blockchain

The Pathway to Secure Remote Voting

A recent Senate memo released this week offered a peek into the US government’s efforts to leverage blockchain technology, with security as a core focus. The memo was drafted for a roundtable aimed at exploring the “Continuity of Senate Operations and Remote Voting in Times of Crisis.”

It outlines COVID-19’s impact on the ability of the Senate to congregate and vote on new and upcoming legislation, forcing Congress to rethink its operations as in-person meetings become obsolete.

Join Hub Security’s CPO Ido Helshtock online this Thursday, May 14th to discuss Secure Remote Access in time of COVID-19 on OurCrowd webinar Cybersecurity and Insecurity.

According to the memo, any solution worth exploring will have to prove its authentication and encryption abilities. As blockchain, or distributed ledger technology, offers both transparency and encryption as benefits, it is being explored as an ideal solution.

It noted, “With its encrypted distributed ledger, blockchain can both transmit a vote securely and also verify the correct vote. Some have argued that these attributes make blockchain useful for electronic voting broadly. Blockchain can provide a secure and transparent environment for transactions and a tamper-free electronic record of all the votes.”

In fact, blockchain voting has already been creating waves and changing elections. Overseas military from West Virginia, USA for example can already vote in their local elections using just their mobile phones. A combination of encryption and blockchain registry then tallies their votes. 

Other countries like Brazil, Denmark, South Korea, and Switzerland have also already begun looking into ways blockchain voting can be used. But by far, Estonia is leading the way. Their citizens each hold unique ID cards that allow them to vote on the blockchain both quickly and securely.

Despite the many benefits, the Senate still has reservations regarding the use of blockchain –– as it should. The biggest concern outlined in the memo is that the network supporting the voting infrastructure could fall into the wrong hands. Since the Senate is a relatively small entity, any blockchain network used must be able to eliminate the threat of a 51% attack.

A federal government report released in 2019 on secure online voting concluded that blockchain had not yet succeeded in resolving key security issues inherent in any internet-based voting system. The recently released memo cited similar concerns, such as “…possible vulnerabilities from cryptographic flaws and software bugs.”

Many startups including Votem, Voatz, Follow My Vote, Boulé, Democracy Earth and Agora have already begun developing and promoting blockchain-based voting systems. Many of them believe blockchain could be as big a deal in voting as advocates expect it to be in shipping, money transfers, and property records.

But technology and security experts alike seem to think otherwise. “We range from being skeptical to very skeptical about it,” said Maurice Turner, senior technologist at the Center for Democracy and Technology.

But one promising solution could come from somewhere unexpected –– the cryptosphere. Cryptocurrencies like Bitcoin have seen their fair share of hacking attempts, with millions already exploited by hacking entities that lurk on the dark web.

Hub Security, a Tel-Aviv based cybersecurity firm, is now looking to share their cryptographic technology with the Senate, and the rest of the world. Their promise: a military-grade, highly-secure voting environment for both citizens and parliamentary members alike. 

Designed for FIPS 140-2 level 4 certification, Hub’s miniHSM device would allow voters to participate in the electoral process while remaining 100% isolated from local network connections. The HSM’s unique cryptographic architecture eliminates any cyber and privacy threats from the internet, home computer or mobile device, making blockchain voting for the first time a viable option.

Whether the future of voting remains paper-based or takes on a new evolution of cryptography, elections must go on and both citizens and congressional leaders must continue to explore solutions for maintaining the engine of democracy during COVID-19 –– our voting systems.

Deutsche Banken erweitern Krypto-Serviceangebote nach neuem Recht

Die 5. EU-Geldwäscherichtlinie ist am 1. Januar 2020 in Kraft getreten und baut auf die 4. EU-Geldwäscherichtlinie auf. Unter anderem nimmt sie nun auch Anbieter von Kryptowährungen in die Pflicht. Das Gesetz bezieht EU-weit Verkauf und Verwaltung von Bitcoin und anderen Kryptowährungen mit ein.

