Key management is an integral part of using distributed ledger technology (DLT). Previous work has primarily focused on key management for single-user scenarios on Bitcoin. Over the last decade, DLT has evolved to commercial and financial sectors; for example, a new German law allows the trading of a variety of financial securities via DLT. Instead of a single-user paradigm, financial institutions follow a multi-user paradigm. Combining multi-user key management with single-user key management solutions leads to unique challenges with usability and security. We extend current research through a two-stage qualitative interview study with 13 finance professionals. We investigate how the technical reality contrasts with perceptions of key management practices in corporate financial organizations. Our interdisciplinary study shows, among other things, that DLT does not meet real-world requirements in this particular domain. Moreover, it introduces additional challenges in terms of authentication and auditing. Our findings suggest that corporate financial institutions strongly support the adoption of blockchain solutions. However, to comply with regulatory and operational requirements, they face additional usability and security challenges, e.g., authentication and access control. Better mechanisms or novel design approaches are required to cover professional environments. This includes how multiple users can access the same assets and approve joint transactions.
44th IEEE Symposium on Security and Privacy