Blockchain is known for powering cryptocurrencies, but developers are finding many other innovative uses for crypto-secure transactions, write Adam Palmer and Michael Palage., Security
Blockchain is known for powering cryptocurrencies, but developers are finding many other innovative uses for crypto-secure transactions, write Adam Palmer and Michael Palage. Over the past several years, more than a billion dollars have been invested in blockchain startups by investors seeking to capitalise on what is estimated to be an $US8 billion market by 2024. This private sector investment has also been coupled with several public sector initiatives from various governments. This article examines the aspects of blockchain technology that make it uniquely situated to support cyber-security capacity building. It is important to note that blockchain is not a ‘silver bullet‘ solution. However, it will be a critical tool for improving cyber-security. Blockchain is a peer-to-peer distributed ledger technology that provides for the secure archival of information (transactions) in a dynamic repository comprised of a never-ending series of sequential data blocks chained together using public/private key cryptography. Through the use of cryptography and consensus protocols associated with the writing of data blocks to the chain, the information stored in the repository is tamper resistant and immutable. It is this combination of features which provides the level of transparency, trust and accountability among users of that blockchain. There are two general classifications of blockchain technology: permissioned and permissionless. The original Bitcoin blockchain was built to create a ‘permissionless‘ peer-to-peer network for transferring a virtual currency from any one party on the network to any other party on the network. It is permissionless because there is no trusted authority (such as a bank or clearing house) verifying that the transactions are legitimate and that the record for the transactions is, and remains, correct. Instead, transactions are verified by a consensus protocol among the miners. Trust is linked to the degree of difficulty set for the miners, and each change is recorded on the blockchain transaction record. Unfortunately, the computational demands of a permissionless system, like Bitcoin, make it very inefficient. As a result, many blockchain applications being investigated in the financial and digital identity sectors are ‘permissioned‘ networks. A trusted authority manages access to the networks by users, and is authorised to perform verification of the transactions. Permissioned blockchains can establish a consensus protocol that is not as computationally demanding, but is still secure through the management of the parties on the network. Permissioned blockchains then have greater potential to be utilised to support other functional applications of blockchain (eg, decentralised, secure cryptography) and the application to digital identity where the economic incentive model of cryptocurrency is not needed. Permissioned blockchains also permit a more formal governance structure to provide a framework for resolving disputes between users – this is more challenging on permissionless blockchains, which are autonomous by nature. Blockchain is the underlying technology enabling Bitcoin, the world’s most popular ‘cryptocurrency‘. Blockchain’s early association with Bitcoin and the dark web created an initial stigma for the technology in some sectors. However, Bitcoin has recently gone mainstream, with a growing number of established companies accepting Bitcoin as legal tender. This list includes not only technology-centric companies such as Microsoft and Dell, but also traditional companies such as SBB, the Swiss rail operator. Several recent developments show the potential for a much wider adoption of blockchain cryptocurrencies. Alipay is currently the most popular mobile payment application in the world, with over 450 million users just in China. Eric Jing, the CEO of Ant Financial, was recently quoted as saying he ‘definitely‘ sees blockchain being a foundation to its popular mobile application. With Ant Financial’s pending acquisition of MoneyGram, Alipay may soon be able to leverage MoneyGram’s existing network of 350,000 outlets in nearly 200 countries and territories. These developments are in addition to the People’s Bank of China (PBOC) that has recently completed a proof-of-concept testbed and appears to be one of the first major central banks positioned to begin a wide-scale use of cryptocurrencies. A broader use of blockchain technology is likely to occur in the financial technology (FinTech) sector, providing the ability to speed transactions and remove intermediaries as well as to potentially provide billions of dollars in cost saving and efficiencies for the financial services industry. The Depository Trust & Clearing Corporation (DTCC) , which is one of the world’s largest financial service companies for clearing and settlement services, has recently announced that it selected IBM, in partnership with Axoni and R3, to. Interestingly, DTCC in their press release made no specific reference to blockchain and instead only mentioned DLT. This appears to be a growing trend in the FinTech sector to avoid using the moniker blockchain and instead use DLT. R3, a leading consortium of 70 global financial companies, in a blog post has recently stated that its Corda product is a distributed ledger and not a blockchain. For the purposes of this article, blockchain and DLT are intended to be used interchangeably, but it is important to understand that there are those that view them as distinct terms. While DTCC avoided using the term blockchain in its press release, it did state that its distributed ledger protocol “will be submitted to Hyperledger when the solution goes live”. hosted by the Linux Foundation whose objective, according to its website, is “to advance cross-industry blockchain technologies” in the finance, banking, Internet of Things, supply chains, manufacturing and technology sectors. My Health – My Data (MH-MD) is an initiative launched in November 2016 with funding from the European Commission and designed to enhance the privacy of individual healthcare records. In January of this year, the US Food and Drug Administration announced an initiative with IBM to use blockchain technology to facilitate the secure and scalable distribution of health records. Currently, these records are often stored centrally across numerous data repositories with varied levels of security. Because of the highly sensitive nature of this data, these repositories are a frequent target of massive data breaches. Blockchain technology provides a framework in which this data can be securely stored in a decentralised manner, while enabling access to the data when authorised. Digital identities are broadly defined as any set of information used by computer systems to represent some entity (a person, organisation, application or device) . Common forms of digital identity are password-based access credentials and user profiles, which can include various identity credentials used to verify that the entity is authorised to engage in a transaction. There are three fundamental aspects of digital identity: identity creation (creation of valid identity credentials) , authentication (verification of those credentials) and authorisation (verification of rights provided by those credentials) . The current model for digital identities typically involves users having separate identity credentials stored across different providers. However, the distributed nature of blockchain technology provides for a fundamental paradigm shift regarding digital identities, in which identity credentials are controlled by the individual user instead of the provider. The Sovrin Foundation, a US not-for-profit organisation, has recently proposed a model for ‘self-sovereign‘ identity, in which users manage and control their own identity credentials. Individuals create a digital identity with various identity credentials on a public-permissioned blockchain managed by Sovrin. These credentials are then accessed and verified by service providers globally as needed, but the individual’s personal information remains in the blockchain under the control of the individual.
