Sorry, you need to enable JavaScript to visit this website.

The Blockchain: Trust and Repeat
Security

The Blockchain: Trust and Repeat

How Blockchain becomes a “Trust Machine” for Products and Services

Blockchain has tremendous potential. It is a way to eliminate the middleman-reducing transaction costs, and reinventing economies.

While often associated with crypto-currencies such as Bitcoin and Ethereum, blockchain has become a versatile technology that is disrupting every industry-from manufacturing to financial services to automotive. It is even transforming product development. Two core tenets of blockchain, immutability and decentralization, create exponentially more efficient recordkeeping and auditing.

A blockchain is essentially a digital ledger-a distributed database - that records transactions chronologically, and can be reviewed by participants. These transactions can be validated by only a specific set of participants (as in case of permissioned blockchain) or by anyone who has joined the network (as in case of permissionless blockchain). ‘Permissioned’ implies the party has been vetted and approved to conduct or verify transactions, such as a bank for financial transactions, a distributor shipping components to customers, or a developer dispatching software for testing. A specific number of transactions form a ‘block,’ which in turn is chained to subsequent blocks by hashing its contents and storing them as the first record of the following block.

Blockchain's intrinsic nature makes it a “Trust Machine,” as network participants are bound to certain rules, with transactions being validated on the fly and with full traceability. This occurs without a central authority or intermediary – resulting in democratization of trust. Several built-in mechanisms, including proof-of-work, proof-of-stake and consensus-based decisions ensure trust is maintained.

There are many nuances to the technology and its implementation. Selecting an appropriate blockchain platform remains a challenge. For example, in private blockchains, participants have granular permission to prevent a “51% attack.” This attack involves altering of historical records by collusion amongst a majority of participants. In certain cases, a few participants that control most resources, or a subset of actors having special privileges due to their reputation or longevity within the group as part of dynamic trust implementations, may monopolize block completion and operations.

Blockchain is here to stay and will find its way into products, and product development. However, there are a few questions that must be answered before moving forward:

  • Is blockchain right for a product ecosystem? Does the ecosystem encompass numerous actors that require an underpinning of trust?
  • How do you select a blockchain implementation for adoption: the Linux Foundation’s Hyperledger, OpenChain, MultiChain, Ethereum or others?
  • Where will you host your own blockchain network e.g. IBM Hyperledger Fabric, Microsoft Azure Blockchain? 
  • What level of latency can you withstand for trust verification?
Blockchain could slash the cost of transactions and reshape the economy.
Harvard Business Review

While adoption of blockchain will vary, security, privacy and trust domains have immediate promise. Here are five use-cases that will transform the way we innovate in products and services:

1.Component Provenance

There are companies that have adopted blockchains to track and trace products across a supply chain. As the volume of connected devices introduced increases, there is a need to manage weak identities of physical assets - serial numbers, QR codes and universal product codes (UPC) - by binding them to stronger cryptographic identities that lend themselves to digital tracking and analytics. A blockchain-based solution allows for tamper-resistant recordkeeping of these assets, in compliance with industry standards.

For example, in an organization: “A company can signal via blockchain that a good has been received-or the product may have GPS functionality, which automatically logs location updates which, in turn, trigger payments.”

Improved traceability is also needed on the digital front - across data flows through heterogeneous, physically distributed edge devices, gateways and cloud platforms. These analytics platforms often yield insights that are trusted to make business decisions or automate machine-to-machine interactions, which could be severely disrupted by a malicious attack. A blockchain-based solution allows for all ecosystem components to contribute signatures with the data they transmit, which can later be attested to as part of integrity checks.

2.Lightweight Ecosystems

Emerging ecosystems, especially app stores and mobile-edge compute (MEC) platforms, are gaining traction. Consumers and developers expect these ecosystems to work seamlessly and securely, while the ecosystem incorporates and manages numerous functions including:

  • Consent management between end users, developers, platform, third-party service providers. For example, granting permission for an app to access an end user’s camera or contacts on their smartphone, and acceptance of developer/platform privacy policies.
  • Onboarding of developers, including automated issuance of developer credentials, and acceptance of apps from vetted developers.
  • Security and compliance checks for acceptance and publication of an app or service.
  • Automated chained actions relating to app ratings, or in the case of a developer or end-user: access, revocation or expiration to services.
  • Payment reconciliation between actors for in-app purchases, developer fees for platform and micro-service utilization, and payouts to developers.

