Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Award winning blockchain paper at HIMSSAP17

David Chou, CIO at Children’s Mercy Hospital Kansas City, and I wrote a paper “How Healthy is Blockchain Technology?” for the HIMSS Asia Pacific 17 conference in Singapore last week. The paper is a critical analysis of the strategic potential for current blockchains in healthcare applications, with a pretty clear conclusion that the technology is largely misunderstood, and on close inspection, not yet a good fit for e-health.

And we were awarded Best Paper at the conference!

The paper will be available soon from the conference website. The abstract and conclusions are below, and if you’d like a copy of the full paper in the meantime, please reach out to me at Steve@ConstellationR.com.

Abstract

Blockchain captured the imagination with a basket of compelling and topical security promises. Many of its properties – decentralization, security and the oft-claimed “trust” – are highly prized in healthcare, and as a result, interest in this technology is building in the sector. But on close inspection, first generation blockchain technology is not a solid fit for e-health. Born out of the anti-establishment cryptocurrency movement, public blockchains remove ‘people’ and ‘process’ from certain types of transactions, but their properties degrade or become questionable in regulated settings where people and process are realities. Having inspired a new wave of innovation, blockchain technology needs significant work before it addresses the broad needs of the health sector. This paper recaps what blockchain was for, what it does, and how it is evolving to suit non-payments use cases. We critically review a number of recent blockchain healthcare proposals, selected by a US Department of Health and Human Services innovation competition, and dissect the problems they are trying to solve.

Discussion

When considering whether first generation blockchain algorithms have a place in e-health, we should bear in mind what they were designed for and why. Bitcoin and Ethereum are intrinsically political and libertarian; their outright rejection of central authority is a luxury only possible in the rarefied world of cryptocurrency but is simply not rational in real world healthcare, where accountability, credentialing and oversight are essentials.

Despite its ability to transact and protect pure “math-based money”, it is a mistake to think public blockchains create trust, much less that they might disrupt existing trust relationships and authority structures in healthcare. Blockchain was designed on an assumption that participants in a digital currency would not trust each other, nor want to know anything about each other (except for a wallet address). On its own, blockchain does not support any other real world data management.

The newer Synchronous Ledger Technologies – including R3 Corda, Microsoft’s Blockchain as a Service, Hyperledger Fabric and IBM’s High Security Blockchain Network – are driven by deep analysis of the strengths and weaknesses of blockchain, and then re-engineering architectures to deliver similar benefits in use cases more complex and more nuanced than lawless e-cash. The newer applications involve orchestration of data streams being contributed by multiple parties (often in “coopetition”) with no one leader or umpire. Like the original blockchain, these ledgers are much more than storage media; their main benefit is that they create agreement about certain states of the data. In healthcare, this consensus might be around the order of events in a clinical trial, the consent granted by patients to various data users, or the legitimacy of serial numbers in the pharmaceuticals supply chain.

Conclusion

We hope healthcare architects, strategic planners and CISOs will carefully evaluate how blockchain technologies across what is now a spectrum of solutions apply in their organizations, and understand the work entailed to bring solutions into production.
Blockchain is no silver bullet for the challenges in e-health. We find that current blockchain solutions will not dramatically change the way patient information is stored, because most people agree that personal information does not belong on blockchains. And it won’t dispel the semantic interoperability problems of e-health systems; these are outside the scope of what blockchain was designed to do.

However newer blockchain-inspired Synchronous Ledger Technologies show great potential to address nuanced security requirements in complex networks of cooperating/competing actors. The excitement around the first blockchain has been inspirational, and is giving way to earnest sector-specific R&D with benefits yet to come.

Posted in Security, Privacy, Innovation, e-health, Blockchain

A hidden message from Ed Snowden to the Identerati

The KNOW Identity Conference in Washington DC last week opened with a keynote fireside chat between tech writer Manoush Zomorodi and Edward Snowden.

Once again, the exiled security analyst gave us a balanced and nuanced view of the state of security, privacy, surveillance, government policy, and power. I have always found him to be a rock-solid voice of reason. Like most security policy analysts, Snowden sees security and privacy as symbiotic: they can be eroded together, and they must be bolstered together. When asked (inevitably) about the "security-privacy balance", Snowden rejects the premise of the question, as many of us do, but he has an interesting take, arguing that governments tend to surveil rather than secure.

