Anil John, profile picture
Uploaded byAnil John
6,376 views

Blockchain Security and Privacy

The document outlines the Department of Homeland Security's (DHS) exploration of blockchain technology for enhancing security and privacy within the homeland security enterprise. Key aspects include the evaluation of current blockchain capabilities, identifying gaps in existing technologies, and proposing research and development initiatives focused on identity management and decentralized systems. The findings emphasize the need for careful architecture design, data privacy considerations, and developing effective decentralized key management solutions to promote enterprise adoption of blockchain.

Embed presentation

Blockchain Security and Privacy Why Does It Matter to the Homeland Security Enterprise?
Overview of the DHS Blockchain Journey • Initial Blockchain Security and Privacy R&D Investments 2+ Years Ago • Understand Support (or lack thereof) for Security and Privacy Concepts • Understand Gain to Pain Ratio Necessary for Enterprise Integration • Results of Initial R&D Project investments • Lessons Learned Regarding Architecture and Design • Identified Capability Gaps in Existing Blockchain technologies • DHS S&T’s Current R&D Investments to Close Blockchain Capability Gaps • Why does Blockchain matter to the Homeland Security Enterprise (HSE)? • HSE Use Cases for Blockchain
An Obscure Technical Paper in 2008 Solving a Very Specific Problem (“prevent double spend”) … Bitcoin: A Peer-to-Peer Electronic Cash System By Satoshi Nakamoto satoshi@gmx.com www.bitcoin.org 3 “We propose a solution to the double-spending problem using a peer-to-peer network.”
… Has Become a Globally Visible Bright and Shiny Object and a Source of “Irrational Exuberance” 4
State of Blockchain as Digital Infrastructure • “… lets users – the crowd – police the monetary system” • “… initiative in Africa to stamp out corruption” • “… provide unlimited communication channels” • “ … get rid of lawyers via smart contracts” The underlying distributed electronic ledger technology that makes the Bitcoin currency possible has some interesting properties • No central authority needed to reconcile the order of transactions • Parties in the transaction do not need an existing trust relationship • Immutability of records after reconciliation • Alignment of incentives to keep system in motion Security Privacy Gain/Pain Hype Reality 5
What R&D Does DHS S&T Need to Invest in… … to Ensure Blockchain’s Relevance to HSE? Priorities • Projects to develop digital currency forensics tools • Projects to design information security and privacy concepts using blockchain technology to support identity management • Projects to understand immutability of records and integration architectures R&D Performers (2015-2016) • Anonymous Networks & Currencies • Ciphertrace • Identity & Data Privacy • Digital Bazaar, Inc • Respect Network Corporation • Narf Industries, LLC • Celerity Government Solutions • Immutability & Integration • Factom 6
Lessons Learned (To Date) from R&D Investments Made Over the Last Two Years … 7 Principle Bitcoin Ethereum Stellar IPFS Blockstack Hashgraph Confidentiality None None None Hash-based content addresses None None Information Availability Block Mirroring Block Mirroring Ledger Mirroring Graph and file Mirroring Block Mirroring / DHT Mirroring Hashgraph Mirroring; optional event history Integrity Multiple block verifications Multiple block verifications Latest block verification Hash-based content addressing Multiple block verifications Consensus with probability one Non-repudiation Digital signatures Digital signatures Digital signatures Digital signatures Digital signatures Digital signatures Provenance Transaction inputs/outputs Ethereum state machine and transition functions Digitally signed ledger transition instructions Digital signatures and versioning Transaction inputs & outputs and virtualchain references Hashgraph Mirroring; optional event history Pseudonymity Public keys Public keys and contract addresses Public keys Public keys Public keys, but public information encouraged Not supported; could be layered Selective Disclosure None None None None Selective access to encrypted storage Not supported; could be layered Many Different Types of Distributed Ledgers (Blockchains) – Security & Privacy - Research results from S&T funded R&D conducted by Digital Bazaar
