When will blockchain technology
deliver on its promise?

How Blockchain Technology might be useful as a Security Tool

This week, the International Telecommunications Union is holding a workshop to see how blockchain technology might be useful as a security tool. It’s a good indicator of the technology’s ongoing success. Eight years after the original bitcoin blockchain emerged, efforts are well under way to push its security benefits into multiple industries. What strengths does it carry, and what challenges will it face, as a next-generation security tool?

We explained basic blockchain operations here. The technology’s biggest security benefit is its ability to cut out the middleman. Instead of transacting via a trusted arbiter, parties get to transact with each other directly and seal the outcome so that neither can dispute it in the future.

Why is this useful, if trusted third parties promise to do all that work for you? The problem with trusted third parties is that you can’t always trust them. Just look at what happens if your trusted third party happens to be Wells Fargo, or Bank of America, say.  Or Deutsche Bank, or Barclays, UBS, Rabobank, and the Royal Bank of Scotland. We could fill an entire article with links like this. You get the picture.

Secure all the things

The second security benefit complements the first; blockchain technology allows participants to “seal” transactions so that they are visible but immutable, which keeps everyone honest. Different implementations use different techniques. Bitcoin chews up the computing power of a small city to preserve its transactions in digital resin. Other techniques include proof of stake. Each has its own technical and economic implications. No wonder, then, that people are experimenting with blockchains for security reasons. Some, such as the Danish Liberal Alliance and Australia, hope to use it for voting, perhaps misunderstanding some of the bigger security concerns with online votes.

This mad rush to capitalise on new technology fuels the early curve of the Gartner Hype Cycle, leading to an inevitable crash as the technology fails to meet expectations. It’s happening with AI right now, and also with blockchain technology, some argue. We can see this as the blockchain moves to the cloud. Decentralization was an important characteristic of the original blockchain, but Microsoft’s Project Bletchley runs blockchain middleware and application marketplaces in Azure. IBM does something similar on its Bluemix cloud platform.

All this stuff will be cryptographically protected, of course, but it’s still facilitated by a single trusted party, and in effect turns the blockchain into something else. Marketing types at Microsoft are already playing with the inevitable, depressing moniker “Blockchain as a Service”, which pretty much negates the whole idea of a decentralized, independent network.

Once the tech industry stops being so breathless about the blockchain and the blue chips have reinvented it in their own image, it will face other problems. Standardization is one of them. There are many different approaches to blockchain technology, each claiming its own advantage. It will be important for these to work well together. Standardization efforts are now  in the works; The International Organization for Standardization (ISO) already has a committee looking at it.

Good concepts and bad code

The other problem for blockchain technology revolves around software security. Just because blockchain’s underlying concept offers security doesn’t mean that the implementations follow suit. China, which has its own interest in cryptocurrency, recently analysed 25 of the top blockchain-related software projects, and found significant software security flaws in many of them. Most of the software tools related to input validation.

These issues aren’t just theoretical. They’re antithetical to what many blockchain projects are hoping to achieve. Coding flaws in blockchain implementations are serious, and lead to financial losses, such as the $400,000 theft of Zcoins last month. As blockchain software becomes more sophisticated, the attack surface and scope will expand. A key factor here will be smart contracts. Whereas the original bitcoin blockchain only holds records of digital transactions, more recent efforts have bigger ambitions. Smart contracts are in effect programs designed to run on the blockchain.

Imagine replacing a legal contract with a computer program. Instead of paying a lawyer to govern the contract, all parties can run it independently, and the blockchain makes the program’s output immutable and transparent. The program checks external conditions and executes its clauses accordingly. Let’s say Bob and Jane both own equal shares in a company. If the share price hits a certain threshold, they get a bonus dividend based on the number and class of their shares. Normally, a lawyer would have to take care of that, charging handsomely for the privilege. A smart contract with access to company funds would do it automatically.

That whole access to company funds thing is a bit scary, though, given that a smart contract is just a computer program, and computer programs have security flaws. The DAO, a company created entirely from smart contracts on the Ethereum blockchain, lost the equivalent of $50m or so last year in Ethereum’s Ether cryptocurrency. An enterprising hacker found a flaw in the smart contract code and flushed it all into another account.