The interview was timely for it gave Snowden the opportunity to comment on the "Wannacry" ransomware episode which affected so many e-health systems recently. He highlighted the tragedy that cyber weapons developed by governments keep leaking and falling into the hands of criminals. For decades, there has been an argument that cryptography is a type of “Dual-Use Technology”; like radio-isotopes, plastic explosives and supercomputers, it can be used in warfare, and thus the NSA and other security agencies try to include encryption in the "Wassenaar Arangement" of export restrictions. The so-called "Crypto Wars" policy debate is usually seen as governments seeking to stop terrorists from encrypting their communications. Even if crypto export control worked, it doesn’t address security agencies' carelessness with their own cyber weapons.

But identity was the business of the conference. What did Snowden have to say about that?

  • * Identifiers and identity are not the same thing. Identifiers are for computers but “identity is about the self”, to differentiate yourself from others.
  • * Individuals need names, tokens and cryptographic keys, to be able to express themselves online, to trade, to exchange value.
  • * “Vendors don’t need your true identity”; notwithstanding legislated KYC rules for some sectors, unique identification is rarely needed in routine business.
  • *Historically, identity has not been a component of many commercial transactions.
  • *The original Web of Trust, for establishing a level of confidence in people though mutual attestation, was “crude and could not scale”. But new “programmatic, frictionless, decentralised” techniques are possible.
  • * He thought a “cloud of verifiers” in a social fabric could be more reliable, to avoid single points of failure in identity.
  • *When pressed, Snowden said actually he was not thinking of blockchain (and that he saw blockchain as being specifically good for showing that "a certain event happened at a certain time").

Now, what are identity professionals to make of Ed Snowden’s take on all this?

For anyone who has worked in identity for years, he said nothing new, and the identerati might be tempted to skip Snowden. On the other hand, in saying nothing new, perhaps Snowden has shown that the identity problem space is fully defined.

There is a vital meta-message here.

In my view, identity professionals still spend too much time in analysis. We’re still writing new glossaries and standards. We’re still modelling. We’re still working on new “trust frameworks”. And all for what? Let’s reflect on the very ordinariness of Snowden’s account of digital identity. He’s one of the sharpest minds in security and privacy, and yet he doesn’t find anything new to say about identity. That’s surely a sign of maturity, and that it’s time to move on. We know what the problem is: What facts do we need about each other in order to deal digitally, and how do we make those facts available?

Snowden seems to think it’s not complicated a question, and I would agree with him.

Posted in Security, Privacy, Identity, Government

Blockchain unblocked

It’s been a big month for blockchain.

    • The Hyperledger consortium released the Fabric platform, a state-of-the-art configurable distributed ledger environment including a policy editor known as Composer.
    • The Enterprise Ethereum Alliance was announced, being a network of businesses and Ethereum experts, aiming to define enterprise-grade software (and evidently adopt business speak).
    • And IBM launched its new Blockchain as a Service at the Interconnect 2017 conference in Las Vegas, where blockchain was almost the defining theme of the event.  A raft of advanced use cases were presented, many of which are now in live pilots around the world.  Examples include shipping, insurance, clinical trials, and the food supply chain.

I attended InterConnect and presented my research on Protecting Private Distributed Ledgers, alongside Paul DiMarzio of IBM and Leanne Kemp from Everledger. 

Disclosure: IBM paid for my travel and accommodation to attend Interconnect 2017.

Ever since the first generation blockchain was launched, applications far bigger and grander than crypto-currencies have been proposed, but with scarce attention to whether or not these were good uses of the original infrastructure.  I have long been concerned with the gap between what the public blockchain was designed for, and the demands from enterprise applications for third generation blockchains or "Distributed Ledger Technologies" (DLTs).  My research into protecting DLTs  has concentrated on the qualities businesses really need as this new technology evolves.  Do enterprise applications really need “immutability” and massive decentralisation? Are businesses short on something called “trust” that blockchain can deliver?  Or are the requirements actually different from what we’ve been led to believe, and if so, what are the implications for security and service delivery? I have found the following:

In more complex private (or permissioned) DLT applications, the interactions between security layers and the underlying consensus algorithm are subtle, and great care is needed to manage side effects. Indeed, security needs to be rethought from the ground up, with key management for encryption and access control matched to often new consensus methods appropriate to the business application. 

At InterConnect, IBM announced their Blockchain as a Service, running on the “Bluemix High security business network”.  IBM have re-thought security from the ground up.  In fact, working in the Hyperledger consortium, they have re-engineered the whole ledger proposition. 

And now I see a distinct shift in the expectations of blockchain and the words we will use to describe it.

