Satish Mohan is the Chief Technology Officer at Airgap Networks, where he is responsible for technology architecture and program innovation.
Blockchains are distributed databases that store the data among nodes on a network and guarantee the fidelity and security of data stored on the chain. They are typically used in cases where the data has to be trusted without the need for third-party verification. Blockchains serve as the underlying infrastructure for cryptocurrencies, which have surged in adoption and popularity in recent years.
A defining characteristic of blockchains is that the data stored on them is immutable — data stored on the blocks in the chain are linked together cryptographically and very hard to change without expending considerable resources.
We are starting to see alternative use cases emerge for blockchain technology, especially in areas such as cybersecurity identity management, food industry supply chains, healthcare, property records and digital voting.
Cybersecurity Use Cases
According to a study conducted by IoT Analytics in 2020, there are 12 billion internet-connected devices worldwide, and the global number of connected devices tops 21.7 billion. With the growing number of devices, businesses and IT departments struggle to authenticate users and devices and provide them access to critical business applications, especially when users bring their own devices (BYOD) and are often working remotely.
Identity management systems have evolved from simply providing access to web applications to include all enterprise applications, including both SaaS and on-premises. However, current approaches suffer from trustworthiness and liability issues.
Using blockchain technology, we now have the tools to build new identity management systems based around the notion of decentralized identifiers. Digital IDs (DIDs) may be created both for users and endpoints within an organization. Users can be identified using a combination of first and last name, date of birth, nationality and social security number. In the case of endpoints, the digital identity may be an online profile linked to the device’s IP address and can take the form of a randomly generated unique ID. This profile can include other unique data points such as MAC addresses, firmware versions, operating system revisions and other identifying information.
Digital identities may be secured using the principles of private/public-key cryptography. A private and public key can be generated for each user or device. The user or device retains control of the private key and is the only person or entity capable of decrypting the data. The public key may be freely distributed and is used by the service provider to verify the authenticity of the user or device presenting the credentials.
Once a digital identity has been generated for each user/endpoint, they present the verified identifier in the form of a QR-code or a signed digital certificate to a service provider to gain access to critical resources. The service provider then verifies the identity by verifying proof of ownership of the presented attestation.
Business Considerations In Using Blockchains For DIDs
There are several advantages of using blockchains for digital identity management for endpoint devices. Some of these include:
• Tamper-Proof: Once the digital identity associated with a user/device has been generated and associated with attestations about the endpoint or device, it can then be stored on the chain in an immutable way. This makes it nearly impossible for attackers to tamper with or modify the identity in any way without expending a large number of computational resources to override the consensus algorithms such as proof of work or proof of stake, which are commonly used.
• Decentralized: Blockchains store an irreversible timeline of data on a set of participating nodes which can be implemented in a decentralized fashion. No single entity or organization has complete ownership of the data stored on the chain, and this makes it less susceptible to breaches or loss of the single point of control.
• Data Portability: Using decentralized identifiers, users can retain control of their identity. They can easily move identities stored on a particular hosted blockchain to another service provider. Blockchain technology can also facilitate direct relationships between a user or endpoint and several service providers and allow transactions between them.
While there are significant advantages to using blockchains for digital identity management, there are several disadvantages that CIOs and decision-makers need to consider before adopting this technology:
• Technology Cost: The benefits of decentralization come at a technology cost. Blockchain technology is still (at the time of this writing) fairly complex to set up and operate, and this must be balanced against the benefits it can provide in a cybersecurity context.
• Low Transactions Per Second: Inserting information into the chain is a cryptographically complex operation requiring a consensus protocol to converge before the entry is immutably integrated into the chain.
• History Of Use In Illicit Activities: Blockchain technology, just like any other software, has the potential to contain software bugs and vulnerabilities, which may be exploited by attackers to compromise the information stored on the chain. Recently, hackers stole more than $600 million in cryptocurrencies on the blockchain-based platform Poly Network.
Some of the disadvantages may be overcome by enterprises adopting and managing private blockchains, also known as “permissioned blockchains.” A permissioned blockchain is managed and operated as a closed ecosystem with only identifiable participants able to perform actions to read and add data to the chain.
There are still ecosystem challenges to be overcome in the widespread adoption of blockchain technology for digital identity verification. Device manufacturers need to support obtaining and storing private keys and digital certificates associated with digital IDs. Service providers need to either host or integrate with a permissioned or public blockchain to store and look up identities for user and device authentication purposes.
Despite these challenges, using blockchains for decentralized identifiers has the potential to reduce the use of fraudulent identity and compromised credentials and can reduce vulnerabilities businesses face while securing their critical assets. CIOs and enterprise IT decision-makers should continue to carefully monitor new developments in these areas to adopt these technologies when they reach the appropriate technological and ecosystem maturity.