So you are running your system on Azure or AWS. Why not, it is easy and quick to get going. It is scalable thanks to the many servers available and the virtualization environment. What could go wrong?
Well, apparently a lot! A few months back several new vulnerabilities in such server architectures were found. Named Spectre and Meltdown, these flaws exist in almost any microprocessor. A skilled attacker can extract passwords and encryption keys on shared servers. Even worse, you do not need to be that skilled either, as example code is readily available. That means, when you run your blockchain system or any other software on Azure, AWS, or any shared server system, you are exposed!
Of course, Intel, AMD, Microsoft, and all others involved have promised to fix it. They released patches that slowed down the CPUs. However, researchers quickly realized, these patches and software fixes do not help. To really fix the problems, the hardware, i.e. the CPU, the underlying chip has to be fixed. And in chipland, this will take years and not just days!
Ok, I am a little privileged here, some 20 years ago I was a CPU designer at Intel. As such, over the last few months it was interesting to observe my former co-workers discussing these issues and problems in excruciating detail on Facebook. One of my buddies, Bharadwaj, even remembered that he filed a bug on some of these problems. They congratulated him on finding such an interesting corner case. The problem, however, was not fixed, but he was at least awarded a couple of movie tickets.
So, for now, you are exposed. Even in a couple years, when Spectre and Meltdown will really be fixed, you will have to worry what else has been buried in today’s CPUs. To be safe, you should operate on designated, unshared servers. In any case, you should always keep your passwords and encryption keys in a hardware security module (HSM) and never on the file system of the server. This, for example, can be in Securosys Primus HSM in your data center. Alternatively, you can also use the Securosys Clouds HSM, where you get the security and safety of an HSM as a service. In an HSM from Securosys, different to our competitors, there is never other external code running!
For really critical systems however, a trusted execution platform is the best solution. Based on our successful line of Primus HSM, Securosys will design such a system. With it, you can be sure that different programs running on the same system will not be able to access each other’s private information, key material, or passwords.
Robert Rogenmoser, CEO Securosys