Current processes require large code bases, segregated environments-such as virtual private clouds-numerous data stores, and a tremendous amount of manual intervention or approval for realization of the above-mentioned functions. The introduction of a permissioned blockchain serves to eliminate friction by:

  • Streamlining consent management between all actors for enhanced privacy, mature compliance management, and consumer trust.
  • Providing leading-edge security by provisioning developer credentials, acceptance only from known sources, and developer-signed packages; and by attestation of security reviews through automated chained execution of static, binary and dynamic vulnerability assessments of submitted apps and services.
  • Reducing total cost of ownership of the platform, and more reliable disbursements, through periodic reconciliation of all monetary transactions.
  • Simplifying architecture through elimination of multiple data stores, and their corresponding high availability (replication) requirements.

3.DevOps Efficiency 

DevOps is a continuous, distributed process that infuses digital product development and operations with increased agility and efficiency. Centralized management of the product development process can be cumbersome, if not infeasible, due to the number of developers, testers and operations personnel involved, the many tools required—such as CI/CD tools like Jenkins, test automation frameworks, code signing, security vulnerability assessment tools—as well as the iterative process for making improvements. Examples of challenges include the suspension of steps based on certain actions, such as a security analyst determining a critical vulnerability in committed code, or the enablement of product features only for certain users, such as toggle features through code branches.

A blockchain-based DevOps process provides adequate access management in such a heterogeneous environment, with audit trails and actionable alerts based on certain changes—without the actors having to know, but being confident they can trust each other—analytics and metrics around bug resolutions, propagation of updates based on remediation activities, and evidence for SLA guarantees to customers.

4.Exponential Trust

Certificates based on public key infrastructure (PKI) often form the basis for a trusted connection between different entities. At the highest level, PKIs are signed by a handful of certificate authorities (CA) or trusted third parties. A world of "billions of things" with digital services and infinitely personalized experiences poses challenges to the current model. First, it requires handshakes between certificates provisioned by different manufacturers and service providers. Second, devices often require lifetime certificates with basic permissions for identity generation, however CAs do not issue certificates for lengthy periods. And third, revocation of top-level CA-issued certificates is complex and expensive. One group, named Rebooting Web-of-Trust, is promoting a blockchain-based decentralized PKI. Fundamentally, this publicly trusted identity verification mechanism is like that of financial transactions used by the Bitcoin network.

Similarly, communications service providers adopting network function virtualization (NFV) need to onboard virtual network functions (VNF) from multiple vendors. Various permutations of VNFs and corresponding NFV infrastructure need to be attested for compatibility and security. Moreover, as VNFs are delivered in a CI/CD model, and NFV infrastructure constantly undergoes changes, a blockchain-based attestation process through smart contracts appears to be a promising solution.

5. Integrity As A Service

Malware and ransomware are increasingly making their way onto IoT devices, as adversaries look to alter firmware and software on insecure devices. Current patch attestation and delivery for IoT devices or hyper-converged infrastructure (HCI) remains fraught with supply-chain related challenges. A blockchain can ensure the integrity of IoT devices, where firmware is stored as a hash—a cryptographic fingerprint of the code—at regular intervals in the ledger. If malware alters the firmware’s code, blockchain issues a new hash to change the code’s value then generates an intrusion alert and takes countermeasures.

The introduction of a blockchain-based malware defense also allows for patch issuers to publish verified hashes of trusted payloads. Devices can publish periodically to the ledger both a hash of their configuration and patch status, as well as an encrypted payload of the sensitive data. The ability for a device to vet and download trusted payloads avoids malware; while its ability to retrieve a copy or image of the sensitive data it contains negates the impact of ransomware.

Blockchain Lead
Shaan Mulchandani, Director Security Practice
Security Practice Lead
Prakasha Ramachandra, AVP

Security

  • Aricent HAVOC Solution
    Brochure
    Aricent HAVOC Solution
    Preview
  • 10 Trends Impacting Network Security Product Roadmaps
    Whitepaper
    10 Trends Impacting Network Security Product Roadmaps
    Preview