Die Erweiterung erlaubt Banken, Bitcoin oder Ethereum wie Wert- oder Pfandbriefe zu behandeln. So können dem Kunden alle damit verbundenen Finanztechnologien angeboten werden. Bis jetzt hat nahezu kein einziges deutsches Geldinstitut virtuelle Währungen im Programm – doch das wird sich nun im Zuge des neuen Gesetzes ändern.

Bei der Bundesanstalt für Finanzdienstleistungsaufsicht BaFin sind bereits 40 Anfragen von Banken für die Genehmigung von Krypto-Custody-Lizenzen eingegangen.

Eines der ersten Geldinstitute, das Dienstleistungen im Bereich der Kryptowährungen anbietet, ist die Solarisbank aus Berlin. Sie hat im Dezember vergangenen Jahres die Tochter Solaris Digital Assets gegründet, um sich dem digitalen Anlagenmarkt anzunehmen. Solarisbank ist im Besitz einer vollen Banklizenz und hat ihre Dienste bereits in der Vergangenheit zahlreichen deutschen FinTech-Startups angeboten.

“Digitale Vermögenswerte werden den Finanzmarkt grundlegend ändern” sagt Michael Offermann, geschäftsführender Direktor für Kryptobanking bei Solarisbank. “Sobald Kauf und Verwahrung von Bitcoin einfacher werden, erwarten wir einen starken Zuwachs.”

Der Blockchain-Wert der Industrie knackt Schätzungen zufolge 2023 die 23 Milliarden-Dollar-Marke. Blockchainbasierte Dienste werden also allgegenwärtig sein. Doch das Wachstum der Industrie bringt auch Gefahren mit sich. (-mehr)

Die inhärenten Sicherheitsvorkehrungen von Blockchains können Angriffe auf DLT-Transaktionen abwehren, machen sie jedoch nicht immun. Tatsächlich hat die Distributed-Ledger-Technologie mit Gefahren zu kämpfen, die zentralen Datenbanken fremd sind. Die Liste der Anbieter von Blockchain-Technik, die Opfer von Hackerangriffen geworden sind, wird immer länger.

Während manche Experten die Öffentlichkeit immer wieder daran erinnern, dass DLT gegenwärtigen Datensicherheitslösungen weit voraus ist, glauben andere wiederum, Firmen sollten extra Maßnahmen zur ausreichenden Sicherung ihrer digitalen Vermögenswerte ergreifen. Mit wachsenden Nutzerzahlen von Blockchain- und DLT-basierten Technologien im Regierungs- und Wirtschaftssektor wächst das Bedürfnis, die mit ihrer Nutzung verbundenen Risiken zu diskutieren.

Die zahlreichen Cyberbedrohungen von heute machen Banken zu beliebten Zielen von Cyberattacken wie Credential Stuffing , Phishing und Ransomware. Die gute Nachricht dabei ist, dass bereits bewährte Schritte unternommen werden können, um digitale Vermögenswerte zu sichern.

1. Cloud Security auswerten

Banken können den momentanen Sicherheitszustand der Cloud mit Sicherheitsmaßstäben, best practices und Regelkonformität vergleichen.

2. Cloud Security überwachen

Banken können mithilfe eines Risiko-Management-Tools die Gefahrenerkennung automatisieren – so werden potentielle Gefahren angegangen, bevor sie zum Problem werden.

3. Strenge Richtlinien für das Zugangsmanagement

Banken können sich vor internen Gefahren schützen, indem sie nur denjenigen Mitarbeitern Zugangsrechte garantieren, die sie wirklich brauchen. 

4. Disaster-Recovery-Lösungen

Mit dem richtigen Plan in der Hinterhand können Banken Datenverlust verhindern und die Ausfallzeit nach einer Störung minimieren. Das kann natürlich nur funktionieren, wenn regelmäßige und zahlreiche Backups durchgeführt werden.

