In this article, we shall explain the main benefits of using HSMs in combination with notary services/ TSA for auditing blockchains. Our intent is to provide only the main ideas and guidelines about the subject.
Trusted Timestamping & TSA Definition
Trusted timestamping consists of the process of keeping track of the creation and modification time of a transaction (or any other type of data) in a secure way. A secure timestamp is such that no one may be able to modify it once it has been created without destroying the integrity of the timestamp.
Trusted timestamping must offer an irrefragable proof that a given transaction has been performed at a given date. It is used especially for ledgers and accountancy purposes in financial systems.
TSA and Notaries in Permissioned Blockchains
Blockchains create de facto decentralised timestamps. The core principle of the consensus defined by the original blockchains was to prevent using a timestamp media server  to provide trusted timestamping.
With the recent rise of permissioned blockchain and the fact that consensus is usually performed by timestamping authorities (TSA), for example, the abstract blockchain, Corda-like notary services, the idea of using some additional trusted media to publish the timestamps have been re-introduced.
Auditing in Blockchain
Blockchains have many functions and features that facilitate auditing but the blockchain in itself isn’t an audit system. It is possible for an auditing system (usually automated) to check the validity of invoices by performing cryptographic operations (usually hashing) to compare financial invoices and accounting balances with a record of transactions found in blocks inside one (or more) blockchain(s).
This is why permissioned blockchains, which are more business-oriented than their public counterparts, are offering more latitude to professional financial auditing. Recall also that its visibility features, which are one of the pillars of the blockchain (e.g., ‘all’ can see all the transactions) are not suitable for a lot of major business actors such as banks and financial processors for example. This means that besides the blockchain, there is a need for strongly permissioned encryption to make sure that private transaction data are not leaked to unauthorized parties. In terms of audits, such as those performed in banks, this may look like a challenge. As we shall see it later in this article, the auditing of a blockchain can be done via a PCI-compliant HSM.
There are many accountability issues in a typical blockchain architecture, but we will not enter into the details here. However, we will explain how using a notary/TSA service in combination with a PCI-grade HSM can solve, at least partially, these issues.
Anchoring and Timestamp Servers in Blockchain
As we explained earlier, anchoring services that use a media server for publishing secure timestamps, in addition to the blockchain itself, are considered as a better and more convenient way to perform audits in the context of permissioned blockchains; for example, like those provided by the Corda framework for example.
Audit Functions Offered by HSMs
Here we shall detail what audit functions are needed or advisable in a banking-grade HSM.
If an auditable event happens, the HSM automatically adds an entry to an audit log file. A typical audit log entry includes:
- A timestamp with date and time of the event
- User name of all users who authenticated the audited command
- Function code (FC) and subfunction code (SFC) of the audited command
- A status code to indicate success of the operation or error code otherwise
An HSM is an ideal tool for performing such anchoring and providing secure audit logs because it uses secure memory protection and cryptographically signed logs for offline historical storage. It can identify itself as a trusted service, as well.
A formal audit procedure can be conducted from a central HSM user interface (control center), with the help of the logs produced by the HSM. This allows for level I audits concerning the HSMs in within the financial institution. Often a landscape of HSMs is found with a decentralized arrangement. The audits can in spite of this be conducted from a central location. The use of FIPS 140-2 compliant HSM is mandatory to reach PCI DSS compliance for the permissioned blockchain architecture.
In the context of permissioned blockchains, using a bank-grade HSM for auditing purposes, along with a blockchain notary service (or a TSA), is the right way to solve many auditability challenges found when using blockchain technologies for financial services provided by banks and to achieve PCI-compliance.
References and Further Reading
- Learn more about Utimaco's HSMs for blockchains
- More articles on permissioned blockchains in banking (2018 - today), by Martin Rupp, Priyank Kumar, Ulrich Scholten, Asim Mehmood, Dawn M. Turner and more
-  such as Usenet at the time the initial blockchains such as the Bitcoin were created
Blog post by Dr. Ulrich Scholten