Ethereum had to fork its own blockchain – going back to rewrite history – to get the cash back. Several developers didn’t like that idea, and retained the original Ethereum code, thus creating Ethereum and Ethereum Classic. We wonder if the Coca Cola Company would have approved? None of this sounds like the basis for a bright, secure future. What it means in practice is that we must get much better programming this stuff before we begin trusting huge swathes of our economy with it or enthusiastically using it to organize the Internet of Things.

Vinay Gupta, one of the original members of the Ethereum team and author of this HBR article on the blockchain’s security promise, has said that we should look to more rigorous disciplines like functional programming to avoid costly screw-ups in the future. The problem is that few people have that rigour. Raise the bar for blockchain coding, and half of the startup projects lining up for their virtual crowdsales would probably disappear. The blockchain holds promise, but it might have to go through Gartner’s trough of disillusionment before it becomes a major item in the security industry’s toolbox. We might have to keep revising our coding practices, too.

The blockchain is today where the web was in 1994. Two decades later, the web is the Justin Bieber of tech – recently come of age, hugely successful, but addled and tarnished by its runaway success. It’s is a beautiful but insane place let down by a dystopic mixture of dodgy Javascript and rampant cybercrime, and ruled by privacy-eating monoliths. Wouldn’t it be nice if we could learn from our mistakes while priming the Next Big Thing?

Chuck Reynolds
Contributor

Alan Zibluk – Markethive Founding Member

IBM unveils Blockchain as a Service based on open source Hyperledger Fabric technology

  

IBM unveiled its “Blockchain as a Service”

Yes, IBM has unveiled its “Blockchain as a Service” today, which is based on the open source Hyperledger Fabric, version 1.0 from The Linux Foundation. IBM Blockchain is a public cloud service that customers can use to build secure blockchain networks. The company introduced the idea last year, but this is the first ready-for-primetime implementation built using that technology. The blockchain is a notion that came into the public consciousness around 2008 as a way to track bitcoin digital currency transactions. At its core blockchain is a transparent and tamper-proof digital ledger. Just as it could track bitcoin’s activity in a secure and transparent fashion, it’s capable of tracking other types of data in private blockchain networks.

This could allow any private company or government agency to set up a trusted network, which would allow the members to share information freely, knowing that only the members could see it, and the information couldn’t be altered once it’s been entered. Jerry Cuomo, VP of blockchain technology at IBM, says his company is offering a set of cloud services to help customers create, deploy and manage blockchain networks. This fits in with IBM’s broader strategy to offer a wide range of cloud services to its customers.

Although the blockchain piece is based on the open source Hyperledger Fabric project of which IBM is a participating member, it has added a set of security services to make it more palatable for enterprise customers, while offering it as a cloud service helps simplify a complex set of technologies, making it more accessible than trying to do this alone in a private datacenter. “Some time ago, we and several other members of the industry came to view that there needs to be a group looking after, governing and shepherding technology around blockchain for serious business,” Cuomo told TechCrunch.

The Hyperledger Fabric project was born around the end of 2015 to facilitate this and includes other industry heavyweights such as State Street Bank, Accenture, Fujitsu, Intel and others as members. While the work these companies have done to safeguard blockchain networks, including setting up a network, inviting members and offering encrypted credentials, was done under the guise of building extra safe networks, IBM believes it can make them even safer by offering an additional set of security services inside the IBM cloud.

While Cuomo acknowledges that he can’t guarantee that IBM’s blockchain service is unbreachable, he says the company has taken some serious safeguards to protect it. This includes isolating the ledger from the general cloud computing environment, building a security container for the ledger to prevent unauthorized access, and offering tamper-responsive hardware, which can actually shut itself down if it detects someone trying to hack a ledger.

What’s more, IBM claims their blockchain product is built in a highly auditable way to track all of the activity that happens within a network, giving administrators an audit trail in the event something did go awry. In addition to the blockchain service itself, IBM announced a customer, Secure Key Technologies, a digital identity and attribute sharing network. The company has been testing a consumer digital identity network built on top of the IBM blockchain technology with banks in Canada.