Lessons Learned (To Date) from R&D Investments Made Over the Last Two Years … 8 Many Different Types of Distributed Ledgers (Blockchains) – Performance Principle Bitcoin Ethereum Stellar IPFS Blockstack Hashgraph Consistency Block verifications. 30-60 minutes Block verifications. 20- 60 minutes Single block verification. Less than 1 minute P2P mirroring. Limited primarily by network I/O. Several seconds for files less than 128KB. Block verifications. 30- 60 minutes Consensus with probability one; Byzantine agreement, but attackers must control less than one-third System Availability Block verifications. 30-60 minutes Block verifications. 20- 60 minutes Single block verification. Less than 1 minute. Single storage request response. Several seconds for files less than 128KB Block verifications. 30- 60 minutes Virtual voting; DoS resistant w/o proof- of-work, fast gossip Failure Tolerance Longest chain wins Longest chain wins Last balloted block always has consensus. Content address hash. Highly resilient against network partitioning Longest chain wins Strong Byzantine fault tolerance Scalability Block size. 7 transactions per second Block size. 7-20 transactions per second Thousands to tens of thousands of transactions per second. Thousands to tens of thousands of transactions per second. Scales linearly as nodes are added. Block size. 7 transactions per second Thousands to tens of thousands of transactions per second. Limited by bandwidth only Latency Block verifications. 30-60 minutes Block verifications. 20- 60 minutes Single block verification. Less than 1 minute. Single storage request response. Several seconds for files less than 128KB. Block verifications. 30- 60 minutes Virtual voting; limited only by exponentially fast gossip protocol Auditability Full Full Full Difficult Full Configurable Liveliness Full Full Full Fails if nodes storing data fail Full Full Denial of Service Resistance Spend Bitcoin Spend Ether Spend Stellar Files are only mirrored if requested Spend Bitcoin Signed State / Proof-of-stake / < 1/3 attackers System Complexity Medium High Medium Medium Medium High Low, but not full system - Research results from S&T funded R&D conducted by Digital Bazaar
Lessons Learned (To Date) from R&D Investments Made Over the Last Two Years … • Architecture and design cannot be hand-waved away • Integration points with existing environments • What is stored on-chain vs. off-chain? Pointers from on-chain to off-chain? Decentralized Identifiers. • Private ledgers that can be anchored in public blockchains? • Immutability of records combined with encryption as a privacy tool is gated by the reality that encryption has a time to live which will eventually run out; this has implications • Distributed key management is not a solved problem, but needs to be for scalable deployment • There is no one-size-fits-all ledger data format, and standards for how to create the “data payload” that is written to a ledger are critical to interoperability across Blockchain implementations • Smart contracts are relatively immature and the contract execution environment must balance the security needs of the node with providing a richer (more error-prone) language • Permissioned distributed ledger technologies may be more suitable for leveraging existing business relationships and regulatory frameworks BUT they are less suitable when the parties in question do not have an existing contractual/legal/”trust” relationship 9
“When you complain, nobody wants to help you” -- Stephen Hawking 10
Immutability of NPE and IoT Data & Enterprise Integration Design Practices Principal Investigator Peter Kirby Factom, Inc. (@factom) via DHS Silicon Valley Innovation Program Project Overview • Understand the architecture choices and trade-offs inherent in building and maintaining a time-stamped, immutable data record on a Permissioned Blockchain implementation • Develop prototypes a using variety of IOT devices (current focus is imagery and sensor data). • Identification of Anti-Spoofing as a Capability Gap 11
Identity and Anti-Spoofing of Non-Person Entities via DHS Silicon Valley Innovation Program OTS Call (HSHQDC-17-R-00051) • Seeking a comprehensive anti-spoofing solution for IoT and more … • High assurance in the identity of a network element • Integrity and, as appropriate, confidentiality of the data flowing to and from the network element • Compensating controls to address legacy elements that cannot be retro-fitted with modern technical approaches • Support for low power/bandwidth/compute constrained devices • Protocol, payload and policy considerations to ensure interoperability in a diverse operational environment https://go.usa.gov/x5w2U