5. Daten kryptographisch verschlüsseln

Kryptographische Verschlüsselungen und Sicherung der kryptographischen Schlüssel mit HSM sorgen dafür, dass sensible digitale Vermögenswerte immer geschützt sind – selbst im Falle einer Gefährdung der IT-Struktur einer Bank.

Learn more on digital assets, compliance and cyber security from our experts

Webinar Video: STO lifecycle and Cyber Security

webinar with our partners at Tokensoft to educate about regulated tokens, blockchain compliance and security.

Tokensoft Partners with Ex-military Cyber firm Hub Security to Provide Ultra-secure Token Platform HSM

Covid-19 prevents people from coming to work and operating the on-premise security systems that controls large amounts of assets. Hub security enables to do that remotely with the same security standard

EY Launches Baseline Protocol, an Open Source Initiative for the Public Ethereum Blockchain

EY announced in early March the launch of its Baseline protocol project. The new initiative is a an open-sourced paackage of blockchain tools that will allow enterprises to build and deploy blockchain-based products securely and privately on the public Ethereum blockchain. The project is part of a joint effort between EY, ConsenSys and Microsoft.

The Baseline protocol leverages several technologies, including zero knowledge proofs, off-chain storage and distributed identity management so that enterprises can define and synchronize processes and agreements using common standards, with full privacy, and without storing sensitive business information on the blockchain itself.

“This initiative builds on that groundwork and starts filling in gaps such as enterprise directories and private business logic so enterprises will be able to run end-to-end processes like procurement with strong privacy,” said Paul Brody, EY Global Blockchain Leader.

The Baseline protocol will also support smart contracts and industry-wide tokenization standards. In doing so, they will enable an ecosystem of interoperable business services. Key process outputs like purchase orders and receivables are tokenized and integrated into the decentralized finance (DeFi) ecosystem.

The initial release of the Baseline protocol includes the process design and key components to enable volume purchase agreements and lays the groundwork for blockchain applications that link supply chain traceability with commerce and financial services.

“With the Baseline protocol, we are developing enterprise processes that are ecosystem ready because they are being built in a truly blockchain-native manner. When delivered on the public Ethereum network, this will drive adoption and the whole ecosystem,” said Yorke Rhodes, Principal Program Manager of Blockchain at Microsoft.

By supporting smart contracts and tokenization, as well as integrating into a DeFi ecosystem, enterprises will have access to an extensive toolbox of resources with which to research and develop blockchain solutions. The protocol enables confidential and complex collaboration between companies and enterprises without leaving sensitive data on-chain.

4 Blockchain Security Risks To Consider Before Building a Blockchain-based Solution

With the blockchain industry’s value estimated to hit $23B by 2023, it’s hard to keep track of the amount of blockchain-based solutions launching each month. As the industry grows though, so does its risks. While the security features inherent in blockchains make DLT resistant to attack, they do not make it immune. In fact, DLT technology is subject to a number of issues that centralized databases are not.

The growing list of blockchain technology providers who have become victims of malicious hacks and attacks is starting to make many wonder if blockchain is really as secure as it’s made out to be. While industry experts continue to remind the public that DLT technology is eons beyond current data security solutions, many still believe companies should take extra precautions when safeguarding their data –– especially on the cloud.

As more governmental, industrial, and commercial sectors adopt the use of blockchain and DLT-based technology, there’s a growing need for discussion. Below are some points to consider which also serve as a means to raise awareness of the risks still associated with the use of blockchain and Distributed Ledger Technology.

Blockchain Security Risks

1. Endpoint Vulnerabilities

One of the most common points of vulnerability with DLT technology is actually outside of the blockchain. Endpoint vulnerabilities are critical because of where they take place: at the time and place humans and blockchains meet. Simply put, an endpoint could be anywhere an individual is using to access sensitive data such as the computer of a bank employee.

Since most hackers know there’s no use in attempting to guess a user’s keys, they spend a lot of time trying to steal them. The best chance of obtaining keys is to attack the weakest point in the entire system, a personal computer or mobile device.

