The new system works a lot like a time delay safe for digital assets with a policy engine to broker communications.
News
IBM announced the launch of IBM Hyper Protect Offline Signing Orchestrator (OSO), an air-gapped cold storage solution for digital assets, on Dec. 5.
Working with digital asset manager Metaco — an IBM partner and Ripple subsidiary — and tier-1 banks, IBM developed the end-to-end asset encryption service to address common vulnerabilities found in typical cold storage solutions.
According to the announcement:
“When it comes to offline or physically air-gapped cold storage, there are limitations, including privileged administrator access, operational costs and errors and the inability to truly scale. All these limitations are due to one underlying factor—human interaction.”
Cold storage
IBM designed OSO to address these vulnerabilities by removing the manual functions of initiating and conducting transactions. Much like a time-release safe that cannot be opened upon request, OSO can be configured to only send transactions from cold storage to the blockchain, and vice-versa, at specific times or only through the authorization of a multibody governance scheme.
This, according to the blog post and accompanying research, prevents the most common forms of insider attack, including physical access, administrative manipulation and coercion attacks. If a bad actor were to somehow access the system, physically or remotely, they could only initiate a transaction during approved times and would have to wait until the transaction was approved for execution in order to receive/steal assets.
Further ensuring OSO’s resilience to attack, digital assets can be placed in “air-gapped” storage containers. Storage is considered air-gapped when it is not connected to the internet or any device capable of connecting to the internet. This ensures remote attacks can’t access assets while they’re at rest.
Securing blockchain transactions
Administrators managing cold storage solutions in a typical air-gapped paradigm usually have to hand-carry physical storage devices such as laptops or USB drives to offline hardware in order to sign transactions. This manual process introduces human error, a non-malicious form of attack that can be just as costly as an intentional exploit.
OSO implements a policy engine that can broker communication between two different applications without simultaneously connecting to both. As it operates through a virtual, partitioned server, via IBM’s Confidential Computing service, it also has no direct external network connectivity. This prevents human error from manual processes as well as remote access (hacking) — even during transactions.
Related: Bitcoin custodian Nostr Assets pauses deposits after reaching ‘maximum capacity’