a HSM module for
14:07 any transactions and processes
14:10 that need access to the HSM. The keys never
14:14 leave the HSM application. I'll
14:16 talk a little in a second on the next slide about
14:18 what you do with these keys?
14:22 But as I said paramount to this, is being able to
14:26 differentiate and securely keep your
14:28 keys away from your
14:30 server layer, where your application resides.
14:34 In the event that somebody gets access to your server environment,
14:40 where your application logic is, at least
14:42 if your keys are separate
14:45 they can't get even though.
14:47 They might get access to the data,
14:49 they can't imitate you on the network
14:52 and pretend to be you,
14:53 and therefore access your funds. So
14:56 digging in a little bit about
14:58 how we utilize our integration
15:01 with the Luna HSM module.
15:03 It's really about improving your
15:05 identity on your network and an Ethereum blockchain network.
15:08 Your identity allows you to do a number
15:10 of things, so when you peer with
15:12 others as I said it's a distributed
15:14 technology, where we communicate and
15:16 shake hands when we
15:17 you know with each other, we identify
15:19 who we are. So just in real life when we
15:21 meet one another I say hi.
15:23 A layer of trust and you just trust me
15:25 that's my name that's my identity,
15:27 and in a blockchain network you use
15:29 these keys to identify who you are,
15:31 when you meet other people on the network.
15:34 One of the other things you do
15:36 once you peer with other people,
15:38 when you do these transactions and
15:39 create these blocks
15:41 and find your name on the block and send
15:43 them across is you create these blocks,
15:46 you sign your name on it, using your key. You sign
15:50 the block that says, hey I produced this
15:52 block. Here's my copy of it. You validate
15:54 it against blocks that you have and make
15:57 sure they're identical that that we're
15:59 both speaking the same language. That
16:02 again is a critical component,
16:04 maintaining the governance of the
16:05 network is also important. In a permission chain,
16:09 these nodes which are
16:12 essentially the computers on the network
16:15 that run this application and maintain the network,
16:19 get to also say who is and isn't in a
16:22 permission network. If you and I
16:23 control the network
16:25 and somebody else wants to join, I have
16:27 to say yes, they can join it. You have to
16:29 say yes, they can join.
16:30 You can imagine what happened if
16:32 someone was imitating my identity,
16:34 they could obviously let others join the network
16:37 where we don't necessarily want them to.
16:40 All these kind of controls that are
16:43 in place you can see how
16:44 important it is to make sure your
16:46 cryptographic keys are securely stored away.
16:48 The value that we have with the Luna HSM
16:52 is that we can create the keys in the
16:53 HSM. They can stay in there and
16:55 they don't ever have to leave
16:57 the HSM. When we want to create
16:59 a block we go and talk to the HSM and say hey,
17:02 I want to create a block. Use my
17:04 key to find this for me.
17:06 Then the HSM does that
17:08 and sends the signature back. We know
17:10 that the keys never
17:11 leave the module itself and any
17:13 communication we need to do, we do
17:15 directly and then send back.
17:17 I think the key here is that it's
17:19 not optional, it's not an exception, it's a rule.
17:22 What you've built here is the
17:24 integrity of that design and it
17:26 mandates that every single
17:28 transaction described has
17:30 a root of trust in that cryptographic
17:32 module. I think that's a key element
17:34 no pun intended,
17:36 that we find ourselves in, is this transparent operation
17:40 from a usability point of view.
17:43 One of the the value benefits is that this is all
17:46 running in the background, this
17:47 plumbing and wiring,
17:48 and the performance is not affected in
17:51 any shape or form. We're really glad
17:53 that we're working with you to make this
17:56 truly a win-win win situation
17:59 by using the elements within ConsenSys
18:01 and the value proposition of HSM technologies.
18:04 We've got a few couple more slides
18:06 here. Did you want to
18:08 walk us through some of
18:10 the resources that are available
18:12 to our listeners today and what they
18:15 could learn by going to your website or
18:17 some of the documents?
18:22 There's obviously tons of
18:23 material available out there if you want
18:25 to learn more about both Thales and
18:27 ConsenSys Quorum,
18:28 and what we do and our integration with
18:31 the Luna HSM. Reach out, our
18:34 contact details are there, if you want to
18:36 talk a little bit more
18:37 and dig into some of the more
18:38 technicalities. We're more than happy to
18:41 do that, but as I said we found that
18:43 this is a key component for networks
18:46 that are moving into production.
18:47 While we're in kind of POC and
18:49 testing phase, those kind of security elements don't
18:52 necessarily come into where they're
18:54 they're not top of mind and
18:55 the application logic seems to be top of
18:57 mind for most of our customers.
18:59 As projects move through
19:00 pre-production and getting into production,
19:02 the Luna HSM requirements are paramount.
19:08 It is definitely a hard requirement. Any customer that we
19:12 speak to definitely has those requirements and
19:15 this is part of the the fact that we've worked together.
19:20 Please reach out if you
19:22 have any questions and happy to talk a
19:24 little bit more about this.
19:26 We've got the the data sheet elements available
19:30 and from a resource point of view on
19:32 on the slide, there you can reach
19:33 you can reach out to myself or Arash if
19:35 you have any questions.
19:36 I'm just going to end the slides here
19:38 and put our talking heads back up on the
19:40 screen if people forgotten what we might look like
19:42 or sound like.
19:44 Arash, I just wanted to say thanks very
19:46 much. We're very excited to be working with ConsenSys,
19:48 and appreciate you walking us
19:50 through the technology stack.
19:52 If there's anything that you'd like to
19:56 add at a later date by all means.
19:59 We're looking forward to working with
20:00 you and evolving as your technology evolves with us.
20:04 Thanks again for all of your input
20:06 and working with us on the
20:08 TalkingTrust Webinar Series and again,
20:11 we look forward to working with
20:12 you it's been fun. Thanks Blair.
20:14 Thanks for having me.
20:15 You're welcome.
Bringing Trust to Blockchain with Thales HSM and SAS Solutions - Solution Brief
Blockchain is one of those industry buzzwords that you seem to hear everywhere, but what exactly is it and can you trust it? For the most part, enterprises are implementing blockchain without truly understanding its purpose, and as much as 90% of enterprise blockchain projects...
Thales Luna Network HSM - Product Brief
Secure your sensitive data and critical applications by storing, protecting and managing your cryptographic keys in Thales Luna Network Hardware Security Modules (HSMs) - high-assurance, tamper-resistant, network-attached appliances offering market-leading performance.
ConsenSys Quorum Documentation & Downloads
ConsenSys Quorum is an open-source protocol layer that provides developers with the flexibility and reliability needed to make their blockchain applications successful. ConsenSys Quorum comprises a suite of configurable components and APIs, enabling you to customize your use case and production environment.
ConsenSys Quorum enables enterprises to leverage Ethereum for their high-value blockchain applications. Businesses can rely on the Quorum open-source protocol layer and integrate on top of it product modules from ConsenSys, other companies, or your own in-house development team to build high-performance, customizable applications.