Luna HSM: TalkingTrust Video Series

Luna HSM: TalkingTrust Video Series

Secure your devices, identities and transactions with
Thales Luna HSMs and ecosystem partners – the foundation of digital trust

TalkingTrust with Thales and ConsenSys Quorum
– Security for Ethereum Blockchains


TalkingTrust with Thales and ConsenSys Quorum – Security for Ethereum BlockchainsListen to this short video to learn about Blockchain. Sharing decentralized data via blockchain, and how this builds trust is critical to its evolution and adoption. As user adoption increases, ensuring trust and integrity in the Blockchain network is paramount.

View this video to learn how:

  • developers can easily build next generation blockchain with “security built-in”
  • applications for new blockchain systems are more efficient & flexible, but also more secure
  • securing the Blockchain identity keys with a hardware root of trust is critical to the integrity of an organization’s products and services
  • high quality entropy results in strong keys and identities
  • strong access controls and separation of duties means high assurance protection
  • you can assure trust for your blockchain projects

 

 

Watch this video to learn how Thales Luna Hardware Security Modules (HSMs) provide a foundation of trust for ConsenSys Quorum blockchain solutions, enabling developers to establish trust and high data security through distributed ledgers.

Speakers:
Blair Canavan, Director Business Development, Thales
Arash Mahboubi, Product Manager for ConsenSys Quorum

Partner website: consensys.net

cons

Resources:

Video Transcript

TalkingTrust Series - ConsenSys – Blockchain

 

00:10 Welcome everyone. This is the latest in

00:12 our TalkingTrust video series.  

00:14 With me today is Arash.

00:16 Arash, I know you're calling in from a

00:19 long way away,

00:20 I believe, Canberra Australia, for this call.

00:23 I just want to say how much I

00:25 appreciate that and it's early morning

00:27 for you so I hope you've had

00:28 enough coffee to get through our webinar today.

00:33 Hey Blair, yeah morning! Thanks for

00:35 having me. I did have my cup of coffee, it

00:37 was a few hours ago.

00:38 I probably need another one, but I think

00:40 I've got just enough right to get me going

00:43 to this presentation today. So yes, thanks

00:45 for having me. It'll be a great chat.

00:47 Well good, we're looking forward to

00:49 it. As I said, this is our Talking

00:51 Trust video series and today we're

00:52 talking with ConsenSys and Arash.

00:54 I understand you've been with the

00:55 company for a few years and I just want

00:57 to make sure I have it correct but

00:59 you are the Protocol Engineering Lead

01:02 for ConsenSys.

01:04 Yes, I'm one of the Product Managers of

01:06 ConsenSys. I've been with them for

01:08 nearly about three years and I've been

01:11 in the blockchain space

01:13 for a little bit longer than that.

01:15 It's a fantastic space and you know it

01:19 moves very, very fast and has been rapidly

01:22 developing and growing and changing.

01:25 Which is very, very exciting, but you know

01:27 sometimes really hard to keep up with

01:29 and I'm sure so that you're aware

01:31 there's a lot of things going on

01:34 in the blockchain space in the

01:35 cryptocurrency market.

01:37 It's becoming it's been a big hike

01:4001:41 and continues to be. I think

01:44 as it continues to mature and grow the technology,

01:47 the cat's out of the bag so to

01:49 speak and it's not going back in. 

01:50 Everyone's starting to pop their heads

01:52 up and really

01:53 take notice which is really exciting.

01:55 Well good.

01:56 I should have mentioned I run the

01:57 Business Development Blockchain

02:00 relationship with ConsenSys and I'm part

02:02 of Thales if I didn't say at the beginning. 

02:05 We've been working together you and

02:07 I and our companies for the last few

02:08 months putting together what we believe

02:10 to be a pretty exciting

02:11 combination of technologies. What I

02:14 think we could do

02:15 is, no one's looking forward to about 30

02:18 or 40 slides, so we can

02:19 assure you that if you listen in, this is

02:21 only going to be a few short slides.

02:23 I'm excited because

02:24 I don't like those long type

02:28 of deep dives. So we're going to go at a

02:30 very high level, explain a little bit

02:31 about our two technologies coming together,

02:33 and again what I would like to do is

02:37 is give you the opportunity to talk

02:39 about ConsenSys,

02:40 talk about the Ethereum aspect of what

02:42 you're doing and if you could pull up

02:44 the slides we'll do so.