The process of accessing the blockchain in order to receive that data is what makes endpoints so vulnerable. Endpoints provide malicious attackers the opportunity they need to get nasty code in or out. Once a device is exploited, hackers can piggyback off the credentials of high-access users in order to do the most amount of damage.

2. Vendors

As DLT adoption continues to grow, many look to new solutions to provide them with the security and protection DLT technology promises. But while many new products continue to grow, it also creates another security vertical of great concern: vendor risks. Often, companies looking to deploy 3rd-party blockchain apps and platforms are not aware of the security risks associated with faulty and exposed vendors.

It’s not uncommon for vendor solutions to have limited focus on security measures with weak security controls on their own systems, flawed code, and even personnel vulnerabilities that can easily expose their clients’ blockchain credentials to unauthorized users. This threat is especially relevant when discussing products that involve the use of smart contracts. Since an organization’s entire operation and policies can be housed as a smart contract on a blockchain, a vulnerability of this magnitude has the potential to be catastrophic.

3. Untested Code

While Bitcoin has been around awhile, blockchain technology is still considered highly experimental. While we still don’t know the full scale of what’s possible ––– security experts can agree on one thing: every new blockchain product that leverages DLT technology must undergo vigorous testing before being released to the public. While some DLT projects are tempted to launch their half-heartedly tested code on live blockchains, the cyber risks can be damaging and long-lasting.

As new technologies enter the market, developers are incentivized to be first or early with the release of applications, often at the risk of deploying insufficiently tested code on live blockchains. Given the decentralized model of many blockchain solutions, the risks are often greater due to the irreversibility of the technology.

4. The On-ramp 

The on-ramp of digital assets is one of the most critically exposed points in the development of a blockchain-based solution. More specifically, how are the assets and information securely signed on to a blockchain? This all comes down to the private keys used to sign and encrypt blockchain transactions. If someone gets ahold of the keys, the entire downstream blockchain-based solution is corrupted.

Not only is protecting these keys critical but also ensuring they’re used safely, e.g. not exposed by software when used to sign a transaction. Additionally, the process of approval for using the keys must be protected –– otherwise, someone can hack or impersonate an approver and sign a malicious transaction. And of course, this element of your blockchain solution needs to be considered from the start, or else it will likely prevent or slow down a successful transition into production.

Looking Forward

Adopting new technologies always comes with the fear of the unknown. While blockchain-based solutions continue to provide customers with high levels of security and transparency, the onus falls on product designers to begin considering security from day one. From design to development, every step in the product development cycle is crucial to ensuring products are safe, reliable and secure for consumer use.

What Blockchain-based Projects Need to Consider Before Writing a Single Line of Code

With the explosion of distributed ledger technology (DLT) as a safe and secure solution for transparently handling and sharing information across organizations, many businesses are jumping on the DLT bandwagon. Proponents of the distributed ledger technology known as blockchain consider it to be one of the best ways to secure transactions.

But while blockchains have many desirable features, such as transaction efficiency, there are still other conditions and requirements to consider when leveraging blockchain technology for business. The publication of DTCC’s most recent paper on the matter outlines key risks associated with the use of the nascent technology and an acknowledgment of the many security risks still associated with its use for both small businesses and enterprises alike.

“With the adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets,” said Stephen Scharf, Chief Security Officer at DTCC.

With hundreds of new blockchain-based products released each year, many of today’s development teams don’t consider the security risks associated with the use of DLT early enough on in the project development cycle. Infosec usually isn’t on every founder’s mind when they start projects, especially when it comes to pilots. Once things are in the air, often they are forced to take a few steps back once they realize they hadn’t considered security performance and infrastructure from the get-go. Interestingly, the same is often true for blockchain vendors who are in a rush to get their products deployed.

The fact of the matter is, most don’t consider the fact that all blockchains aren’t created equal. It’s important for businesses to be aware of this fact when evaluating whether the technology they’ve chosen will have the proper security measures they require –– both internal and regulatory.

