A blockchain-based system marries ironclad trust to a fully auditable sequence of digital events enclosed in a highly secure environment.
As a digital currency, Bitcoin has had its up and downs, and it’s still unclear whether it will survive or give way to the next crypto currency. That’s not the case for the technology underlying it, called blockchain.
It’s been lauded as a starkly innovative way of confirming the identity and validity of parties who are trying to do business with each other -- a critical function for Bitcoin. However, organizations are already trying to extend it to other uses, and now blockchain is vying to be the underlying technology of secure infrastructures for a range of applications.
The problem with financially focused systems, which blockchain solves, is that it’s hard to set up a wholly trusted intermediary between two parties who want to do business electronically. Most likely, that trusted third party is a bank or other financial institution. However, while most transactions are trouble free, acceptance of a certain amount of fraud is built into current processes, and disagreements occur that require mediation. That raises both risk and cost.
Blockchain changes the equation by transferring risk from a human-based process to one where cryptographic proof of contracts, agreements, prices, etc., takes the place of that variable trust. Each step, or block, in the process is locked in place, the details of each block are carried forward to the next, with each subsequent block containing a hash of the previous one.
As the chain grows, therefore, it becomes computationally all but impossible to interfere with. The chain is considered valid only if each of the blocks and transactions in the chain remain valid, and only if the chain continues to start with the original block, called the genesis block.
Essentially, the blockchain becomes a record or ledger of digital events that is shared among many different parties, with each party required to digitally sign a hash of a transaction and the public key of the next party in the chain, before passing it along. No blockchain record can be updated without the agreement of a majority of the entities involved, and none of the historical information contained in a ledger can be altered because any attempt would change the old hash.
In essence, a blockchain-based system marries ironclad trust to a fully auditable sequence of digital events enclosed in a highly secure environment.
Its use for financially based transactions, such as with Bitcoin, is obvious. At least in concept, however, it’s a system that can be applied to other trust-based environments, and various organizations are starting to explore if and how that could be done.
The Department of Homeland Security, for example, has asked for research proposals that would “design information security and privacy concepts on the blockchain to support identity management capabilities” that decrease the cost and risks of identity management, while at the same time increasing security and productivity for users in the Homeland Security Enterprise.
The current HSE identity management process uses centralized authorities to vouch for the accuracy of the information they collect and maintain. To process any transaction requiring validation of information in this process -- such as employment status, citizenship, eligibility to work -- relies on a large level of trust that the who, what and how behind that transaction is itself all valid.
The research DHS wants to support would focus on whether “classic” information security concepts such as confidentiality, integrity, availability, provenance and privacy can be built on top of the blockchain technology to “provide a distributed, scalable approach to privacy respecting identity management.”
No one believes any of this will be easy, but the potential gains from successfully creating such systems all but guarantee that the efforts will be made.
NEXT STORY: Secure code before or after sharing?