April 23, 2015

Blockchain: The Missing Link to Multi-Billion Secure Connections

BY :     April 23, 2015

Blockchain“All things of value are helpless” is a famous line from a poem by the multitalented Dutch artist Lucebert. It’s even more true if you know where to look. Back in the old days, you just picked a suitable bank if you wanted to rob money. Nowadays, you would hack IDs: passwords, creditcard numbers, etc… conveniently, via email providers. To do this on a large scale, you would for instance attack a CA, a Certificate Authority.

Security Collapse in the HTTPS Market

In 2011, Comodo was hacked and so was DigiNotar, a Dutch commercial CA. This heist led to massive email hacks and other security violations. Trustwave was targeted in 2012. These are just a few examples of a widespread practice in many guises that keep stirring up emotion and analysis. The whole system of Trusted Third Parties, CAs, Public Key Infrastructures and protocols like HTTPS seems compromised, and this is no news as there is ample evidence since 2000 and before.

In October 2014, Communications of the ACM featured the article ‘Security Collapse in the HTTPS Market’ by experts from the Dutch University TU Delft that concluded: “Widely reported security incidents — such as DigiNotar’s breach, Apple’s #gotofail, and OpenSSL’s Heartbleed — have exposed systemic security vulnerabilities of HTTPS to a global audience. Then came Edward Snowden. HTTPS is both a major target of government hacking and eavesdropping, as well as an effective measure against dragnet content surveillance when Internet traffic traverses global networks. HTTPS, in short, is an absolutely critical but fundamentally flawed cybersecurity technology.”

System Error
The rigorous answer to this ‘System Error’ is a mix of append-only decentralization and replication. Luckily, we have a new kid on the block that listens to the name ‘Blockchain.’ This basic mechanism can provide a solid chain, so to speak, without an obvious weak link that begs to be broken. Just visit the website blockchain.info to see the system in its full glory, displaying the mining of the so-called ‘Bitcoins’ from the public transaction database. Everything open, honest and traceable.

Now, if we for a moment forget about the money, since the Bitcoin application is only a simple proof of concept demonstrating that the Blockchain mechanism is very much able to do its trick, then it would be quite conceivable for the Blockchain to be the foundation of economic transactions in general, based on well secured identity management. This is how Fromknecht, Velicanu, and Yakoubov, all from the Massachussetts Institute of Technology, described the potential in November 2014, related to the dire state of the TTP/CA/PKI/HTTPS system:

“Public Key Infrastructures (PKIs) enable users to look up and verify one another’s public keys based on identities. Current approaches to PKIs are vulnerable because they do not offer suffciently strong guarantees of identity retention; that is, they do not effectively prevent one user from registering a public key under another’s already-registered identity. In this paper, we leverage the consistency guarantees provided by cryptocurrencies such as Bitcoin and Namecoin to build a PKI that ensures identity retention. Our system, called Certcoin, has no central authority and thus requires the use of secure distributed dictionary data structures to provide efficient support for key lookup.”

The Internet of Things
We keep connecting so many different digital devices — from toothbrushes to turbines, smart homes, production plants, phones and connected cars (aka “smartphones on wheels”) — that there are terms for it: the Internet of things (IoT) and the Industrial IoT (IIoT or Industrial Internet). Therefore IBM and Samsung created their new Adept platform that for example allows a machine or system to detect a failing part and order a replacement. Adept is built on the distributed blockchain database as a fast and (more) secure way to connect physical objects. So apart from things of value being less helpless and overcoming the fundamental flaws of TTP/CA/PKI/HTTPS based systems, blockchain also may well be the missing link to multi-billion (more) secure IoT/IIoT connections.

Literature

Sogeti Labs

About

SogetiLabs gathers distinguished technology leaders from around the Sogeti world. It is an initiative explaining not how IT works, but what IT means for business.

Related Posts

Your email address will not be published. Required fields are marked *

6 + 1 =


  1. jacques · April 24, 2015 Reply

    Hello Jaap. interesting … My understanding is that based on peer to peer network. Bitcoin or Certcoin could be a solution for impoving security transaction. Ar you including te concept Systems of Systems ? and how to manage this complexity? Are we ready to do so ?

  2. Jaap Bloem · May 4, 2015 Reply

    Jacques,
    You speak from my heart!
    S2S complexity truly will pose a formidable challenge. The learning, development and adoption curve from here seems insurmountible. Experience, however, tells us that we will partially climb, and then circumvent all obstacles ahead. Still, we need (semi-)mathematically assured “functions” to take care of this. Your solutions, dear Jacques, are definitely pointing in the right direction. Grtz, Jaap

  3. Blocksize Debate at the Breaking Point – SogetiLabs · June 9, 2016 Reply

    […] And make sure to also read my article on Blockchain Being the Missing Link to Multi-billion Secure Connections. […]

*Opinions expressed on this blog reflect the writer’s views and not the position of the Sogeti Group