For starters, third generation DLTs are not necessarily highly distributed. Let's face it, decentralization was always more about politics than security; the blockchain's originators were expressly anti-authoritarian, and many of its proponents still are. But a private ledger does not have to run on thousands of computers to achieve the security objectives.  Further, new DLTs certainly won't be public (R3 has been very clear about this too – confidentiality is normal in business but was never a consideration in the Bitcoin world).  This leads to a cascade of implications, which IBM and others have followed. 

When business requires confidentiality and permissions, there must be centralised administration of user keys and user registration, and that leaves the pure blockchain philosophy in the shade. So now the defining characteristics shift from distributed to concentrated.  To maintain a promise of immutability when you don't have thousands of peer-to-peer nodes requires a different security model, with hardware-protected keys, high-grade hosting, high availability, and special attention to insider threats. So IBM's private blockchains private blockchains run on the Hyperledger Fabric, hosted on z System mainframes.  They employ cryptographic modules certified to Common Criteria EAL 5-plus and FIPS-140 level 3. These are the highest levels of security certification available outside the military. Note carefully that this isn't specmanship.  With the public blockchain, the security of nodes shouldn't matter because the swarm, in theory, takes care of rogue miners and compromised machines, but the game changes when a ledger is more concentrated than distributed.  

Now, high-grade cryptography will become table stakes. In my mind, the really big thing that’s happening here is that Hyperledger and IBM are evolving what blockchain is really for. 

The famous properties of the original blockchain – immutability, decentralisation, transparency, freedom and trustlessness – came tightly bundled, expressly for the purpose of running peer-to-peer cryptocurrency.  It really was a one dimensional proposition; consensus in particular was all about the one thing that matters in e-cash: the uniqueness of each currency movement, to prevent Double Spend.

But most other business is much more complex than that.  If a group of companies comes together around a trade manifest for example, or a clinical trial, where there are multiple time-sensitive inputs coming from different types of participant, then what are they trying to reach consensus about?

The answer acknowledged by Hyperledger is "it depends". So they have broken down the idealistic public blockchain and seen the need for "pluggable policy".  Different private blockchains are going to have different rules and will concern themselves with different properties of the shared data.  And they will have different sub-sets of users participating in transactions, rather than everyone in the community voting on every single ledger entry (as is the case with Ethereum and Bitcoin).

These are exciting and timely developments.  While the first blockchain was inspirational, it’s being superseded now by far more flexible infrastructure to meet more sophisticated objectives.  I see us moving away from “ledgers” towards multi-dimensional constructs for planning and tracing complex deals between dynamic consortia, where everyone can be sure they have exactly the same picture of what’s going on

In another blog to come, I’ll look at the new language and concepts being used in Hyperledger Fabric, for finer grained control over the state of shared critical data, and the new wave of applications. 

Posted in Security, Cloud, Blockchain

Blockchain, Healthcare and the Bleeding Edge of R&D

Last month, over September 26-27, I attended a US government workshop on The Use of Blockchain in Healthcare and Research, organised by the Department of Health & Human Services Office of the National Coordinator (ONC) and hosted at NIST headquarters at Gaithersburg, Maryland. The workshop showcased a number of winning entries from ONC's Blockchain Challenge, and brought together a number of experts and practitioners from NIST and the Department of Homeland Security.

I presented an invited paper "Blockchain's Challenges in Real Life" (PDF) alongside other new research by Mance Harmon from Ping Identity, and Drummond Reed from Respect Network. All the workshop presentations, the Blockchain Challenge winners' papers and a number of the unsuccessful submissions are available on the ONC website. You will find contributions from major computer companies and consultancies, leading medical schools and universities, and a number of unaffiliated researchers.

I also sat on a panel session about identity innovation, joining entrepreneurs from Digital Bazaar, Factom, Respect Network, and XCELERATE, all of which are conducting R&D projects funded by the DHS Science and Technology division.

Around the same time as the workshop, I happened to finalise two new Constellation Research papers, on security and R&D practices for blockchain technologies. And that was timely, because I am afraid that once again, I have immersed myself in some of the most current blockchain thinking, only to find that key pieces of the puzzle are still missing.

Disclosure: I traveled to the Blockchain in Healthcare workshop as a guest of ONC, which paid for my transport and accommodation.