Privacy Enhancing Population Scale Attribute Delivery & Enterprise Integration Principal Investigator Dmitry Barinov SecureKey Technologies (@SecureKey) via DIACC Project Overview • Design, develop and implement a population scale architecture that clearly separates login capabilities from attribute delivery while preserving the providing the following capabilities: • No centralized authority and single points of failure • Secure, blinded infrastructure; no visibility into data from any central infrastructure • Decentralized, secure and private data architecture • Consent and control • Book keeping, auditing and billing 13
De-Centralized Key Management System Principal Investigator Drummond Reed Evernym, Inc. (@evernym) Project Overview • Develop the concepts and methods needed to demonstrate the implementation of information security as well as privacy concepts on distributed ledger (blockchain) technologies. • Design, develop and implement de-centralized identifiers using the Sovrin ledger (Now Hyperledger Project Indy) • Develop a de-centralized key management system using the NIST 800-130 CKMS framework and demonstrate the functionality and usability of such a solution for key recovery 14
Flexible Ledgers Supporting Verifiable Claims Principal Investigator Manu Sporny Digital Bazaar, Inc. (@digitalbazaar) Project Overview • Develop the concepts and methods needed to demonstrate the implementation of information security as well as privacy concepts on distributed ledger (blockchain) technologies. • Implement a generalized, configurable ledger technology that can support application specific needs while using a common, extensible core data model • Drive the standardization of this interoperable approach via the W3C Verifiable Claims WG • Deploy and demonstrate the capability using specific HSE use cases 15
HSE Use Cases Motivating R&D
Immutable Logging to Ensure Resiliency, Integrity and Independent Validation of IoT Device and Sensor Data 17
Improving International Passenger Processing Eligibility to Travel Linking Eligibility to Person at Checkpoint Airline Check-In Eligibility to Travel Linking Eligibility to Person at Checkpoint Aviation Security Eligibility to Travel Linking Eligibility to Person at Checkpoint Host Exit Eligibility to Travel Linking Eligibility to Person at Checkpoint CBP FIS Eligibility to Travel Linking Eligibility to Person at Checkpoint Jet way 1 2 3 54 7
Streamlining and Enhancing International Trade Facilitation 1 2 3 8
Digital Counter-Fraud Tactics and Technologies to Mitigate Forgery & Counterfeiting of Official Licenses & Certificates • Person-ownership of verifiable claims and certificates • Selective disclosure of claim information with the Person’s consent • Pluralism of operators and technologies • Support for online and off-line presentation of claim • Non-CRL based revocation methods (Issuer initiated, Person initiated and/or Multi-sig based) that removes issuer dependency • Very high resistance to data deletion, modification, masking or tampering 20 Issuer Verifier Person ClaimIssue Claim Register Proof of Claim Integrity & Provenance Present Claim > < Verify Ownership Validate Claim Integrity & Provenance Blockchain Registry
Conclusions and Considerations • Rip-n-Replace is NOT a successful path to Enterprise Integration • Thoughtful, creative, system architectures and design play crucial roles when it comes to meeting the Gain to Pain ratio threshold of any Enterprise adoption • Data privacy continues to be a critical component of any distributed solution • Distributed key management is not a solved problem • This is an active problem that needs to be addressed to see any type of scalable deployment • Interoperability requires addressing protocol, payload and policy aspects of any solution • Payload == Ledger Data Format • Standards matter to ensure solution diversity and to avoid tech lock-in 21 DHS S&T is making targeted R&D investments to close the above identified capability gaps. We look forward to collaborating with other stakeholders who have shared interests!
Anil John Program Manager Cybersecurity R&D anil.john@hq.dhs.gov Identity Management R&D https://www.dhs.gov/science-and-technology/csd-idm Science & Technology IDAM Engine https://www.dhs.gov/science-and-technology/idam-e Silicon Valley Innovation Program https://www.dhs.gov/science-and-technology/hsip
A Practical Model for Digital Identity & Privacy User Sign-In •Issuance •Authentication •Revocation •Derivation Verified Person •Establishment •Resolution •Validation •Verification •Event Notification Consent and Authorization •Enrollment •Consent •Delegation •Authorization Trusted Digital Identity •User Experience •User Notification Trusted and Standardized Infrastructure Privacy Controls Security Controls Fraud Prevention Scalability Resiliency Interoperability Adapted from identity componentization concepts refined by IMSC/DIACC 23

