Tokenization and why FIPS 140-2 Levels matter…

Within a permissioned blockchain transactions are validated and processed by participants that are already recognized by the ledger. Despite this being the case, there is still a the 800-lb gorilla in the room… The issue of trust. How can one ensure the blockchain is secure and trustworthy in order to avoid the impact of a cyberattack or hackers getting to your Tokens? The answer is by building security into your blockchain technology from the start, through strong authentication and cryptography key vaulting. As part of your quest to learn more about Securing your tokenized assets, you will very quickly get into Hardware Security Modules (HSM’s) and FIPS 140-2 Levels and how secure they are.

According to Wikipedia the FIPS 140-2 levelers are defined as:

FIPS 140-2 defines four levels of security, simply named “Level 1” to “Level 4”. It does not specify in detail what level of security is required by any particular application.

Level 3

In addition to the tamper-evident physical security mechanisms required at Security Level 2, Security Level 3 attempts to prevent the intruder from gaining access to CSPs held within the cryptographic module. Physical security mechanisms required at Security Level 3 are intended to have a high probabilityof detecting and responding to attempts at physical access, use or modification of the cryptographic module. The physical security mechanisms may include the use of strong enclosures and tamper-detection/response circuitry that zeroes all plaintext CSPs when the removable covers/doors of the cryptographic module are opened.

Level 4

Security Level 4 provides the highest level of security. At this security level, the physical security mechanisms provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access. Penetration of the cryptographic module enclosure from any direction has a very high probability of being detected, resulting in the immediate deletion of all plaintext CSPs.

Security Level 4 cryptographic modules are useful for operation in physically unprotected environments. Security Level 4 also protects a cryptographic module against a security compromise due to environmental conditions or fluctuations outside of the module’s normal operating ranges for voltage and temperature. Intentional excursions beyond the normal operating ranges may be used by an attacker to thwart a cryptographic module’s defenses. A cryptographic module is required to either include special environmental protection features designed to detect fluctuations and delete CSPs, or to undergo rigorous environmental failure testing to provide a reasonable assurance that the module will not be affected by fluctuations outside of the normal operating range in a manner that can compromise the security of the module.

Lets look at the areas I bolded:

Level 3 – words like: “attempts to prevent” and “may include the use of strong enclosures” – don’t know about you but words like “attempts to” and “may include” don’t inspire confidence, and they shouldn’t for you if you want secure Tokenized assets.

Level 4 – Now this is a whole different story, the phrases “highest level of security” and “complete envelope of protection” make me sleep at night… and they should for you too…

Where do I get a FIPS 140-2 Level 4 solution I hear you ask… well we got your back, look no further than IBM LinuxONE. Click here for more details. Or get in touch as I will be happy to walk you through IBM’s offerings in this space.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.