Three observations from the Workshop

There were two things I just did not get as I read the winning Blockchain Challenge papers and listened to the presentations. And I observe that there is one crucial element that most of the proposals are missing

Firstly, one of the most common themes across all of the papers was interoperability. A great challenge in e-health is indeed interoperability. Disparate health systems speak different languages, using different codes for the same medical procedures. Adoption of new standard terminologies and messaging standards, like HL-7 and ICD, is infamously slow, often taking a decade or longer. Large clinical systems are notoriously complex to implement, so along the way they invariably undergo major customisation, which makes each installation peculiar to its setting, and resistant to interfacing with other systems.

In the USA, Health Information Exchanges (HIEs) have been a common response to these problems, the idea being that an intermediary switching system can broker understanding between local e-health programs. But as anyone in the industry knows, HIEs have been easier said than done, to say the least.

According to many of the ONC challenge papers, blockchain is supposed to bring a breakthrough, yet no one has explained how a ledger will make the semantics of all these e-health silos suddenly compatible. Blockchain is a very specific protocol that addresses the order of entries in a distributed ledger, to prevent Double Spend without an administrator. Nothing about blockchain's fundamentals relates to the contents of messages, healthcare semantics, medical codes and so on. It just doesn't "do" interoperability! The complexity in healthcare is intrinsic to the subject matter; it cannot be willed away with any new storage technology.

The second thing I just didn't get about the workshop was the idea that blockchain will fix healthcare information silos. Several speakers stressed the problem that data is fragmented, concentrated in local repositories, and hard to find when needed. All true, but I don't see what blockchain can do about this. A consensus was reached at the workshop that personal information and Protected Health Information (PHI) should not be stored on the blockchain in any significant amounts (not just because of its sensitivity but also the sheer volume of electronic health records and images in particular). So if we're agreed that the blockchain could only hold pointers to health data, what difference can it make to the current complex of record systems?

Accenture Blockchain for Healthcare CURRENT STATE
Accenture Blockchain for Healthcare TARGET STATE


And my third problem at the workshop was the stark omission of key management. This is the central administrative challenge in any security system, of getting the right cryptographic keys and credentials into the right hands, so all parties can be sure who they are dealing with. The thing about blockchain is that it did away with key management. The genius of the original Bitcoin blockchain is it allows people to exchange guaranteed value without needing to know anything about each other. Blockchain actually dispenses with key management and it may be unique in the history of security for doing so (see also Blockchain has no meaning). But when we do need to know who's who in a health system – to be certain when various users really are authorised medicos, researchers, insurers or patients – then key management must return to the mix. And then things get complicated, much more complicated than the utopian setting of Bitcoin.

Moreover, healthcare is hierarchical. Inherent to the system are management structures, authorizations, credentialing bodies, quality assurance and audits – all the things that blockchain's creator Satoshi Nakamoto expressly tried to get rid of. As I explained in my workshop speech, if a blockchain deployment still has to involve third parties, then the benefits of the algorithm are lost. So said Nakamoto him/herself!

Steve Wilson Blockchain and Healthcare NIST ONC 26Sep16 (0 6)  THird Party

In my view, most blockchain for healthcare projects will discover, sooner or later, than once the necessary key management arrangements are taken care of, their choice of distributed ledger technology becomes inconsequential.

New Constellation Research on Blockchain Technologies

How to Secure Blockchain Technologies

Security for blockchains and Distributed Ledger Technologies (DLTs) have evolved quickly. As soon as interest in blockchain grew past crypto-currency into mainstream business applications, it became apparent that the core ledger would need to augmented with permissions for access control, and encryption for confidentiality. But what few people appreciate is that these measures conflict with the rationale of the original blockchain algorithm, which was expressly meant to dispel administration layers. The first of my new papers looks at these tensions, what they mean for public and private blockchain systems, paints a picture for third generation DLTs.

How to Conduct Effective Blockchain R&D

The uncomfortable marriage of ad hoc security and the early blockchain is indicative of a broader problem I've written about many times: too much blockchain "innovation" is proceeding with insufficient rigor. Which brings us to the second of my new papers. In the rush to apply blockchain to broader payments and real world assets, few entrepreneurs have been clear and precise about the problems they think they’re solving. If the R&D is not properly grounded, then the resulting solutions will be weak and will ultimately fail in the market. It must be appreciated that the original blockchain was only a prototype. Great care needs to be taken to learn from it and more rigorously adapt fast-evolving DLTs to enterprise needs.

Constellation ShortListTM for Distributed Ledger Technologies Labs

Finally, Constellation Research has launched a new product, the Constellation ShortListTM. These are punchy lists by our analysts of leading technologies in dozens of different categories, which will each be refreshed on a short cycle. The objective is to help buyers of technology when choosing offerings in new areas.

