Business & Finance Digital

IBM develops advancements in crypto security

  • December 30, 2023
  • 2 min read
IBM develops advancements in crypto security

IBM has announced the launch of a new cold storage solution for digital assets, IBM Hyper Protect Offline Signing Orchestrator (OSO). Working with digital assets manager Metaco, an IBM partner, and tier-1 banks, IBM developed the end-to-end asset encryption service to address common vulnerabilities usually associated with cold storage solutions.

“When it comes to offline or physically air-gapped cold storage,” the announcement said, “there are limitations, including privileged administrator access, operational costs and errors and the inability to truly scale. All these limitations are due to one underlying factor—human interaction.”

OSO was designed to address vulnerabilities. To that end, it removes the manual functions of initiating and conducting transactions. It works like a time-release safe that can’t be opened upon request, being configurable to only send transactions from cold storage to the blockchain and vice-versa, during specific times or only with the authorisation of a multibody governance scheme.

This hopes to prevent the most common forms of insider attacks, including physical access, administrative manipulation, and coercion attacks, according to the blog post and accompanying research. If someone were to find some way of accessing the system, either physically or remotely, they could only initiate a transaction during an approved time, and would be required to wait until any transaction was approved for execution if they hope to take any assets.

To help further strengthen OSO’s resistance to attack, digital assets can be placed in “air-gapped “storage containers. Storage is considered air-gapped if it is not connected to either the internet or any device that can connect to the internet. It guarantees that remote attacks are unable to gain access to any assets while they are at rest.

Any administrator managing cold storage solutions would need to hand carry physical storage devices, including USB drives and laptops, to offline hardware if they wish to sign any transactions. This manual process could introduce human error which could also be susceptible to attack.  

OSO implements a policy engine that is able to broker communication between different applications without connecting to both of them. As it works through a virtual and partitioned server through IBM’s Confidential Computing service, it has no direct external network connectivity. This would prevent human error from manual processes and remote access such as hacking. It even does so during transactions, ensuring its security.

About Author

Emma Trehane

Leave a Reply

Your email address will not be published. Required fields are marked *