More Related Content

PDF
Blockchain Security Issues and Challenges
byMerlec Mpyana
 
PPTX
Blockchain Security
byMunawar Hussain
 
PPTX
The Blockchain - The Technology behind Bitcoin
byJérôme Kehrli
 
PPTX
What is the future of blockchain in cybersecurity
byBlockchain Council
 
PDF
Understanding Blockchain Security
byITU
 
PPTX
Blockchain in cyber security
byzaarahary
 
PPTX
Introducing r3 corda™ a distributed ledger designed for financial services
byRazi Rais
 
PDF
Bitcoin Blockchain - Under the Hood
byGalin Dinkov
 
Blockchain Security Issues and Challenges
byMerlec Mpyana
 
Blockchain Security
byMunawar Hussain
 
The Blockchain - The Technology behind Bitcoin
byJérôme Kehrli
 
What is the future of blockchain in cybersecurity
byBlockchain Council
 
Understanding Blockchain Security
byITU
 
Blockchain in cyber security
byzaarahary
 
Introducing r3 corda™ a distributed ledger designed for financial services
byRazi Rais
 
Bitcoin Blockchain - Under the Hood
byGalin Dinkov
 

What's hot

PPTX
BLOCK CHAIN
bySaima Mustafa
 
PPTX
Security and privacy with blockchain
byCeline George
 
PPTX
Block chain technology and its applications
byABHISHEK JAIN
 
PPTX
Blockchain
byAmit Kumar
 
PDF
Introduction to Blockchain
byMalak Abu Hammad
 
PDF
Blockchain: The New Technology and Its Applications for Libraries
byBohyun Kim
 
PPTX
A Secure Model of IoT Using Blockchain
byAltoros
 
PPTX
Overview of Blockchain Consensus Mechanisms
byJohannes Ahlmann
 
PPTX
Blockchain and Cybersecurity
bygppcpa
 
PDF
Blockchain and Cryptocurrency for Dummies
byNarudom Roongsiriwong, CISSP
 
PPTX
Block chain technology
byMd. Syful Azam
 
PPTX
Blockchain concepts
byMurughan Palaniachari
 
PPTX
Blockchain 101 by imran bashir
byImran Bashir
 
PPTX
Blockchain
byPedramDehghanpour
 
PPTX
Blockchain ppt
byabhi sharma
 
PDF
Blockchain Study(1) - What is Blockchain?
byFermat Jade
 
PPTX
Blockchain Technology
byNimmy Solomon
 
PPTX
Blockchain consensus algorithms
byAnurag Dashputre
 
PDF
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
byEdureka!
 
PPTX
What is merkle tree
byCeline George
 
BLOCK CHAIN
bySaima Mustafa
 
Security and privacy with blockchain
byCeline George
 
Block chain technology and its applications
byABHISHEK JAIN
 
Blockchain
byAmit Kumar
 
Introduction to Blockchain
byMalak Abu Hammad
 
Blockchain: The New Technology and Its Applications for Libraries
byBohyun Kim
 
A Secure Model of IoT Using Blockchain
byAltoros
 
Overview of Blockchain Consensus Mechanisms
byJohannes Ahlmann
 
Blockchain and Cybersecurity
bygppcpa
 
Blockchain and Cryptocurrency for Dummies
byNarudom Roongsiriwong, CISSP
 
Block chain technology
byMd. Syful Azam
 
Blockchain concepts
byMurughan Palaniachari
 
Blockchain 101 by imran bashir
byImran Bashir
 
Blockchain
byPedramDehghanpour
 
Blockchain ppt
byabhi sharma
 
Blockchain Study(1) - What is Blockchain?
byFermat Jade
 
Blockchain Technology
byNimmy Solomon
 
Blockchain consensus algorithms
byAnurag Dashputre
 
Blockchain Explained | Blockchain Simplified | Blockchain Technology | Blockc...
byEdureka!
 
What is merkle tree
byCeline George
 

Viewers also liked

PPTX
Decentralized disruption
byAntti Kettunen
 
PPTX
Rieks Joosten
bybcined
 
PDF
DCG Enterprise Blockchain Workshop Oct 2017
byDigital Currency Group
 
PDF
Digital Currency: Regulatory Perspective from IDFPR
byDigital Currency Group
 
PDF
DCG Tech Summit - Opening Remarks
byDigital Currency Group
 
PPTX
Trust, Blockchains, and Self-Soveriegn Identity
byPhil Windley
 
Decentralized disruption
byAntti Kettunen
 
Rieks Joosten
bybcined
 
DCG Enterprise Blockchain Workshop Oct 2017
byDigital Currency Group
 
Digital Currency: Regulatory Perspective from IDFPR
byDigital Currency Group
 
DCG Tech Summit - Opening Remarks
byDigital Currency Group
 
Trust, Blockchains, and Self-Soveriegn Identity
byPhil Windley
 

Similar to Blockchain Security and Privacy

PPTX
The Blockchain and the Future of Cybersecurity
byKevin Cedeño, CISM, CISA
 
PPTX
Ten Blockchain Applications
byAhmed Banafa
 
PPTX
Application of Blockchain Technologies in Digital Forensics
byMahdi_Fahmideh
 