02:47 We'll get through the slides and then

02:48 come back at the end to do some wrap-up.

02:50 Great, sounds good.  I might jump

02:54 straight in and start talking a little bit about

02:58 all the exciting work that ConsenSys and

03:00 Thales have been

03:01 doing together and but just to

03:05 kind of level set and make sure we're

03:07 all on the same page,

03:08 I find it useful to briefly touch on

03:12 what my definition of blockchain is.

03:14 And you know,

03:15 our viewers could be

03:17 someone that's very familiar with

03:18 the concepts of blockchain and

03:20 blockchain technology or

03:21 this is a little bit more new.

03:25 At a high level,

03:26 what does a blockchain mean? 

03:29 There's two kind of words in

03:31 that, so there's this concept of blocks,

03:33 that I'll touch on in a second,

03:34 and these chains. You can think

03:37 of a blockchain network as

03:39 really a ledger of transactions.

03:42 Illegal transactions

03:44 of who sent what to whom,

03:47 on what date, and that might seem

03:50 like a very common concept that we're

03:52 very used to with things like databases for

03:55 example, and the distinction with

03:57 blockchain technology

03:59 is that it's distributed and

04:00 decentralized. What that means

04:02 is that everyone has a copy of the data.

04:05 So, Blair if you and I are on a

04:08 blockchain network,

04:09 we both have a copy of that

04:12 database in a traditional sense.

04:14 You might hold the copy of that database and you

04:17 gave me access and I can access your database.

04:20 But, there's no way for me to really know

04:22 if you go behind

04:23 my back and change anything on the

04:24 database, when I have a copy of that

04:27 if yours looks different to mine then

04:28 that's very clear.

04:30 And if things are distributed then we

04:34 both kind of share ownership over maintaining

04:37 that database and making sure it's

04:39 robust and secure.

04:41 These concept of blocks

04:44 is what you can imagine is a blockchain

04:47 is a set of transactions that take place

04:49 on the network.  I send you

04:51 five dollars on a particular date

04:53 and all these transactions that take

04:55 place get put into a box

04:57 and these boxes get sent around the network.

05:01 They stack up on top of each other, so 

05:04 block one, then two, then three, then four, in

05:08 sequential order and that's what forms

05:09 this chain concept.

05:11 The key differentiator

05:14 and the value add that blockchain networks provide

05:16 is to be able to guarantee the

05:18 authenticity of who produced these blocks.

05:21 What we're going to talk a little

05:22 bit more about here today, are these

05:25 cryptographic keys. We use these keys

05:28 to sign our transactions and sign our blocks

05:31 to validate that this block was produced by me.

05:34 I am sending you this block

05:36 and I own it. These keys are what

05:39 we want to really secure

05:40 and make sure there's control over

05:44 because losing our keys and losing our identity 

05:47 essentially is what compromises the network.

05:50 We'll talk about that a little bit more.

05:53 The main thing that we want to do with these

05:58 cryptographic keys is make sure that

06:00 they are robust and safely secured because if

06:04 someone gets access to their keys

06:06 then they can imitate us on our network

06:08 and they can pretend

06:09 pretend to be me on the network so

06:11 although blockchain technology itself is

06:14 tamper proof, losing your keys

06:19 is where trouble comes in. I

06:20 was listening to a podcast the other day

06:23 about a heist on the most secure vault

06:28 in the world. I think it was back in the

06:31 90s. The vault

06:34 had all the security measures in place

06:36 that it needed.

06:37 One of the security measures was

06:38 this two-key system so

06:40 that you actually needed two physical

06:42 keys that could be detached

06:44 and stored separately to access the vault but

06:47 what the burglars realize  is

06:50  that the security guards just

06:53  kept those two keys together

06:56  in the room right next door to the vault.

06:58  You can produce the more secure vault,

07:01 but if you don't keep

07:02 your keys secure, locked away somewhere,

07:05 then it's very easy to hack into.

07:07 Lots of lessons learned over the years.

07:12 I don't think that they

07:14 were too clever about their separation

07:16 of duties in that

07:17 example. We'll talk as well

07:18 on the HSM side how we could make

07:20 that problem go away quite easily. 

07:23 Exactly.