For fintech solutions looking to meet security regulation standards, opting for a simple cloud-based solution often can do more harm than good. Trusting cloud providers can be risky business –– or better yet, a major risk for your business. However you choose to look at it, while many cloud providers promise to keep highly sensitive data secure many also fail to do so as the recent WSJ’s Cloud Hopper investigation revealed.

When establishing a private blockchain, businesses must consider the best platform for deployment. While blockchain has inherent properties that provide security, known vulnerabilities in any infrastructure can be manipulated by those looking to get their hands on yours or your customer’s data.

Ideally, you should have an infrastructure with integrated security that can:

  • Prevent even root users and administrators from accessing privileged information.
  • Prevent illegitimate attempts to change data or applications within the network.
  • Protect encryption keys using the highest-grade security standards.

Considering these capabilities before developing your DLT-based solution will ensure your blockchain network has the added protection it needs to prevent attacks from both within and without.


Learn more on Hub Security blockchain protection

What Is Public Key Infrastructure (PKI)?


Encryption requires high levels of cryptography and secrecy. Often encryption aids in the transfer of data from one point to another, safeguarding the data lest it is intercepted or falls into the wrong hands.

Encryption is most commonly used on documents and messages before they’re transmitted, but if the recipient of the information cannot verify its source or the identity of the sender, the authenticity of the information may not be trustworthy.

This is the primary reason for the use of keys when decrypting data. Keys are shared between the sender and receiver of encrypted communications and verified by digital certificates in order to establish the integrity of any incoming information.

In the world of data encryption and decryption, there are typically two kinds of keys, private keys, and public keys. Private keys are when both the sender and recipient of the information have an identical key that allows for the translation of the incoming data. In cases of private keys, both parties must make efforts to keep the key secret and safeguarded –– which can become challenging when more than two keys are involved.

That’s where public keys come in useful. Used more often today, public keys can be used to encode information and a private key is required to decrypt it. A good example of this would be credit card usage. While a credit card company may provide an authorization device with a key that is readily available, customers must input a pin that allows the machine to decrypt their information, making the sharing of sensitive financial data more regulated and secure.

Public keys are the basis for a Public Key Infrastructure when decrypting highly-sensitive data. PKIs enable the use of digital signatures and encryption across large user sets. The Public Key Infrastructure (PKI) is the set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public-keys.

Often they help establish the identity of people and devices, enabling controlled access to systems and resources, protecting data and authenticating transactions. Many of today’s emerging technologies, especially within the fintech space, are becoming more and more reliant on PKI technology to guarantee security and protection of sensitive data.

40 German Banks Apply to Offer Bitcoin and Ethereum Services

The Fifth European Money Laundering directive came into effect January 1st, which updates a fourth EU Money Laundering Directive to include crypto services. The law would allow for the sale and custody of Bitcoin and other cryptocurrencies across the EU, including Germany.

China’s Central Bank Gets One Step Closer to Launching Its Digital Currency

The People’s Bank of China (PBoC) announced last week that the top-level design of its digital currency is finally complete. The digital currency’s next step is to “follow the principles of stability, security, and control,” said Mu Changchun, head of the digital currency research institute at the PBoC.

Telefonica Pilots Telecom Blockchain Access with 8,000 Spanish Firms

The Spanish telecommunications giant Telefonica recently reported it will launch a new partnership with the local Association of Science and Technology Parks (APTE) to grant 8,000 Spanish firms access to its blockchain.

Turkish Bank Launches Blockchain Platform for Digital Gold Transfers

Turkey’s Takasbank announced the release of its blockchain-based gold-backed transfer system Dec. 30th. Developed by the Istanbul Clearing, Settlement and Custody Bank, the BiGA Digital Gold trading platform provides banks with a blockchain-based system for the issuance, repayment, and transfer of digitized gold.

Illinois Legalizes Smart Contracts and Other Blockchain-based Records

As of January 1st, Illinois’s Blockchain Technology Act took effect, opening the door for the legal use of blockchain-based contracts.