PDF
Blockchain R&D to Decentralized Identity Deployment
byAnil John
 
PPTX
Block chain introduction to the world and how we can utilise it
byMichealDsouza1
 
PPTX
Block chain introduction to the world and how we can utilise it
byMichealDsouza1
 
PPTX
Blockchain Advances & its Applications.pptx
byMohamedMansour421585
 
PDF
Blockchain - Beyond the Hype
bySalman Baset
 
PDF
Blockchain Technology in Cybersecurity.pdf
bySoluLab1231
 
PDF
Blockchain As An Enabler_16 July 2016_David Lee_Final
byDavid Lee Kuo Chuen 李国权
 
PDF
Blockchain and Its Applications in the Real World
byIRJET Journal
 
PDF
Keynote: Blockchain Technology: a Sustainable Concept for the Future?
byIngo Weber
 
PPTX
Blockchain Perspective - Internet of Memorable Things
byTim Lackey
 
PDF
Blockchain - Primer for City CIOs v05 01 22.pdf
byssusera441c2
 
PDF
The Microsoft vision for Blockchain
byASPEX_BE
 
PDF
InfiniteChain White Paper
byInfiniteChain
 
PDF
IRJET- Consensus Mechanism on Secure Challenges in Blockchain Networks
byIRJET Journal
 
PDF
2019 blockchain economy
byHeung-No Lee
 
PDF
Blockchain v Cryptocurrency: Talk for BridgeSF
byKaliya "Identity Woman" Young
 
PPTX
Blockchain and its application
byVirtualcode
 
The Blockchain and the Future of Cybersecurity
byKevin Cedeño, CISM, CISA
 
Ten Blockchain Applications
byAhmed Banafa
 
Application of Blockchain Technologies in Digital Forensics
byMahdi_Fahmideh
 
Blockchain R&D to Decentralized Identity Deployment
byAnil John
 
Block chain introduction to the world and how we can utilise it
byMichealDsouza1
 
Block chain introduction to the world and how we can utilise it
byMichealDsouza1
 
Blockchain Advances & its Applications.pptx
byMohamedMansour421585
 
Blockchain - Beyond the Hype
bySalman Baset
 
Blockchain Technology in Cybersecurity.pdf
bySoluLab1231
 
Blockchain As An Enabler_16 July 2016_David Lee_Final
byDavid Lee Kuo Chuen 李国权
 
Blockchain and Its Applications in the Real World
byIRJET Journal
 
Keynote: Blockchain Technology: a Sustainable Concept for the Future?
byIngo Weber
 
Blockchain Perspective - Internet of Memorable Things
byTim Lackey
 
Blockchain - Primer for City CIOs v05 01 22.pdf
byssusera441c2
 
The Microsoft vision for Blockchain
byASPEX_BE
 
InfiniteChain White Paper
byInfiniteChain
 
IRJET- Consensus Mechanism on Secure Challenges in Blockchain Networks
byIRJET Journal
 
2019 blockchain economy
byHeung-No Lee
 
Blockchain v Cryptocurrency: Talk for BridgeSF
byKaliya "Identity Woman" Young
 
Blockchain and its application
byVirtualcode
 

Recently uploaded

PDF
Oracle MySQL HeatWave - Complete - Version 3
byLuca Bonesini
 
PPTX
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
PDF
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
PDF
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
PDF
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
PPTX
Explaining ourselves – people, computers and AI
byAlan Dix
 
PDF
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
PDF
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
PPTX
Streamlining Business Processes with UiPath Apps
byTracy Dixon
 
PDF
IDSECCONF2025 - Nosa Shandy - Discovering and Disclosing Privacy Vulnerabilit...
byidsecconf
 
PDF
AWS Cloud Technical Essentials - AWS Certificate
byVICTOR MAESTRE RAMIREZ
 
PPTX
Redcentric Data Centres: vision, mission and values
byRedcentric
 
PDF
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
PDF
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
PDF
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
PPTX
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
PDF
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
PDF
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
PDF
UnityNet AI Induced Harm & Youth Protection Position Statement 2025-11-15
byLHelferty
 
PPTX
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 
Oracle MySQL HeatWave - Complete - Version 3
byLuca Bonesini
 
