blockchain for identity management ibm part 3 of 3

© 2016 IBM Corporation

Blockchain for Identity ManagementPart 3 (of 3)

Mike Chung | Associate Partner IBM Security

November 2016 Seoul

2© 2016 IBM Corporation

Items

§ What is blockchain? Part 1

– Blockchain explained in layman’s terms

§ How can we use blockchain? Part 2 Use case A; Part 3 Use case B

– Potential applications in Identity Management

§ Whom to watch? Part 3

– Initiatives and developments


Use case B: medical records on blockchain


Potential advantages

§ Huge gathering of sensitive data

§ Data (un)managed by different organizations

§ Siloed with many (potential) errors

§ Decentralized and distributed

§ Data ownership with the owner

§ One set of untampered data


Medical records: attributes

Attibutes data

Height: 1.73 m

Alergy: Lactose intolerance

10k time: 43 min

Marital status: Married

Physical identity


Medical records: in the majority of cases

Attibutes data

Height: 1.53 m

Alergy: ?

-

Marital status: Divorced

Attibutes data

Height: ?


10k time: 43 min

Marital status: Polygamous


Medical records: in the majority of cases

Attibutes data

Height: 1.53 m

Alergy: ?

-

Marital status: Divorced

Attibutes data

Height: ?


10k time: 43 min

Marital status: Polygamous

Dependent

Inconsistent data quality

Silos


Medical records: on the blockchain

Attibutes data

Height: 1.73 m


10k time: 43 min



Medical records: on the blockchain

Attibutes data

Height: 1.73 m


10k time: 43 min


Attributes needed

Height: 1.73 m


10k time: 43 min


Identity attributes on blockchain: steps

Block TBlock T – 1

Name (not revealed to the public)

Registar

Thin client

1





Registar

Thin client

12

Hash value (revealed to the public)





Registar

Thin client

12

3






Registar

Thin client

12

3

Block T + 1


Attribute(s) updates

4


Signing of attribute update


Private key

Block T + 1

Attribute update

Attribute update data

encrypt

hash

29b7cd0d

U2{e=oj~1#4sj86^;


Signing of attribute update


Private key

Block T + 1

Attribute update


encrypt

hash

29b7cd0d

U2{e=oj~1#4sj86^;

Check

U2{e=oj~1#4sj86^;

decrypt

29b7cd0d


Public key

hash


Medical records: ..trusting the validity of the attributes

Attibutes data

Height: 1.73 m


10k time: 43 min


Trust

Trust


Medical records: arbitrator as a third party

Attibutes wallet

Attribute A

Attribute B

ServiceRequest for attribute A data

Authorization for attribute A data

Verification

“Arbitrator”

Attribute A


Arbitration: back to dependency

urn:uuid:f81d4f

Anonymous

Recognized

UUID

Jan Jansen

Verification/endorsement

urn:uuid:f81d4f

UUID on the blockchain

urn:uuid:f81d4f

UUID on the blockchain

Arbitrator


Medical records on blockchain considerations

§ Dependent on the service provider/registar or arbitrator (another dependency created)

§ Local regulations imposed on potentially imcompliant blockchain

§ Self-managed identity attributes has its problems:

– Medical data fraud to get subsidies

– Impersonation to abuse/predate

– How to update severe disability or death?


New methods of proof

§ Proof-of-Work: extremely CPU-intensive

§ Proof-of-Stake: difficult to implement

§ Proof-of-Existence: transaction created after the generation of a timestamp token (XNotes using this concept)


Security: multi-signatures

Attibutes wallet

Attribute A

Attribute B

Access

Verification

Authorization

“Arbitrator”

Trust Trust


Security: multi-signatures

Attibutes wallet

Attribute A

Attribute B

Access

Verification

Authorization

2nd authentication

Verification service


Introducing the Chung’s Triangle

Gauged/ measured

Verified Decentralized


Use case areas of feasibilities

Anonymous Physically identified

Fungible

Non-exchangeable

• Currencies/money• Crude oil

• Options• Standardized contracts

• Social media identities (aliases)

• Diamonds

• Medical records• Certificates


Use case areas of feasibilities

Anonymous Physically identified

Fungible

Non-exchangeable

Fit for blockchain Strong third party involvement

Services in development Permissioned blockchain


Identity on blockchain challenges

§ How to incentivise updates (“transactions”) to the ledger?

§ Community building would take many dedicated volunteers

§ Rules are difficult to enforce

– How to discuss on the rules (voting is easy but debates are difficult)?

– How to keep misuse (cyber squatting, fallacious data) under control?


Whom to watch?


Be aware

§ A lot of projects and side-projects with varying degree of success

§ Blockchain often means first come first serve – power to early adopters

§ Online currencies are nothing new: flooz, DigiCash, e-Cash and beenz

Gavin Andersen (Lead bitcoin software developer): “Bitcoin is an experiment. Everytime I hear about somebody investing his own life savings in bitcoin, I cringe”.


Blockchain is not trustless

§ Trust in the concept (mathematics behind blockchain; algorithms)

§ Trust in the software and its developers

§ Trust in the service providers (remember Mr. Gox, Bitcoinica)


Foundation for success

§ Top-down driven

§ Focused on resolving old issues

§ Theoretical use cases

§ Open community driven

§ Focused on innovation

§ Proof of concept; bitcoin, litecoin


Keep an eye on: biometrics and medical records

§ For future cloning of yourself

– Sequenced DNA converted to data on blockchain (Genecoin)

– Privacy and security issues still to be addressed

§ Use in biometric authentication: private key based on biometric data

§ Medical records life cycle

– Many startups (Gem, Factom, HealthNautica) as well as multinationals (Philips Healthcare)

– Increasingly focusing on permissioned blockchains


Keep an eye on: banks

§ As bitcoin has capitalized over 5 billion USD, it got the (unwanted) attention

§ R3 consortium of banks (!) jumping on the blockchain wagon (to exert control?)

– Private blockchain concepts

– Intra-bank blockchain initiatives

§ Banks as “trusted” brokers/“trusted” authorities to verify identities


Adoption and partnerships

§ Startups collaborating with large(r) organizations

– DocuSign with Ariba and NetSuite

– Ethereum with IBM

§ Tech giants joining the buzz

– Microsoft jumping on the blockchain digital signing wagon

– IBM’s permissioned blockchain (not for identity management, yet)

§ POCs to decrease ledger sizes – compression, distribution


Blockchain information: useful web sources

§ Bitcoin/blockchain ecosystem in several detailed chapters

http://tech.eu/features/926/bitcoin-ecosystem/

§ Easy and well-thought out explanation of the blockchain concept

http://www.razormind.co.uk/blockchain/

§ Another use-case of blockchain for identity management in two parts

https://www.youtube.com/watch?v=W4faDEyHJeM


Blockchain information: from service providers

§ Current bitcoin blockchain stats and information

https://blockchain.info

§ All about bitcoin, blockchain and more

http://www.coindesk.com

§ Big blue and the blockchain

http://www.ibm.com/blockchain/


Contact details

Drs. Mike Chung RE CISSP

Associate Partner IBM Security

[email protected]

+31 6 2565 7593 (the Netherlands)

+82 10 3521 7754 (South Korea)

blockchain for identity management ibm part 3 of 3

Technology