speaker-photo

Jean-Philippe Aumasson

Taurus, CSO
JP Aumasson is cofounder and CSO of Taurus, a global provider of crypto asset management technology for financial institutions. He's also a cryptographer, author of the reference book Serious Cryptography, and co-designer of algorithms such as BLAKE2, BLAKE3, SipHash, and SPHINCS+. He's online at https://aumasson.jp and https://x.com/veorq.

 

10:45 -

20 September 2024 Talks

Harderning HSMs for banking-grade crypto wallets

We've been using hardware security modules (HSMs) as part of a custody solution used by banks for the safekeeping of cryptocurrency and other tokenized assets, often managing billions of dollars in value.
However, solely relying on built-in security mechanisms of an HSM, even when FIPS 140-3 certified, isn't enough for this use case. In this talk, we'll first describe an HSM's feature set, architecture, security guarantees, and inherent limitations. Then we'll present tricks and techniques we developed to considerably enhance the security of a crypto wallet. These include measures for attack surface reduction, secure configuration enforcement, request filtering, custom policies, as well as replay protection and state management with minimal statefulness.