My Constellation ShortListTM for blockchain-related solution providers is now available here.

Posted in Security, Privacy, e-health, Constellation Research, Blockchain

Bitcoin's fragile power: It's meaningless

What do land titles, marriage certificates, diamonds, ballots, aircraft parts and medical records have in common? They are all apparently able to be managed "on the blockchain". But enough with the metaphors. What does it mean to be "on the blockchain"?

To put a physical asset "on" the blockchain requires two mappings. Firstly, the asset needs to be mapped onto a token. For example, the serial number or barcode of a part or a diamond is inserted as metadata into a blockchain transaction, to codify the transfer of ownership of the asset. Secondly, asset owners need to be mapped onto their respective blockchain wallet public keys (through the sort of agent or third party which Nakamoto, let's remember, expressly tried to get rid of with the P2P consensus algorithm). The mapping can be pseudonymous, but buyers and sellers of land for instance, need to be confident that the counterparties control the keys they claim to.

How does the "naked" blockchain get away without these mappings? It's because Bitcoins don't exist off-chain. In fact they don't exist "on" the chain either; the blockchain itself only records subtractions and additions of balances.

Furthermore, possession of the private key is the only thing that matters with Bitcoin. Control a wallet's private key and you control the wallet balance. The protocol doesn't care who is in control; it will simply ensure that a quantity of Bitcoin will be transferred from one wallet to another, regardless of who "owns" them.

So unlike any other cryptographic security system, Bitcoin key pairs need not be imbued with any extrinsic significance, or associated with (bound to) any real world attributes. Bitcoins have no symbolic meaning. And in fact that is blockchain's magic trick!

But to make tokens stand for anything else - anything real - breaks the spell. Symbols are defined by authorities, and keys and attributes can only be assigned by third parties. If you have administrators, you just don't need the additional overhead of the blockchain, which exists purely to get around Nakamoto's express assumption that nobody in his system of electronic cash was to be trusted.

Bitcoin is often said to be anonymous, but its special property is actually that it has no meaning. It's truly amazing that such a thing can have value and be relied upon, which is a testament to its architecture. Blockchain was deliberately designed for a non fiat crypto currency. It's brilliant yet very specific to its intended trust-less environment. To re-introduce trusted processes simply undoes the benefits of blockchain.

Posted in Trust, Security, Payments, Blockchain

Order emerging from the Blockchain storm

I’ve been a critic of Blockchain. Frankly I’ve never seen such a massed rush of blood to the head for a new technology. Breathless books are being churned out about “trust infrastructure” and an “Internet of Value”. They say Blockchain will keep politicians and business people honest, and enable “billions of excluded people to enter the global economy”.

Most pundits overlook the simple fact that Blockchain only does one thing: it lets you move Bitcoin (a digital bearer token) from one account to another without an umpire. And it doesn’t even do that very well, for the Proof of Work algorithm is stupendously inefficient. Blockchain can't magically make merchants keep up their side of a bargain. Surprise! You can still get ripped off paying with Bitcoin. Blockchain simply doesn’t do what the futurists think it does. In their hot flushes, they tend to be caught in a limbo between the real possibilities of distributed consensus today and a future that no one is seeing clearly.

But Blockchain does solve what was thought to be an impossible problem, and in the right hands, that insight can convert to real innovation. I’m happy to see some safe pairs of hands now emerging in the Blockchain storm.

One example is an investment being made by Ping Identity in Swirlds and its new “hashgraph” distributed consensus platform. Hashgraph has been designed from the ground up to deliver many of Blockchain’s vital properties (consensus on the order of events, and redundancy) in a far more efficient and robust manner.

And what is Ping doing with this platform? Well they’re not rushing out with vague promises to manufacture "trust" but instead they’re making babysteps on real problems in identity management. For starters, they’re applying the new hashgraph platform to Distributed Session Management (DSM). This is the challenge of verifiably shutting down all of a user’s multiple log-on sessions around the web when they take a break, suffer a hack, or lose their job. It's one of the great headaches of enterprise identity administration and is exploited in a great many cyberattacks.

Ping’s identity architects have carefully set out the problem they’re trying to solve, why it’s hard, and how existing approaches don’t deliver the desired security properties for session management. They then evaluated a number of consensus approaches - not just Blockchain but also Paxos and Raft – and discussed their limitations. The Ping team then landed on hashgraph, which appears to meet the needs, and also looks like it can deliver a range of advanced features.