If it works as advertised, it could end up greatly simplifying and securing how we maintain and share our identities in a digital context, allowing us to expose only the information the requesting authority requires (and no more), while enabling us to revoke those sharing privileges at any time.

Chuck Reynolds
Contributor

Alan Zibluk – Markethive Founding Member

  

The First "Commercial Application"

Tech giant IBM is set to unveil what it's calling the first "commercial application" of Hyperledger’s open-source Fabric codebase. Previously released in beta and scheduled for official release today, the offering – dubbed "IBM Blockchain" – is formally debuting in front of a group of 20,000 developers at the Interconnect conference. There, its first two major deployments will also be detailed.

One of those is a blockchain identity solution built with SecureKey, in which it will power a public-private partnership that saw six Canadian banks invest $27m. In addition, it will be revealed that a Chinese energy company is using the IBM Blockchain to create an exchange for trading carbon credits. In conversation with CoinDesk, Jerry Cuomo, IBM's vice-president of blockchain technologies, described how the company used Hyperledger's open-source code to create a series of new features, which are now in use as part of its IBM Blockchain product.

Cuomo said:

"Hyperledger Fabric is the operating system for IBM Blockchain, and the IBM Blockchain built an environment to develop, govern and operate a production, permissioned blockchain."

Currently available on IBM's BlueMix cloud computing store, the commercial blockchain application will be available on a graded price scale based on the size of the implementation, with startups being charged less than enterprise builders. The announcement comes after Fabric became the first of several open-source projects to emerge from the Linux Foundation-backed Hyperledger's "incubation" period into "active" status.

Secured using IBM hardware security modules that cost on average about $10,000 per month for four nodes, IBM Blockchain gives users the ability to spin up blockchain networks with tailored governance models for onboarding new customers, supporting about 1,000 transactions per second, according to a statement. Previously revealed clients that we now know are also using IBM Blockchain include the Bank of Tokyo-Mitsubishi UFJ, Everledger, Maersk, Northern Trust and Walmart.

Identity for banks

At the conference, Toronto-based SecureKey will discuss an identity network built in partnership with Canadian banks BMO, CIBC, Desjardins, RBC, Scotiabank and TD Bank. Using the platform, the banks will be able to share information about onboarding clients with one another – for a fee – while potentially also saving money by paying one another less than they currently pay credit agencies for the same information. The idea, according to Cuomo, is to create a blockchain identity solution that would make it simpler to verify identities while also reducing the amount of data shared.

To develop the identity network, a group of regulators, including the Digital ID and Authentication Council of Canada (DIACC), the Command Control and a research center funded by the US Department of Homeland Security, took part in the project. Notably, Cuomo said the group has solved the problem of adhering to the "right to be forgotten" requirements of some governments that don’t want their citizens permanently recorded, while still using the immutable Fabric blockchain. "We do have a patent pending, so I don’t want to go into too much detail," said Cuomo. "But we solved it without deleting from the blockchain, which is pretty cool."

Carbon credits

The second commercial-scale deployment revealed today involves Beijing-based Energy-Blockchain Labs Limited. The firm announced what it described as the "world’s first blockchain-based green assets trading platform," built with Hyperledger Fabric and deployed using IBM Blockchain. The so-called "cap-and-trade" system allows companies a certain amount of carbon emissions and lets them exchange those allowances with one another to incentivize the creation of policies and technologies that minimize emissions. But a lack of transparency in the system has resulted in fraud concerns, both in China and elsewhere.

Cuomo told CoinDesk the blockchain-based carbon credits exchange is designed to make it easier for companies that generate pollution to trade credits as part of the build-up to China’s transfer to a unified national market later this year. It's an application that has won the support of the Chinese government as well. The director of China’s National Climate Change Strategy Research and International Cooperation Center, Li Junfeng, said in a statement:

"We must work to limit high energy consumption and high emission industries, encourage clean energy development and further promote energy saving and emission reduction. These tasks are not only necessary for China’s own sustainable development, but for the welfare of the entire human family."

Chuck Reynolds
Contributor

Alan Zibluk – Markethive Founding Member