The Weakest Security Links in the (Block)ChainDespite the technology's promise to transform how business is done, there are significant limitations and potential risks at the intersection of the digital and physical worlds.
There is no lack of buzz around blockchain. Though commonly known in relation to cryptocurrencies, blockchain is moving beyond financial services and will become an integral part of all future commercial transactions.
Despite the technology's promise to transform business operations, there are significant limitations and potential risks that are often overlooked. Those risks reside at the intersection of the digital and physical worlds. The good news is that there are solutions to address those risks, but adopters of blockchain first need to recognize that they exist.
The Security Value Premise of Blockchain
Fundamentally, blockchain technology enables the recording of events or transactions on a distributed ledger. This ledger is shared and accessible to all participants, not owned by any, and records data securely, immutably, and permanently. Essentially, a blockchain is a constantly growing set of interdependent blocks containing data, with each block recording an event or transaction. The game changer is that those blocks are distributed across a decentralized network, and every member of the network has his or her own copy of the entire blockchain.
If blockchain essentially is a digital record keeper, then blockchain is only valuable if those records can be trusted. Blockchain is trustworthy because of the decentralized nature of the network and the new database structure. The broad distribution of many copies of the blockchain provides an unprecedented level of trust because no single party controls the data and there is no single point of failure or tampering risk. Any authorized amendment to a pre-existing transaction is done by creating a new block — the original block remains intact and becomes part of the permanent history.
The value of blockchain is the guarantee of immutable data throughout the entire chain. But the digital world increasingly needs to connect and interact with the physical world. Although the security of the blockchain architecture is well established, its value is severely compromised if you can't ensure the same level of security for data before it is recorded into, or after it is accessed from, the blockchain. Only when this problem is successfully addressed can you claim to have an end-to-end solution.
In other words, the problem with migrating blockchain outside of financial services and into distributed edge computing applications — especially, the Internet of Things (IoT) and the Industrial Internet of Things (IIoT) — is that data can be corrupted before it's added to the blockchain. If corrupt data infiltrates the blockchain, the benefits are lost.
In the real world, the ends of the blockchain are the physical assets — i.e., in commercial, industrial, supply chain, IoT, and IIoT applications — for the data and records to get into the blockchain, companies need an interface and physical data storage for the data related to those assets.
Most hardware isn't secure — whether it's the storage or the interface, there is frequently a direct trade-off between security and usability. Additionally, the most common memory architectures used today are specifically designed to allow simple access and reprogramming, almost inviting tampering by bad actors. Data manipulated before being added to the blockchain would be unreliable, rendering the entire chain of trustworthy transmission and recording useless.
Trustworthy Data at the Edge: A New Approach to Distributed Hardware
With the rise of edge computing, security breaches at the edge of the network continue to plague businesses. Achieving data security at the hardware level offers users a consistent level of confidence both within and without the blockchain.
A new approach to protecting data at the edge is to securely embed it into the physical things and assets to which it relates. By placing highly secure chips directly on assets, critical assets or process data can be reliably stored, written, read, and exchanged in the distributed physical environment. Highly durable and rugged memory can ensure the data survives extreme environmental conditions regardless of where the asset travels.
Using this approach, data and documents can be stored at the point of use, directly onto physical assets in a distributed environment, and the information can be exchanged with the network using IoT or other communication or networking environments and protocols. Securing the data at the physical level ensures anything recorded in the blockchain is also trustworthy end-to-end.
Real-World Applications of Blockchain at the Edge, in IoT and IIoT
One of the most natural applications of blockchain and secure distributed asset data is the multiparty, multitouch, highly decentralized world of supply chain management. Asset-level secure data combined with a blockchain architecture provide multilevel visibility across the global supply chain, decreased administrative costs, and authentication against counterfeit products. The benefits are clear — increased traceability of products and assets to ensure corporate and regulatory standards are met; improved visibility and compliance when outsourcing manufacturing; verification of origin and pedigree of products in the supply chain, eliminating losses from counterfeiting; and reduced paperwork and administrative costs.
Several industries have already taken the lead on deploying embedded asset intelligence or blockchain technologies — from highly vulnerable products of healthcare, pharma and food companies, to unique use cases of luxury goods companies, high-end manufacturers, and aerospace players. Those companies have been using tags, chips, sensors, and software applications to track, secure, and validate origin of products, trace all the way from manufacturer to end user, and enable anyone in the chain with information and insights along the way.
Blockchain's distributed ledgers are a potent way to securely capture and share transaction and other business information, driving improvements in existing business processes and new ways of doing business. In the real economy, the blockchain needs to reflect data derived from myriad connections to physical things. That intersection of blockchain and hardware, the interface where data are fed to the blockchain, as well as storing it at the edge, is where the otherwise immutable chain is the weakest. Fortunately, technologies to securely store and embed data into physical things already exist and can be utilized to further fortify the entire chain and help deliver on its enormous promises.
Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.
Drew Peck, Executive Director at Tego
Drew Peck is an Executive Director at Tego. He currently serves in an advisory capacity on several semiconductor company boards, focusing on IP and finance issues. He has been involved in the semiconductor industry for 40 years, first in ... View Full Bio