In my view, Ping Identity’s work is the very model of mature security design. It’s an example of the care and attention to detail that other innovators should follow.

Swirld’s founder Dr Leemon Baird will be presenting hashgraph in more detail to the Cloud Identity Summit in New Orleans tomorrow (June 7th).

Posted in Security, Innovation, Identity, Blockchain

Almost everything you read about the blockchain is wrong

Almost everything you read about the blockchain is wrong. No new technology since the Internet itself has excited so many pundits, but blockchain just doesn’t do what most people seem to think it does. We’re all used to hype, and we can forgive genuine enthusiasm for shiny new technologies, but many of the claims being made for blockchain are just beyond the pale. It's not going to stamp out corruption in Africa; it's not going to crowdsource policing of the financial system; it's not going to give firefighters unlimited communication channels. So just what is it about blockchain?

The blockchain only does one thing (and it doesn’t even do that very well). It provides a way to verify the order in which entries are made to a ledger, without any centralized authority. In so doing, blockchain solves what security experts thought was an unsolvable problem – preventing the double spend of electronic cash without a central monetary authority. It’s an extraordinary solution, and it comes at an extraordinary price. A large proportion of the entire world’s computing resource has been put to work contributing to the consensus algorithm that continuously watches the state of the ledger. And it has to be so, in order to ward off brute force criminal attack.

How did an extravagant and very technical solution to a very specific problem capture the imagination of so many? Perhaps it’s been so long since the early noughties’ tech wreck that we’ve lost our herd immunity to the viral idea that technology can beget trust. Perhaps, as Arthur C. Clarke said, any sufficiently advanced technology looks like magic. Perhaps because the crypto currency Bitcoin really does have characteristics that could disrupt banking (and all the world hates the banks) blockchain by extension is taken to be universally disruptive. Or perhaps blockchain has simply (but simplistically) legitimized the utopian dream of decentralized computing.

Blockchain is antiauthoritarian and ruthlessly “trust-free”. The blockchain algorithm is rooted in politics; it was expressly designed to work without needing to trust any entity or coalition. Anyone at all can join the blockchain community and be part of the revolution.

The point of the blockchain is to track every single Bitcoin movement, detecting and rejecting double spends. Yet the blockchain APIs also allow other auxiliary data to be written into Bitcoin transactions, and thus tracked. So the suggested applications for blockchain extend far beyond payments, to the management of almost any asset imaginable, from land titles and intellectual property, to precious stones and medical records.

From a design perspective, the most troubling aspect of most non-payments proposals for the blockchain is the failure to explain why it’s better than a regular database. Blockchain does offer enormous redundancy and tamper resistance, thanks to a copy of the ledger staying up-to-date on thousands of computers all around the world, but why is that so much better than a digitally signed database with a good backup?

Remember what blockchain was specifically designed to do: resolve the order of entries in the ledger, in a peer-to-peer mode, without an administrator. When it comes to all-round security, blockchain falls short. It’s neither necessary nor sufficient for any enterprise security application I’ve yet seen. For instance, there is no native encryption for confidentiality; neither is there any access control for reading transactions, or writing new ones. The security qualities of confidentiality, authentication and, above all, authorization, all need to be layered on top of the basic architecture. ‘So what’ you might think; aren’t all security systems layered? Well yes, but the important missing layers undo some of the core assumptions blockchain is founded on, and that’s bad for the security architecture. In particular, as mentioned, blockchain needs massive scale, but access control, “permissioned” chains, and the hybrid private chains and side chains (put forward to meld the freedom of blockchain to the structures of business) all compromise the system’s integrity and fraud resistance.

And then there’s the slippery notion of trust. By “trust”, cryptographers mean so-called “out of band” or manual mechanisms, over and above the pure math and software, that deliver a security promise. Blockchain needs none of that ... so long as you confine yourself to Bitcoin. Many carefree commentators like to say blockchain and Bitcoin are separable, yet the connection runs deeper than they know. Bitcoins are the only things that are actually “on” the blockchain. When people refer to putting land titles or diamonds “on the blockchain”, they’re using a short hand that belies blockchain’s limitations. To represent any physical thing in the ledger requires a schema – a formal agreement as to which symbols in the data structure correspond to what property in the real world – and a binding of the owner of that property to the special private key (known in the trade as a Bitcoin wallet) used to sign each ledger entry. Who does that binding? How exactly do diamond traders, land dealers, doctors and lawyers get their blockchain keys in the first place, and how does the world know who’s who? These questions bring us back to the sorts of hierarchical authorities that blockchain was supposed to get rid of.