07:24 We've talked about what is a

07:27 blockchain network. The

07:29 next question that we usually get asked is,

07:32 why is this important?  How big

07:34 is this space? If we're talking about

07:37 hundreds of dollars being

07:39 run on the blockchain network or

07:40 even potentially thousands, and the

07:42 remote possibility of a hack,

07:44 how big of an impact can it really be?

07:46 What I wanted to bring to everyone's attention

07:50 is really how big this market is and how rapidly it's

07:54 growing and what I want to talk about is

07:57 just very briefly the growth of the

07:59 enterprise market.

08:01 When we're talking about the

08:04 Ethereum, let's just take

08:05 one blockchain example. At ConsenSys

08:08 we believe in the value of Ethereum as

08:11 the kind of biggest blockchain network,

08:12 with the most number of active users and developers in

08:15 the space, and excluding the

08:20 mainnet network, which is the

08:22 permissionless network that anybody

08:24 can join and transact on.

08:26 There's billions of dollars

08:28 secured on that at the moment

08:30 but even putting that aside and

08:32 looking just for growth of

08:33 enterprise adoption,

08:34 there's nearly seven billion dollars in

08:36 value that they're projecting to be used in the system

08:40 within 2021 and the growth of

08:43 Fortune 500 companies coming

08:47 into space and moving their projects from

08:50 what they term, proof of concept

08:52 and R&D projects that

08:54 started a number of years ago

08:56 to real production, value ads with end

08:59 user access, is really rapidly increasing.

09:02 You can see this across

09:06 and we talked a bit about this

09:08 previous to the call today but it's really

09:11 an element of the maturity of

09:13 blockchain, so what you're saying

09:16 is that a great deal of fine

09:19 the transactional value of seven billion

09:22 pales in comparison to the

09:24 to the traditional markets. You're

09:26 seeing an emerging technology. The

09:28 trust and integrity is becoming

09:30 an issue and with what you're just

09:33 just describing today

09:34 is if people trust, it they will use it.

09:37 Is a that a fair statement?

09:38 Trust and integrity of a blockchain network is

09:44 very paramount and as

09:46 one of the one of the fundamental

09:48 elements that blockchain

09:50 tries to bring in is this concept of

09:53 distributed trust. It's a

09:54 trustless technology because you can

09:56 trust in the protocol in the system,

09:58 rather than necessarily trusting

10:00 the person that you're interacting with.

10:02 Having that trust in

10:05 integrity of the solution is paramount,

10:07 because if you don't have that

10:09 then what else is there?

10:12 It's really the market,

10:16 it’s rapidly growing and

10:18 it's moving from a stage of a number of

10:23 technologists really using these solutions to

10:26 mainstream adoption.

10:27 We're really seeing that pick up

10:29 over the last few years. Today we'd like to talk

10:33 about that in the application side, 

10:35 moving from theory to

10:37 practice. Maybe you could talk a

10:38 little bit about how ConsenSys Quorum

10:42 is a product that is

10:46 unique but also adopting and

10:48 adapting, and providing those

10:50 those trust elements that you described

10:52 in your previous slide. I'll

10:53 let you walk through this slide for us a little bit.

10:56 at a high level touching on what ConsenSys Quorum is.

11:01 ConsenSys Quorum is an open source

11:04 blockchain platform that you can use

11:06 for a permissioned or permissionless

11:09 network. It supports a

11:11 permissionless network, a public

11:13 chain that anybody can use.

11:15 What we've also seen is a wide range

11:17 of adoptions across different use cases for

11:20 permission chains so consortium chains

11:22 that are coming together to

11:24 transact and have for some particular

11:28 use case. We've seen this from

11:30 financial use case predominantly

11:32 to reduce the cost of operation

11:35 in supply chain for tracking food for example.

11:38 You can kind of build any sort of platform

11:42 that you want on top of that.

11:44 ConsenSys Quorum so consistently

11:46 provides that base layer application,

11:49 which is the trust of the distributed

11:50 technology and running the blockchain

11:52 network for you.

11:54 There's a number of features and things

11:57 that it brings to place both in permission network,

12:01 where you know things like private

12:02 transactions and privacy

12:04 and security is quite paramount. You

12:07 might have a number of organizations that are

12:10 transacting with each other on the network,

12:12 but some of those transactions need to

12:14 be private, so it supports that as well, allowing

12:19 permission access so you know who is

12:21 joining your network and what kind of

12:22 transactions are taking place.

12:24 This kind of starting capability,

12:29 which we're going to dig into a little

12:30 bit more, about providing

12:32 keys and securely storing those keys

12:36 separately to your application layer.