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
Explaining ourselves – people, computers and AI
byAlan Dix
 
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
Building Powerful Web Apps to Improve Productivity and Engagement - Esri UK W...
byEsri UK
 
Streamlining Business Processes with UiPath Apps
byTracy Dixon
 
IDSECCONF2025 - Nosa Shandy - Discovering and Disclosing Privacy Vulnerabilit...
byidsecconf
 
AWS Cloud Technical Essentials - AWS Certificate
byVICTOR MAESTRE RAMIREZ
 
Redcentric Data Centres: vision, mission and values
byRedcentric
 
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
UnityNet AI Induced Harm & Youth Protection Position Statement 2025-11-15
byLHelferty
 
The power of Slack and MuleSoft | Bangalore MuleSoft Meetup #60
byshyamraj55
 

Blockchain Security and Privacy

  • 1.
    Blockchain Security andPrivacy Why Does It Matter to the Homeland Security Enterprise?
  • 2.
    Overview of theDHS Blockchain Journey • Initial Blockchain Security and Privacy R&D Investments 2+ Years Ago • Understand Support (or lack thereof) for Security and Privacy Concepts • Understand Gain to Pain Ratio Necessary for Enterprise Integration • Results of Initial R&D Project investments • Lessons Learned Regarding Architecture and Design • Identified Capability Gaps in Existing Blockchain technologies • DHS S&T’s Current R&D Investments to Close Blockchain Capability Gaps • Why does Blockchain matter to the Homeland Security Enterprise (HSE)? • HSE Use Cases for Blockchain
  • 3.
    An Obscure TechnicalPaper in 2008 Solving a Very Specific Problem (“prevent double spend”) … Bitcoin: A Peer-to-Peer Electronic Cash System By Satoshi Nakamoto [email protected] www.bitcoin.org 3 “We propose a solution to the double-spending problem using a peer-to-peer network.”
  • 4.
    … Has Becomea Globally Visible Bright and Shiny Object and a Source of “Irrational Exuberance” 4
  • 5.
    State of Blockchainas Digital Infrastructure • “… lets users – the crowd – police the monetary system” • “… initiative in Africa to stamp out corruption” • “… provide unlimited communication channels” • “ … get rid of lawyers via smart contracts” The underlying distributed electronic ledger technology that makes the Bitcoin currency possible has some interesting properties • No central authority needed to reconcile the order of transactions • Parties in the transaction do not need an existing trust relationship • Immutability of records after reconciliation • Alignment of incentives to keep system in motion Security Privacy Gain/Pain Hype Reality 5
  • 6.
    What R&D DoesDHS S&T Need to Invest in… … to Ensure Blockchain’s Relevance to HSE? Priorities • Projects to develop digital currency forensics tools • Projects to design information security and privacy concepts using blockchain technology to support identity management • Projects to understand immutability of records and integration architectures R&D Performers (2015-2016) • Anonymous Networks & Currencies • Ciphertrace • Identity & Data Privacy • Digital Bazaar, Inc • Respect Network Corporation • Narf Industries, LLC • Celerity Government Solutions • Immutability & Integration • Factom 6
  • 7.
    Lessons Learned (ToDate) from R&D Investments Made Over the Last Two Years … 7 Principle Bitcoin Ethereum Stellar IPFS Blockstack Hashgraph Confidentiality None None None Hash-based content addresses None None Information Availability Block Mirroring Block Mirroring Ledger Mirroring Graph and file Mirroring Block Mirroring / DHT Mirroring Hashgraph Mirroring; optional event history Integrity Multiple block verifications Multiple block verifications Latest block verification Hash-based content addressing Multiple block verifications Consensus with probability one Non-repudiation Digital signatures Digital signatures Digital signatures Digital signatures Digital signatures Digital signatures Provenance Transaction inputs/outputs Ethereum state machine and transition functions Digitally signed ledger transition instructions Digital signatures and versioning Transaction inputs & outputs and virtualchain references Hashgraph Mirroring; optional event history Pseudonymity Public keys Public keys and contract addresses Public keys Public keys Public keys, but public information encouraged Not supported; could be layered Selective Disclosure None None None None Selective access to encrypted storage Not supported; could be layered Many Different Types of Distributed Ledgers (Blockchains) – Security & Privacy - Research results from S&T funded R&D conducted by Digital Bazaar
  • 8.