There is no utopia in blockchain. The truth is that when we fold real world management, permissions, authorities and trust, back on top of the blockchain, we undo the decentralization at the heart of the design. If we can’t get away from administrators then the idealistic peer-to-peer consensus algorithm of blockchain is academic, and simply too much to bear.

I’ve been studying blockchain for two years now. My latest in-depth report was recently published by Constellation Research.

Posted in Security, Internet, Innovation, Identity, Blockchain

Uniquely difficult

I was talking with government identity strategists earlier this week. We were circling (yet again) definitions of identity and attributes, and revisiting the reasonable idea that digital identities are "unique in a context". Regular readers will know I'm very interested in context. But in the same session we were discussing the public's understandable anxiety about national ID schemes. And I had a little epiphany that the word "unique" and the very idea of it may be unhelpful. I wonder if we could avoid using the word "uniqueness" wherever we can.

The link from uniqueness to troublesome national identity is not just perception; there is a real tendency for identity and access management (IDAM) systems to over-identify, with an obvious privacy penatly. Security professionals feel instinctively that they more they know about people, the more secure we all will be.

Whenever we think uniqueness is important, I wonder if there are really other more precise objectives that apply? Is "singularity" a better word for the property we're looking for? Or the mouthful "non-ambiguity"? In different use cases, what we really need to know can vary:

  • Is the person (or entity) accessing service the same as last time?
  • Is the person exercising a credential clear to use it? Delegation of digital identity actually makes "uniqueness" moot)
  • Does the Relying Party (RP) know the user "well enough" for the RP's purposes? That doesn't always mean uniquely.

I observe that when IDAM schemes come loaded with reference to uniqueness, it's tends to bias the way RPs do their identification and risk management designs. There is an expectation that uniqueness is important no matter what. Yet it is emerging that much fraud (most fraud?) exploits weaknesses at transaction time, not enrollment time: even if you are identified uniquely, you can still get defrauded by an attacker who takes over or bypasses your authenticator. So uniqueness in and of itself doesn't always help.

If people do want to use the word "unique" then they should have the discipline to always qualify it, as mentioned, as "unique in a context". But I have to say that "unique is a context" is not "unique".

Finally it's worth remembering that the word has long been degraded by the biometrics industry with their habit of calling most any biological trait "unique". There's a sad lack of precision here. No biometric as measured is ever unique! Every mode, even iris, has a non zero False Match Rate.

What's in a word? A lot! I'd like to see more rigorous use of the word "unique". At least let's be aware of what it means subliminally to the people we're talking with - be they technical or otherwise. With the word bandied around so much, engineers can tend to think uniqueness is always a designed objective, and laypeople can presume that every authentication scheme is out to fingerprint them. Literally.

Posted in Government, Identity, Privacy, Security

Card Not Present Fraud up another 25% YOY

The Australian Payments Clearing Association (APCA) releases card fraud statistics every six months for the preceding 12m period. For a decade now, Lockstep has been monitoring these figures, plotting the trend data and analysing what the industry is doing - and not doing - about Card Not Present fraud. Here is our summary for the financial year 2015 stats.

CNP trends pic to FY 2015

Card Not Present (CNP) fraud has grown over 25 percent year-on-year from FY2014, and now represents 84 percent of all fraud on Australian cards.

APCA evidently has an uneasy relationship with any of the industry's technological responses to CNP fraud, like the controversial 3D Secure, and tokenization. Neither get a mention in the latest payment fraud media release. Instead APCA puts the stress on shopper behaviour, describing the continuing worsening in fraud as "a timely reminder to Australians to remain vigilant when shopping online". Sadly, this ignores that fact that card data used for organised criminal CNP fraud comes from mass breaches of databases, not from websites. There is nothing that shoppers can do when using their cards online to stop them being stolen, because they're much more likely to get stolen from backend systems over which the shoppers have no control.

You can be as careful as you like online - you can even avoid Internet shopping entirely - and still have your card data stolen from a regular store and used in CNP attacks online.

APCA says:

    • "Financial institutions and law enforcement have been working together to target skimming at ATMs and in taxis and this, together with the industry’s progressive roll-out of chip-reading at ATMs, is starting to reflect in the fraud data".