12:39 You can provide that

12:41 differentiation but ConsenSys Quorum

12:43 is a really customizable solution

12:46 that you can pick up as an open source tool

12:49 and start developing your application on

12:50 it straight away.

12:53 I think that's a great segue into

12:55 the next slide. We're going to talk a

12:56 little bit about the key security

12:58 elemental to the integrity of the entire blockchain.

13:03 As we put the slide up here and

13:05 to the right we show

13:06 a typical HSM. Maybe you could talk a

13:09 little bit about your perspective on the attack

13:13 vectors and what that could mean to

13:15 a blockchain environment and why it's

13:17 important to protect that infrastructure.

13:19 Definitely.

13:20 I guess as I keep talking about these keys, one

13:24 of the paramount things that we

13:27 identified while we're building

13:28 solutions for our customers

13:30 is how do you store these keys? Where

13:32 do you put these keys to provide a level

13:34 of integrity and access that's required

13:37 but also make sure they are in a tamper-proof,

13:40 sealed environment that can't be accessed?

13:44 The integration that we did

13:48 with Thales was essentially an

13:50 integration with ConsenSys Quorum

13:52 and a Luna Network HSM module which

13:55 allows for these keys to be stored

13:57 securely in a separate device, an off-chain device.

14:00 That integration allows ConsenSys Quorum

14:04 to communicate with a HSM module for

14:07 any transactions and processes

14:10 that need access to the HSM. The keys never

14:14 leave the HSM application. I'll

14:16 talk a little in a second on the next slide about

14:18 what you do with these keys? 

14:22 But as I said paramount to this, is being able to

14:26 differentiate and securely keep your

14:28 keys away from your

14:30 server layer, where your application resides.

14:34 In the event that somebody gets access to your server environment,

14:40 where your application logic is, at least

14:42 if your keys are separate 

14:45 they can't get even though.

14:47 They might get access to the data,

14:49 they can't imitate you on the network

14:52 and pretend to be you,

14:53 and therefore access your funds. So

14:56 digging in a little bit about

14:58 how we utilize our integration

15:01 with the Luna HSM module.

15:03 It's really about improving your

15:05 identity on your network and an Ethereum blockchain network.

15:08 Your identity allows you to do a number

15:10 of things, so when you peer with

15:12 others as I said it's a distributed

15:14 technology, where we communicate and

15:16 shake hands when we

15:17 you know with each other, we identify

15:19 who we are. So just in real life when we

15:21 meet one another I say hi.

15:23 A layer of trust and you just trust me

15:25 that's my name that's my identity,

15:27 and in a blockchain network you use

15:29 these keys to identify who you are, 

15:31 when you meet other people on the network.

15:34 One of the other things you do

15:36 once you peer with other people,

15:38 when you do these transactions and

15:39 create these blocks

15:41 and find your name on the block and send

15:43 them across is you create these blocks,

15:46 you sign your name on it, using your key. You sign

15:50 the block that says, hey I produced this

15:52 block. Here's my copy of it. You validate

15:54 it against blocks that you have and make

15:57 sure they're identical that that we're

15:59 both speaking the same language. That

16:02 again is a critical component,

16:04 maintaining the governance of the

16:05 network is also important. In a permission chain,

16:09 these nodes which are

16:12 essentially the computers on the network

16:15 that run this application and maintain the network,

16:19 get to also say who is and isn't in a

16:22 permission network. If you and I

16:23 control the network

16:25 and somebody else wants to join, I have

16:27 to say yes, they can join it. You have to

16:29 say yes, they can join.

16:30 You can imagine what happened if

16:32 someone was imitating my identity,

16:34 they could obviously let others join the network

16:37 where we don't necessarily want them to.

16:40 All these kind of controls that are

16:43 in place you can see how

16:44 important it is to make sure your

16:46 cryptographic keys are securely stored away.

16:48 The value that we have with the Luna HSM

16:52 is that we can create the keys in the

16:53 HSM. They can stay in there and

16:55 they don't ever have to leave

16:57 the HSM.  When we want to create

16:59 a block we go and talk to the HSM and say hey,

17:02 I want to create a block. Use my

17:04 key to find this for me.

17:06 Then the HSM does that

17:08 and sends the signature back. We know

17:10 that the keys never

17:11 leave the module itself and any

17:13 communication we need to do, we do

17:15 directly and then send back.

