Air-Gapped profile Transaction Security Broker (TSB)
This section requires prior knowledge of the Transaction Security Broker (TSB) and its various components. We highly suggest reading through the TSB documentation Transaction Security Broker - Introduction.
Modern financial and digital asset systems require granular access controls for transaction authorization. These controls often involve group-based permissions, quorum approvals, time-based constraints, or combinations thereof. Securosys Smart Key Attributes (SKA) enable enforcement of such advanced authorization policies.
Due to critical incidents, such as a major blockchain transactions being mistakenly executed directly from cold storage1, organizations are adopting stricter security postures. This includes isolating their cryptographic keys within Hardware Security Modules (HSMs) located in air-gapped environments[^2].
In such deployments, HSMs are physically disconnected from external networks and cannot directly communicate with the TSB or business applications. As a result, transaction approval must occur in person, requiring physical access to the HSM environment.
To support such use cases, the "Air-Gapped" Profile TSB was developed.
[^2] An air-gapped environment is a physically isolated system or network that is completely disconnected from external networks like the internet, with strict physical security controls to prevent unauthorized access.
How it Works
The "Air-Gapped" Profile TSB collects the requests from the business application and creates approval tasks for the Approvers to fetch and authorize. The multi authorizations are collected and staged for the export of the transactions to be later transported to the offline environment where the transaction can be signed.
It's deployment is the same as with "Local" Profile TSB, albeit with the small change of a parameter in the
application-air-gapped.yml
configuration file.
With the "Air-Gapped" Profile TSB it's possible to build a workflow engine that works in your online environment, without a direct connection to the HSM, while the HSM can remain in the offline environment. With the SKA policy implemented on the HSM these approvals are required to be either denied or approved by the SKA policy and signed. Due to this workflow there is a requirement to carry the approvals to the offline environment.
Capabilities
The "Air-Gapped" Profile TSB retains the core workflow engine of a standard TSB instance. Same as the standard TSB, the "Air-Gapped" Profile TSB does not contain any cryptographic material. It supports the following request types.
Cryptographic operation requests:
- Sign (
POST /v1/sign
), - Modify (
POST /v1/modify
).
Request operations:
Get existing requests
- Get all requests (
GET /v1/request
) - Get a specific request by id (
GET /v1/request/{id}
) - Get a specific request and generate the output as QR code (
GET /v1/request/qrCode/{id}
)
Delete existing requests
- Delete all requests (
DELETE /v1/request
) - Delete a specific request by id (
DELETE /v1/request/{id}
)
Service information requests:
- TSB version (
GET /v1/versionInfo
) Approval task operations: - Retrieve approval tasks (
POST /v1/filteredSignApprovalTask
,POST /v1/filteredModifyKeyApprovalTask
,POST /v1/filteredAllApprovalTask
) - Submit approvals (
POST /v1/approval
) - Delete completed or obsolete tasks (
PATCH /v1/task
) - Insert results back into TSB (
PUT /v1/resultFromOfflineHsm
)
What's next?
- An introduction to Smart Key Attributes
- Creating a Policy enabled key is provided under TSB - Create Key with Policy
- Follow the Installation guide for a step by step procedure on how to setup and configure the "Air-Gapped" Profile TSB.
- View the example Workflow for a detailed explanation of the process of a signing request.
Footnotes
-
Cold Storage: Normally "cold" in Blockchain and Cryptocurrency circles means a device or asset is not connected to any network and is physically protected behind high levels of security. Any interaction with the cold storage requires a person to be physically present. ↩