    Lessons Learned (ToDate) from R&D Investments Made Over the Last Two Years … 8 Many Different Types of Distributed Ledgers (Blockchains) – Performance Principle Bitcoin Ethereum Stellar IPFS Blockstack Hashgraph Consistency Block verifications. 30-60 minutes Block verifications. 20- 60 minutes Single block verification. Less than 1 minute P2P mirroring. Limited primarily by network I/O. Several seconds for files less than 128KB. Block verifications. 30- 60 minutes Consensus with probability one; Byzantine agreement, but attackers must control less than one-third System Availability Block verifications. 30-60 minutes Block verifications. 20- 60 minutes Single block verification. Less than 1 minute. Single storage request response. Several seconds for files less than 128KB Block verifications. 30- 60 minutes Virtual voting; DoS resistant w/o proof- of-work, fast gossip Failure Tolerance Longest chain wins Longest chain wins Last balloted block always has consensus. Content address hash. Highly resilient against network partitioning Longest chain wins Strong Byzantine fault tolerance Scalability Block size. 7 transactions per second Block size. 7-20 transactions per second Thousands to tens of thousands of transactions per second. Thousands to tens of thousands of transactions per second. Scales linearly as nodes are added. Block size. 7 transactions per second Thousands to tens of thousands of transactions per second. Limited by bandwidth only Latency Block verifications. 30-60 minutes Block verifications. 20- 60 minutes Single block verification. Less than 1 minute. Single storage request response. Several seconds for files less than 128KB. Block verifications. 30- 60 minutes Virtual voting; limited only by exponentially fast gossip protocol Auditability Full Full Full Difficult Full Configurable Liveliness Full Full Full Fails if nodes storing data fail Full Full Denial of Service Resistance Spend Bitcoin Spend Ether Spend Stellar Files are only mirrored if requested Spend Bitcoin Signed State / Proof-of-stake / < 1/3 attackers System Complexity Medium High Medium Medium Medium High Low, but not full system - Research results from S&T funded R&D conducted by Digital Bazaar
  • 9.
    Lessons Learned (ToDate) from R&D Investments Made Over the Last Two Years … • Architecture and design cannot be hand-waved away • Integration points with existing environments • What is stored on-chain vs. off-chain? Pointers from on-chain to off-chain? Decentralized Identifiers. • Private ledgers that can be anchored in public blockchains? • Immutability of records combined with encryption as a privacy tool is gated by the reality that encryption has a time to live which will eventually run out; this has implications • Distributed key management is not a solved problem, but needs to be for scalable deployment • There is no one-size-fits-all ledger data format, and standards for how to create the “data payload” that is written to a ledger are critical to interoperability across Blockchain implementations • Smart contracts are relatively immature and the contract execution environment must balance the security needs of the node with providing a richer (more error-prone) language • Permissioned distributed ledger technologies may be more suitable for leveraging existing business relationships and regulatory frameworks BUT they are less suitable when the parties in question do not have an existing contractual/legal/”trust” relationship 9
  • 10.
    “When you complain,nobody wants to help you” -- Stephen Hawking 10
  • 11.
    Immutability of NPEand IoT Data & Enterprise Integration Design Practices Principal Investigator Peter Kirby Factom, Inc. (@factom) via DHS Silicon Valley Innovation Program Project Overview • Understand the architecture choices and trade-offs inherent in building and maintaining a time-stamped, immutable data record on a Permissioned Blockchain implementation • Develop prototypes a using variety of IOT devices (current focus is imagery and sensor data). • Identification of Anti-Spoofing as a Capability Gap 11
  • 12.
    Identity and Anti-Spoofingof Non-Person Entities via DHS Silicon Valley Innovation Program OTS Call (HSHQDC-17-R-00051) • Seeking a comprehensive anti-spoofing solution for IoT and more … • High assurance in the identity of a network element • Integrity and, as appropriate, confidentiality of the data flowing to and from the network element • Compensating controls to address legacy elements that cannot be retro-fitted with modern technical approaches • Support for low power/bandwidth/compute constrained devices • Protocol, payload and policy considerations to ensure interoperability in a diverse operational environment https://go.usa.gov/x5w2U
  • 13.