17:17 I think the key here is that it's

17:19 not optional, it's not an exception, it's a rule.

17:22 What you've built here is the

17:24 integrity of that design and it

17:26 mandates that every single

17:28 transaction described has

17:30 a root of trust in that cryptographic

17:32 module. I think that's a key element

17:34 no pun intended,

17:36 that we find ourselves in, is this transparent operation

17:40 from a usability point of view.

17:43 One of the the value benefits is that this is all

17:46 running in the background, this

17:47 plumbing and wiring,

17:48 and the performance is not affected in

17:51 any shape or form. We're really glad

17:53 that we're working with you to make this

17:56 truly a win-win win situation

17:59 by using the elements within ConsenSys

18:01 and the value proposition of HSM technologies.

18:04 We've got a few couple more slides

18:06 here. Did you want to

18:08 walk us through some of

18:10 the resources that are available

18:12 to our listeners today and what they

18:15 could learn by going to your website or

18:17 some of the documents? 

18:19 Definitely.

18:22 There's obviously tons of

18:23 material available out there if you want

18:25 to learn more about both Thales and

18:27 ConsenSys Quorum,

18:28 and what we do and our integration with

18:31 the Luna HSM. Reach out, our

18:34 contact details are there, if you want to

18:36 talk a little bit more

18:37 and dig into some of the more

18:38 technicalities. We're more than happy to

18:41 do that, but as I said we found that

18:43 this is a key component for networks

18:46 that are moving into production.

18:47 While we're in kind of POC and

18:49 testing phase, those kind of security elements don't

18:52 necessarily come into where they're

18:54 they're not top of mind and

18:55 the application logic seems to be top of

18:57 mind for most of our customers.

18:59 As projects move through

19:00 pre-production and getting into production,

19:02 the Luna HSM requirements are paramount.

19:08 It is definitely a hard requirement. Any customer that we

19:12 speak to definitely has those requirements and

19:15 this is part of the the fact that we've worked together.

19:20 Please reach out if you

19:22 have any questions and happy to talk a

19:24 little bit more about this.

19:26 We've got the the data sheet elements available

19:30 and from a resource point of view on

19:32 on the slide, there you can reach

19:33 you can reach out to myself or Arash if

19:35 you have any questions.

19:36 I'm just going to end the slides here

19:38 and put our talking heads back up on the

19:40 screen if people forgotten what we might look like

19:42 or sound like.

19:44 Arash, I just wanted to say thanks very

19:46 much. We're very excited to be working with ConsenSys,

19:48 and appreciate you walking us

19:50 through the technology stack.

19:52 If there's anything that you'd like to

19:56 add at a later date by all means.

19:59 We're looking forward to working with

20:00 you and evolving as your technology evolves with us. 

20:04 Thanks again for all of your input

20:06 and working with us on the

20:08 TalkingTrust Webinar Series and again,

20:11 we look forward to working with

20:12 you it's been fun. Thanks Blair. 

20:14 Thanks for having me.

20:15 You're welcome.

Bringing Trust to Blockchain with Thales HSM and SAS Solutions - Solution Brief

Bringing Trust to Blockchain with Thales HSM and SAS Solutions - Solution Brief

Blockchain is one of those industry buzzwords that you seem to hear everywhere, but what exactly is it and can you trust it? For the most part, enterprises are implementing blockchain without truly understanding its purpose, and as much as 90% of enterprise blockchain projects...

Luna Network HSM - Product Brief

Luna Network HSM - Product Brief

Secure your sensitive data and critical applications by storing, protecting and managing your cryptographic keys in Thales Luna Network Hardware Security Modules (HSMs) - high-assurance, tamper-resistant, network-attached appliances offering market-leading performance and...

ConsenSys Quorum

ConsenSys Quorum Documentation & Downloads

ConsenSys Quorum is an open-source protocol layer that provides developers with the flexibility and reliability needed to make their blockchain applications successful. ConsenSys Quorum comprises a suite of configurable components and APIs, enabling you to customize your use case and production environment.

ConsenSys Quorum

ConsenSys Newsletter

ConsenSys Quorum enables enterprises to leverage Ethereum for their high-value blockchain applications. Businesses can rely on the Quorum open-source protocol layer and integrate on top of it product modules from ConsenSys, other companies, or your own in-house development team to build high-performance, customizable applications.