That's true. Fraud by skimming and carding was halved by the smartcard rollout, and has remained low and steady in absolute terms for three years. But APCA errs when it goes on:

    • "Cardholders can help these efforts by always protecting their PINs and treating their cards like cash".

Safeguarding your physical card and PIN does nothing to prevent the mass breaches of card data held in backend databases.

A proper fix to replay attack is easily within reach, which would re-use the same cryptography that solves skimming and carding, and would restore a seamless payment experience for card holders. Apple for one has grasped the nettle, and is using its Secure Element-based Apple Pay method (established now for card present NFC payments) for Card Not Present transactions, in the app.

See also my 2012 paper Calling for a Uniform Approach to Card Fraud Offline and On" (PDF).

Abstract

The credit card payments system is a paragon of standardisation. No other industry has such a strong history of driving and adopting uniform technologies, infrastructure and business processes. No matter where you keep a bank account, you can use a globally branded credit card to go shopping in almost every corner of the world. The universal Four Party settlement model, and a long-standing card standard that works the same with ATMs and merchant terminals everywhere underpin seamless convenience. So with this determination to facilitate trustworthy and supremely convenient spending in every corner of the earth, it’s astonishing that the industry is still yet to standardise Internet payments. We settled on the EMV standard for in-store transactions, but online we use a wide range of confusing and largely ineffective security measures. As a result, Card Not Present (CNP) fraud is growing unchecked.

This article argues that all card payments should be properly secured using standardised hardware. In particular, CNP transactions should use the very same EMV chip and cryptography as do card present payments.

With all the innovation in payments leveraging cryptographic Secure Elements in mobile phones, perhaps at last we will see CNP payments modernise for web and mobile shopping.

Posted in Smartcards, Security, Payments, Innovation, Fraud

Weak links in the Blockchain

One of the silliest things I've read yet about blockchain came out in Business Insider Australia last week. They said that the blockchain “in effect” lets the crowd police the monetary system.

In the rush to make bigger and grander claims for the disruptive potential of blockchain, too many commentators are neglecting the foundations. If they think blockchain is important, then it’s all the more important they understand what it does well, and what it just doesn’t do at all.

Blockchain has one very clever, very innovative trick: it polices the order of special events (namely Bitcoin spends) without needing a central authority. The main “security” that blockchain provides is nottamper resistance or inviolability per se -- you can get that any number of ways using standard cryptography -- but rather it’s the process for a big network of nodes to reach agreement on the state of a distributed ledger, especially the order of updates to the ledger.

To say blockchain is “more secure” is a non sequitur. Security claims need context.

  • If what matters is agreeing ‘democratically’ on the order of events in a decentralised public ledger, without any central authority, then blockchain makes sense.
  • But if you don't care about the order of events, then blockchain is probably irrelevant or, at best, heavily over-engineered.
  • And if you do care about the order of events (like stock transactions) but you have some central authority in your system (like a stock exchange), then blockchain is not only over-engineered, but its much-admired maths is compromised by efforts to scale it down, into private chains and the like, for the power of the original blockchain consensus algorithm lies in its vast network, and the Bitcoin rewards for the miners that power it.

A great thing about blockchain is the innovation it has inspired. But let’s remember that the blockchain (the one underpinning Bitcoin) has been around for just seven years, and its spinoffs are barely out of the lab. Analysts and journalists are bound to be burnt if they over-reach at this early stage.

The initiatives to build smaller, private or special purpose distributed ledgers, to get away from Bitcoin and payments, detract from the original innovation, in two important ways. Firstly, even if they replace the Bitcoin incentive for running the network (i.e. mining or “proof of work”) with some other economic model (like “proof of stake”), they compromise the tamper resistance of blockchain by shrinking the pool. And secondly, as soon as you fold some command and control back into the original utopia, blockchain’s raison d'etre is no longer clear, and its construction looks over-engineered.

Business journalists are supposed to be sceptical about technology, but many have apparently taken leave of their critical faculties, even talking up blockchain as a "trust machine". You don’t need to be a cryptographer to understand the essence of blockchain, you just have to be cautious with magic words like “open” and “decentralised”, and the old saw "trust". What do they really mean? Blockchain does things that not all applications really need, and it doesn't do what many apps do need, like access control and confidentiality.

Didn't we learn from PKI that technology doesn't confer trust? It's been claimed that putting land titles on the blockchain will prevent government corruption. To which I say, please heed Bruce Schneier, who said only amateurs hack computers; professional criminals hack people.

Posted in Security, Payments, Innovation, Blockchain, Trust