    Privacy Enhancing PopulationScale Attribute Delivery & Enterprise Integration Principal Investigator Dmitry Barinov SecureKey Technologies (@SecureKey) via DIACC Project Overview • Design, develop and implement a population scale architecture that clearly separates login capabilities from attribute delivery while preserving the providing the following capabilities: • No centralized authority and single points of failure • Secure, blinded infrastructure; no visibility into data from any central infrastructure • Decentralized, secure and private data architecture • Consent and control • Book keeping, auditing and billing 13
  • 14.
    De-Centralized Key ManagementSystem Principal Investigator Drummond Reed Evernym, Inc. (@evernym) Project Overview • Develop the concepts and methods needed to demonstrate the implementation of information security as well as privacy concepts on distributed ledger (blockchain) technologies. • Design, develop and implement de-centralized identifiers using the Sovrin ledger (Now Hyperledger Project Indy) • Develop a de-centralized key management system using the NIST 800-130 CKMS framework and demonstrate the functionality and usability of such a solution for key recovery 14
  • 15.
    Flexible Ledgers SupportingVerifiable Claims Principal Investigator Manu Sporny Digital Bazaar, Inc. (@digitalbazaar) Project Overview • Develop the concepts and methods needed to demonstrate the implementation of information security as well as privacy concepts on distributed ledger (blockchain) technologies. • Implement a generalized, configurable ledger technology that can support application specific needs while using a common, extensible core data model • Drive the standardization of this interoperable approach via the W3C Verifiable Claims WG • Deploy and demonstrate the capability using specific HSE use cases 15
  • 16.
  • 17.
    Immutable Logging toEnsure Resiliency, Integrity and Independent Validation of IoT Device and Sensor Data 17
  • 18.
    Improving International PassengerProcessing Eligibility to Travel Linking Eligibility to Person at Checkpoint Airline Check-In Eligibility to Travel Linking Eligibility to Person at Checkpoint Aviation Security Eligibility to Travel Linking Eligibility to Person at Checkpoint Host Exit Eligibility to Travel Linking Eligibility to Person at Checkpoint CBP FIS Eligibility to Travel Linking Eligibility to Person at Checkpoint Jet way 1 2 3 54 7
  • 19.
    Streamlining and EnhancingInternational Trade Facilitation 1 2 3 8
  • 20.
    Digital Counter-Fraud Tacticsand Technologies to Mitigate Forgery & Counterfeiting of Official Licenses & Certificates • Person-ownership of verifiable claims and certificates • Selective disclosure of claim information with the Person’s consent • Pluralism of operators and technologies • Support for online and off-line presentation of claim • Non-CRL based revocation methods (Issuer initiated, Person initiated and/or Multi-sig based) that removes issuer dependency • Very high resistance to data deletion, modification, masking or tampering 20 Issuer Verifier Person ClaimIssue Claim Register Proof of Claim Integrity & Provenance Present Claim > < Verify Ownership Validate Claim Integrity & Provenance Blockchain Registry
  • 21.
    Conclusions and Considerations •Rip-n-Replace is NOT a successful path to Enterprise Integration • Thoughtful, creative, system architectures and design play crucial roles when it comes to meeting the Gain to Pain ratio threshold of any Enterprise adoption • Data privacy continues to be a critical component of any distributed solution • Distributed key management is not a solved problem • This is an active problem that needs to be addressed to see any type of scalable deployment • Interoperability requires addressing protocol, payload and policy aspects of any solution • Payload == Ledger Data Format • Standards matter to ensure solution diversity and to avoid tech lock-in 21 DHS S&T is making targeted R&D investments to close the above identified capability gaps. We look forward to collaborating with other stakeholders who have shared interests!
  • 22.
    Anil John Program Manager CybersecurityR&D [email protected] Identity Management R&D https://www.dhs.gov/science-and-technology/csd-idm Science & Technology IDAM Engine https://www.dhs.gov/science-and-technology/idam-e Silicon Valley Innovation Program https://www.dhs.gov/science-and-technology/hsip
  • 23.
    A Practical Modelfor Digital Identity & Privacy User Sign-In •Issuance •Authentication •Revocation •Derivation Verified Person •Establishment •Resolution •Validation •Verification •Event Notification Consent and Authorization •Enrollment •Consent •Delegation •Authorization Trusted Digital Identity •User Experience •User Notification Trusted and Standardized Infrastructure Privacy Controls Security Controls Fraud Prevention Scalability Resiliency Interoperability Adapted from identity componentization concepts refined by IMSC/DIACC 23