How to Integrate with the Blockchain Securely

So you’ve decided to integrate your product with the blockchain? Maybe you’re an indy game developer incorporating NFTs into your product design. Maybe you’re responsible for a complex multi-step supply-chain-management system begging for immutability and decentralization. Whatever it is, you’re looking into how to integrate with a blockchain securely. To understand how to create a secure solution, we first need to understand the risks.


Doing It Yourself

When integrating with the blockchain, your main security concern will be how to manage your cryptographic keys. Your keys are what identify your company to the blockchain. They are similar to a password in that whoever knows the key can act on your behalf. They are different from passwords in that they cannot be recovered if you forget them, and they cannot be changed.


Unforgettable

Your first step, then, is designing a system which will protect against ever losing the key. Simply memorizing the key is not enough, because the key must be available to your application environment so that it can act on your behalf. The consequences of losing the key are severe. You will never again be able to access the assets associated with it, or act in the name of your company the public has come to associate with the key. The standard way to approach this problem is through redundancy.


Basically, whatever infrastructure stores these keys, you must have duplicate copies of that infrastructure. For example, if you deploy this application to an AWS datacenter, you must be sure to deploy a copy of the application to other datacenters which are geographically separated to avoid catastrophes like floods, fires, and other acts of God. This ensures that if any datacenter is destroyed, you can recover the keys from another one. You have redundancy.


Unchangeable

Now that you understand the value of redundancy, we move on to considering the fact that keys can never be changed. Why does this matter? Well, what happens if another person gets ahold of your key? In this scenario, that agent can now act as if they are your company. They could drain your system of funds, redirect funds to themselves, perform actions in the name of your company, and a host of other undesirable activities.


It is obvious, then, that you must prevent any hostile actor from gaining access to your keys. You might think that deploying your application to a cloud service provider like AWS should protect you from this. After all, keys are like passwords, and most applications deployed to cloud providers involve passwords. The difference is that passwords can be changed. Keys cannot. You cannot deploy your application to AWS or its competitors because the engineers at those companies can access your system. What happens when a disgruntled employee realizes they have access to a key securing millions or even billions of dollars in value? This is not a risk you want to take.


The solution is to deploy your application to systems which you yourself control. You must own your own hardware and deploy it to physical space which you control. You will need to hire engineers to build and maintain this hardware.


The Full Picture

Now that you understand that keys are unforgettable and unchangeable, we will describe the system you must construct.


We said above you must deploy your keys to systems you physically control. Now, in order to guard against internal threats, you must separate those systems into multiple zones, each of which contain a fraction of a key. Engineers can only access a single zone, thus preventing a rogue internal engineer from using the keys maliciously. So you have now created at least two zones each requiring hardware and dedicated engineers which do not overlap.


These zones require redundancy, as you learned above. So these complex multi-zone systems must now have multiple full copies deployed in geographically distributed locations. This means even more hardware, even more space, and even more engineers to watch over them.


In the end you will have a small army of engineers dedicated to maintaining these systems, and you will have to come up with a solution for managing them and the physical infrastructure remotely.


Here is a diagram to help understand the system we describe:




Using Blockery

Blockery understands the concerns we enumerate above. Our system provides the security we describe, and much more. Blockchain is our core competency. We offer our platform to your company who wishes to integrate with the blockchain. This eliminates the need for you to manage these concerns.


With Blockery you get much more than security. You get a system which saves you money, increases the velocity of your development team, and does it all at high scale and high assurance. Explore blockery.io to find out more, or schedule a call with a sales engineer to discuss implementing blockery in your organization.


29 views0 comments

Recent Posts

See All

Many companies recognize value in blockchain technology. Features like immutability and decentralization are attractive features for many products. Once a company has decided they have interest in fea

There are a few important features which blockchain technology can bring to your product Decentralization Immutability Immortality Open Source Philosophy These features can enable your company to buil