The banking industry is currently rolling out several permissioned blockchain projects.
These are still controlled projects, but so far they demonstrate how powerful a blockchain-enabled banking system could be with respect to gains in effectiveness, security, as well as creating a technical basis for new innovative business models in banking.
Many financial institutions are considering the creation of a global payment system using permissioned blockchain technology. This would allow for the pooling of resources, gaining market standing, but also achieving the critical mass needed for a blockchain network and to enable emergent network effects (e.g., for innovation), by creating many consortiums of banks and technology providers.
In what follows, we will see the different technologies used for using permissioned blockchain technology in the banking context.
The Blockchain concept works by creating a unique chain of blocks, with each one being “glued” to the next one by a digital signature system. In the context of the banking industry, this may allow checking the history of a digital value and its associated transaction records.
Blockchains prevent actively counterfeited transactions, fraud, and collusion between rogue actors and allow a better, faster, and more efficient Know-Your-Customer (KYC) process. For instance, such technology may also allow interaction with other blockchains like identity blockchains provided by the public sector.
Here is the main lifecycle of a transaction in a permissioned blockchain system:
Permissioned blockchains inherit security from a public network blockchain. A blockchain is formed block by block. Each block is concatenated to the blockchain after a consensus. The block of transactions is signed by the actors of the transactions and a timestamp is embedded in the block.
Here is a typical example of such a blockchain:
In a permissioned blockchain, the consensus is achieved via different techniques.
Technically, proof-of-work as in permissionless blockchains is possible but highly unlikely to be implemented. Also, it is not advisable, given the irresponsible consumption of energy and time. The permissioned blockchain concept has other possibilities of consensus, such as:
In the banking context, the consensus would generally be achieved via proof of validity and proof of uniqueness. For example, in a Corda banking application, this is achieved by running the smart contract code attached to a transaction, and by checking all the signatures.
Banking sector-based networks like the Corda network tend to use the notary concept to validate the correctness of a block. Notaries are dedicated nodes that are used for multi-signing. All actors are required to digitally sign the transactions. This provides non-repudiation, technical protection, and a high level of legal assertion. In general, security relies on a complex and well-designed PKI in permissioned networks.
A permissioned blockchain builds on authentication and identification, as a prerequisite to earn the permission to enter. To be granted the permissions required to operate over such a blockchain is always linked to entering a login and a password or performing a similar identification.
Multi-level conditional authorization can be maintained as well. The identification can be linked directly to the ownership of a private key. With financial and payment sector permissioned blockchain networks, banks are advised to use 2FA authentication and to link user accounts to all the same private keys to reach strong authentication.
In non-permissioned networks, all users have equal rights and authority. However, in permissioned networks, this is often not the case. Therefore, an attacker could attack the network by simply stealing credentials from authorized users of the blockchain and eventually gain control over it and rewrite transactions.
In the banking context, the security related to authorizing the access of the blockchain network must, therefore, be extremely strong. The whole architecture relies on banking-grade PKI. Banks need to provide a bulletproof PKI system to the participants of the permissioned blockchain.
To incorporate strong authentication and/or 2FA in a business solution, the secure management of cryptographic keys is critical for the effective use of cryptography. A cryptographic key has a lot of phases in its life cycle starting from the generation, storage, distribution, and destruction. Since the increase in deployment and evolution of cryptographic mechanisms implemented in blockchains and hence decentralized architectures, effective key management is challenging.
Regulating bodies in the financial market mandate the use of certified HSMs and Key Management solutions.
Choosing an HSM and Key Management System, compliance is required with one or several of the following standards (depending on the context of implementation and the area of jurisdiction):
If the blockchain uses eIDAS compliant signatures to benefit from its legal assertion and non-repudiation, the HSM and key management system should also be compliant to the
It is highly recommended to use HSMs that have earned globally recognized certifications and implement standard/best practices.
Blockchain technology is very attractive to the banking sector. It promises gains in efficiency and effectiveness, increases in security and profitability, and acts as an accelerator in innovation. Nevertheless, additional security measures must be taken, when compared to a public blockchain system, such as running banking-grade strong authentication infrastructures and making sure the cryptographic operations and the associated private keys are handled in secure HSMs possessing and globally recognized standards / certifications.
We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.
Subscribe now