Article posted: Oct 30, 2017
By Marcus Hartwig, Versasec GM Americas
Blockchain is being hailed as a serious security contender, from protecting data to fortifying digital apps, and thanks to cryptocurrencies it is gaining strong momentum.
In fact, Blockchain is the technology that enables the very existence of cryptocurrency (among other things). The best known of these, Bitcoin, is the cryptocurrency for which blockchain technology was invented. Simply put, a cryptocurrency is a digital version of a monetary exchange that uses encryption techniques to control the creation of monetary units and to verify the transfer of funds.
Blockchain technology originally gained a purpose by working closely with Bitcoin to push cryptocurrencies, but more industries and organizations are looking at Blockchain for other applications, such as ride-sharing and crowdfunding.
In reality, Blockchain is simply a digital, decentralized ledger that records transactions taking place across a peer-to-peer network. Its major innovation is that it allows market participants to transfer assets across the Internet anonymously and securely without the need for a centralized third party.
From a business perspective, it's helpful to think of Blockchain as a type of next-generation business process improvement software. It promises the ability to improve business processes between companies, radically lowering the "cost of trust." For this reason, it has the potential of significantly higher returns for each investment dollar spent than most traditional internal investments.
Today, Blockchain is used in sharing economies for peer-to-peer payments, crowdfunding initiatives including Kickstarter and GoFundMe, and even in governance. The app, Boardroom, enables organizational decision-making to happen on the Blockchain. In practice, the company governance becomes fully transparent and verifiable when managing digital assets, equity or information.
In other uses, Blockchain is helping protect files from getting hacked or lost in file sharing applications. Decentralizing files storage on the internet through Inter Planetary File System (IPFS) eliminates the need for centralized client-server relationships found on the current web.
What role might Blockchain play in identity and access management (IAM)? It could potentially play a role in PKI. In this case, the basic set-up would remain the same, in that the certificate authority (CA) would issue and manage the certificates needed for the trusted digital identities that are required to implement strong authentication, data encryption and digital signatures.
But the potential for running certificate authority software on a blockchain rather than on a computer, is a real possibility. One example, published in a paper by Karen Lewison and Francisco Corella describes the process. In the paper, they discuss how a CA issues a certificate to a subject as usual, except that it does not sign it. Instead, it stores a cryptographic hash of the certificate in a blockchain store that it controls, dedicated to storing hashes of issued certificates. If the certificate is compromised, the CA revokes it by storing its hash in another blockchain store that it controls, dedicated to storing hashes of revoked certificates.
To validate the certificate, the verifier checks that its hash is present in the issued-certificate store of the CA, and not present in the revoked-certificate store. Since blockchain certificates are not signed. This means that they are shorter, which reduces the time it takes to transmit a certificate backed by a CA certificate chain. Secondly, validation of a certificate and its CA certificate chain is trivial. A blockchain being a "distributed ledger," the verifier has a local copy of the entire blockchain and looks up hashes of certificates in blockchain stores in the local copy, without network access. Therefore, no signatures need to be verified.
Time will tell what future Blockchain will have in IAM, but rest assured Versasec will continue to monitor its development.