Cryptocurrency Fraud,
Fraud Management & Cybercrime,
Next-Generation Technologies & Secure Development
Insights from Ruchin Kumar at Futurex on CBDC Adoption and HSM Security for Transactions
Central Bank Digital Currencies (CBDCs) are increasingly being recognized as viable alternatives to decentralized cryptocurrencies. A recent survey indicated that by the end of 2024, 91% of central banks globally were actively exploring CBDC initiatives, transitioning many from preliminary research to pilot and launch phases.
Ruchin Kumar, who serves as Vice President for South Asia at Futurex, shares his insights regarding the burgeoning trend of CBDC adoption. He elaborates on how Hardware Security Modules (HSMs) utilize advanced cryptographic encryption using state-of-the-art algorithms to protect transactions involving CBDCs.
See Also:
OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation
With over 25 years of experience in IT security sales across the Asia-Pacific region, Kumar advises the Reserve Bank of India (RBI), which serves as the country’s central bank and regulatory body for payments. He has overseen significant national payment projects, including Real Time Gross Settlement (RTGS), the Cheque Truncation System (CTS), the Unique Identification Authority of India (UIDAI) Aadhaar initiative, the Goods and Services Tax Network (GSTN), and the Unified Payments Interface (UPI), thereby enhancing data security and payment systems in both public and private sectors.
Edited Excerpts Follow:
How are CBDCs being adopted globally, and what trends shape their growth in India?
Decentralized cryptocurrencies, particularly stablecoins, pose governance challenges. Central banks exhibit a preference for maintaining control; thus, CBDCs attract government attention by mirroring the flexibility of cryptocurrencies while enabling centralized oversight. The governance of CBDCs may rest with both central banks and federal authorities.
Currently, around 114 countries are actively pursuing CBDC projects, with the European Central Bank piloting the digital euro. India’s e-rupee is on track to become legal tender, intended for domestic transactions and international cross-border payments alike.
As of its launch in December 2022, India’s e-rupee has seen circulation range between INR 400 to 500 crore, equivalent to approximately $44 to $55 million, with several banks participating in the pilot.
What factors are critical for the mass adoption of CBDCs?
Establishing widespread awareness about CBDCs as secure transaction methods is imperative. Awareness campaigns spearheaded by the government and RBI, emphasizing security capabilities, could bolster user trust and drive the adoption rate as well as transaction volumes. Individuals who have previously fallen victim to scams involving QR codes and fraudulent communications must gain confidence in CBDCs for broader acceptance.
Collaboration between IT security firms and the RBI is facilitative to ensuring confidentiality and integrity of transactions. Secure e-transactions are fortified through techniques such as hashing, digital signing, and advanced encryption standards including AES-192, ensuring unaltered transaction data.
What interoperability challenges exist, and how are they being resolved?
The RBI has introduced specific standards and secure APIs for banks and ecosystem participants to connect with its centralized applications. This framework ensures secure communications while implementing digital signing for non-repudiation. Each transaction is recorded meticulously, thus providing verifiable evidence if required in future legal contexts.
What encryption standards has the RBI employed to safeguard CBDC transactions against fraud?
Maintaining data confidentiality and integrity hinges on cryptographic keys and algorithms. The RBI has mandated that the entire life cycle of these encryption keys be managed within FIPS 140-3 Level 3-certified HSMs, enhancing security against physical tampering and side-channel attacks. Irregularities, such as unexpected voltage changes or multiple invalid access attempts, can trigger an automatic shutdown of the HSM devices, which are engineered to be highly secure.
When were HSMs first adopted in India, and what was their initial application?
HSMs employ advanced encryption to safeguard transaction data and cryptographic keys, functioning as co-processors designed to expedite encryption and decryption, thereby minimizing transaction latency. Security protocols must achieve instantaneous processing to match the demands of high-volume financial transactions.
Although the use of HSMs in India dates back to 2002 for digital signing during RTGS, their role has evolved significantly. The IT Act of 2000 regulates the specifications for HSM deployment as cryptographic co-processors, contributing to their widespread adoption in both the banking and payment sectors. The cheque truncation system introduced HSMs for secure transaction management starting in the mid-2000s. By 2008-2009, the National Payments Corporation of India (NPCI) had taken charge of managing core banking systems, fortifying major payment platforms with HSM support.
Will current encryption algorithms remain viable with the advent of quantum computing, and are HSMs prepared for this transition?
While quantum computers have not yet reached mainstream adoption, collaborations with manufacturers and algorithm developers are underway. The National Institute of Standards and Technology (NIST) and Microsoft have released post-quantum cryptography (PQC) algorithms, and Futurex has ensured that its HSMs are already PQC-ready, positioning them for future security challenges.