Air-Gapped profile Transaction Security Broker (TSB)
This section requires prior knowledge of the Transaction Security Broker (TSB) and its various components. We highly suggest reading through the TSB documentation Transaction Security Broker - Introduction.
Modern financial and digital asset systems require granular access controls for transaction authorization. These controls often involve group-based permissions, quorum approvals, time-based constraints, or combinations thereof. Securosys Smart Key Attributes (SKA) enable enforcement of such advanced authorization policies.
Due to critical incidents, such as a major blockchain transaction being improperly executed directly from cold storage1, organizations are adopting stricter security postures. This includes isolating their cryptographic keys within Hardware Security Modules (HSMs) located in air-gapped environments.
In such deployments, HSMs are physically disconnected from external networks and cannot directly communicate with the TSB or business applications. As a result, transaction approval must occur in person, requiring physical access to the HSM environment.
To support such use cases, the "Air-Gapped" Profile TSB was developed.
How it Works
The "Air-Gapped" Profile TSB collects the requests from the business application and creates approval tasks for the Approvers to fetch and authorize. The multi authorizations are collected and staged for the export of the transactions to be later transported to the offline environment where the transaction can be signed.
It's deployment is the same as with "Local" Profile TSB, albeit with the small change of a parameter in the application-air-gapped.yml configuration file.
With it it's possible to build a workflow engine that works in your online environment, without a direct connection to the HSM, while the HSM can remain in the offline environment. With the SKA policy implemented on the HSM these approvals are required for the HSM to either deny or approve the SKA policy and sign. Due to this there is a requirement to carry the approvals to the offline environment.
Capabilities
The "Air-Gapped" Profile TSB retains the core workflow engine of a standard TSB instance. Same as the standard TSB, the "Air-Gapped" Profile TSB does not contain any cryptographic material. It supports the following request types.
Cryptographic operation requests:
- Sign (
/v1/sign), - Modify (
/v1/modify).
Request lifecycle management:
- View, enumerate, and manage existing requests (
/v1/request,/v1/request/{id})
Service information requests:
- TSB version (
/v1/versionInfo) Approval task operations: - Retrieve approval tasks (
/v1/filteredSignApprovalTask,/v1/filteredModifyKeyApprovalTask,/v1/filteredAllApprovalTask) - Submit approvals (
/v1/approval) - Delete completed or obsolete tasks (
/v1/task)
What's next?
- An introduction to Smart Key Attributes is provided under What are Smart Key Attributes?
- Creating a Policy enabled key is provided under TSB - Create Key with Policy
- Follow the Installation guide for a step by step procedure on how to setup and configure the "Air-Gapped" Profile TSB.
- View the example Workflow for a detailed explanation of the process of a signing request.
Footnotes
-
Cold Storage: Normally "cold" in Blockchain and Cryptocurrency circles means a device or asset is not connected to any network and is physically protected behind high levels of security. Any interaction with the cold storage requires a person to be physically present. ↩