FBI Warns Against IoT Vulnerabilities

In the not-that-unlikely chance a business’s network is compromised, their entire infrastructure is at risk of exploitation. Gaining access to high-risk digital assets can lead to devastating revenue damages –– which is nothing to take lightly.

CBDCs Are on the Rise, Are Banks Prepared?

As more investors and businesses turn to the tokenization of digital assets, there’s no stopping the inevitable rise of digital currencies worldwide.

EY Focuses on Blockchain Security with Launch of Smart Contract Analyzer

rnst & Young (EY) launched its token and smart contract review service. The tool will allow companies and individuals to evaluate smart contracts and tokens for known security risks.

State Street Turns to Tokenization in an Unguarded Digital Era

In a recent survey by the quantitative analysis firm Oxford Economics, 94 percent of State Street clients hold digital assets

Hub Security HSM & Mini-HSM Demo

Live HSM and minihsm video demo

December 2019 Newsletter – Subscribe!

Our December Newsletter is live! Subscribe to follow our product, updates, events and cyber security news.

Here are the highlights:

Blockchain & Key Management: Trending

With increasing movement towards blockchain platforms by banks and financial institutions, there is a rise in key management hacking. The Hub Security team weighs in:

Tamper Proof HSM – New Video!

Our latest product video is live! Watch our new self-destructing chip go up in flames when there is an attempt to tamper with it.

HUB’s APAC Team @ CyberTech Tokyo

Our APAC team, along with CEO Eyal Moshe, exhibited at CyberTech Tokyo, a great event and venue to meet new & existing clients. The energy on the floor was palpable as this space continues to heat up.
Meet us at CyberTech Tel-Aviv in Jan 2020!

We Are Hiring!

We are looking for a new PPC manager to join the team. Click for details.

Subscribe to our Newsletter for Hub updates, events and industry news!

To learn more on HUB Security solutions for digital assets and key management or submit details below.





Request a Demo









Digital Asset Alert: HK SFC Issues New Regulations

The Hong Kong Securities and Futures Commission (SFC) issued a position paper Nov. 6th defining a new regulatory framework for virtual asset trading platforms. In it, they outlined the parameters under which VSTs would be eligible to apply for a license from the SFC. Virtual asset trading platforms are platforms that offering trading of security tokens.

A virtual asset is a digital representation of value. Also known as a cryptocurrency, a crypto-asset or a digital token, the estimated total market value of virtual assets is now between $200-300 billion. As of November 2019, there are over 3,000 digital tokens and 200 virtual asset trading platforms.

Now the SFC adopted a new set of regulatory standards for virtual asset trading platforms similar to those applicable to licensed securities brokers and automated trading venues. The standards were passed in order to address key regulatory concerns surrounding the tokenization of digital assets. Of primary concern to regulators are the safe protection of assets, KYC requirements, anti-money laundering, and terrorism counter-financing.

Photo – Rikki Chan

According to the position paper released this month, the SFC will only grant licenses to platforms that are capable of meeting the standards outlined by their committee. While enthusiasm for ICOs waned throughout 2019, other forms of virtual asset fundraising hold continued buzz. Securities such as STOs are typically structured to provide the same features as traditional securities, but also involve digital proof of asset ownership using blockchain technology.

“Regulators need to be open to the benefits of innovation, but they should also be ready to tackle the risks to investors which some financial technologies give rise to,” said Mr. Ashley Alder, the SFC’s Chief Executive Officer.

As part of the newly announced regulations, the SFC also made it clear that virtual assets traded on licensed platforms will not require compliance with the same set of financial regulations as traditional security offerings.

Additionally, the SFC issued a warning to investors regarding the high risks associated with purchasing virtual asset futures contracts, citing their unregulated nature and security vulnerabilities. While this warning served largely as a side note to the excitement surrounding the announcement, investors and digital asset owners alike likely still have a long way to go before these concerns can be fully addressed and their digital assets safeguarded.

To learn more on HUB Security solutions for digital assets and key management or submit details below.

Request a Demo





Scroll to top

JOIN OUR NEWSLETTER

Keep up with cyber security news!