blockchain for identity management ibm part 3 of 3
TRANSCRIPT
© 2016 IBM Corporation
Blockchain for Identity ManagementPart 3 (of 3)
Mike Chung | Associate Partner IBM Security
November 2016 Seoul
2© 2016 IBM Corporation
Items
§ What is blockchain? Part 1
– Blockchain explained in layman’s terms
§ How can we use blockchain? Part 2 Use case A; Part 3 Use case B
– Potential applications in Identity Management
§ Whom to watch? Part 3
– Initiatives and developments
3© 2016 IBM Corporation
Use case B: medical records on blockchain
4© 2016 IBM Corporation
Potential advantages
§ Huge gathering of sensitive data
§ Data (un)managed by different organizations
§ Siloed with many (potential) errors
§ Decentralized and distributed
§ Data ownership with the owner
§ One set of untampered data
5© 2016 IBM Corporation
Medical records: attributes
Attibutes data
Height: 1.73 m
Alergy: Lactose intolerance
10k time: 43 min
Marital status: Married
Physical identity
6© 2016 IBM Corporation
Medical records: in the majority of cases
Attibutes data
Height: 1.53 m
Alergy: ?
-
Marital status: Divorced
Attibutes data
Height: ?
Alergy: Lactose intolerance
10k time: 43 min
Marital status: Polygamous
7© 2016 IBM Corporation
Medical records: in the majority of cases
Attibutes data
Height: 1.53 m
Alergy: ?
-
Marital status: Divorced
Attibutes data
Height: ?
Alergy: Lactose intolerance
10k time: 43 min
Marital status: Polygamous
Dependent
Inconsistent data quality
Silos
8© 2016 IBM Corporation
Medical records: on the blockchain
Attibutes data
Height: 1.73 m
Alergy: Lactose intolerance
10k time: 43 min
Marital status: Married
9© 2016 IBM Corporation
Medical records: on the blockchain
Attibutes data
Height: 1.73 m
Alergy: Lactose intolerance
10k time: 43 min
Marital status: Married
Attributes needed
Height: 1.73 m
Alergy: Lactose intolerance
10k time: 43 min
10© 2016 IBM Corporation
Identity attributes on blockchain: steps
Block TBlock T – 1
Name (not revealed to the public)
Registar
Thin client
1
11© 2016 IBM Corporation
Identity attributes on blockchain: steps
Block TBlock T – 1
Name (not revealed to the public)
Registar
Thin client
12
Hash value (revealed to the public)
12© 2016 IBM Corporation
Identity attributes on blockchain: steps
Block TBlock T – 1
Name (not revealed to the public)
Registar
Thin client
12
3
Hash value (revealed to the public)
13© 2016 IBM Corporation
Identity attributes on blockchain: steps
Block TBlock T – 1
Name (not revealed to the public)
Registar
Thin client
12
3
Block T + 1
Hash value (revealed to the public)
Attribute(s) updates
4
14© 2016 IBM Corporation
Signing of attribute update
Block TBlock T – 1
Private key
Block T + 1
Attribute update
Attribute update data
encrypt
hash
29b7cd0d
U2{e=oj~1#4sj86^;
15© 2016 IBM Corporation
Signing of attribute update
Block TBlock T – 1
Private key
Block T + 1
Attribute update
Attribute update data
encrypt
hash
29b7cd0d
U2{e=oj~1#4sj86^;
Check
U2{e=oj~1#4sj86^;
decrypt
29b7cd0d
Attribute update data
Public key
hash
16© 2016 IBM Corporation
Medical records: ..trusting the validity of the attributes
Attibutes data
Height: 1.73 m
Alergy: Lactose intolerance
10k time: 43 min
Marital status: Married
Trust
Trust
17© 2016 IBM Corporation
Medical records: arbitrator as a third party
Attibutes wallet
Attribute A
Attribute B
ServiceRequest for attribute A data
Authorization for attribute A data
Verification
“Arbitrator”
Attribute A
18© 2016 IBM Corporation
Arbitration: back to dependency
urn:uuid:f81d4f
Anonymous
Recognized
UUID
Jan Jansen
Verification/endorsement
urn:uuid:f81d4f
UUID on the blockchain
urn:uuid:f81d4f
UUID on the blockchain
Arbitrator
19© 2016 IBM Corporation
Medical records on blockchain considerations
§ Dependent on the service provider/registar or arbitrator (another dependency created)
§ Local regulations imposed on potentially imcompliant blockchain
§ Self-managed identity attributes has its problems:
– Medical data fraud to get subsidies
– Impersonation to abuse/predate
– How to update severe disability or death?
20© 2016 IBM Corporation
New methods of proof
§ Proof-of-Work: extremely CPU-intensive
§ Proof-of-Stake: difficult to implement
§ Proof-of-Existence: transaction created after the generation of a timestamp token (XNotes using this concept)
21© 2016 IBM Corporation
Security: multi-signatures
Attibutes wallet
Attribute A
Attribute B
Access
Verification
Authorization
“Arbitrator”
Trust Trust
22© 2016 IBM Corporation
Security: multi-signatures
Attibutes wallet
Attribute A
Attribute B
Access
Verification
Authorization
2nd authentication
Verification service
23© 2016 IBM Corporation
Introducing the Chung’s Triangle
Gauged/ measured
Verified Decentralized
24© 2016 IBM Corporation
Use case areas of feasibilities
Anonymous Physically identified
Fungible
Non-exchangeable
• Currencies/money• Crude oil
• Options• Standardized contracts
• Social media identities (aliases)
• Diamonds
• Medical records• Certificates
25© 2016 IBM Corporation
Use case areas of feasibilities
Anonymous Physically identified
Fungible
Non-exchangeable
Fit for blockchain Strong third party involvement
Services in development Permissioned blockchain
26© 2016 IBM Corporation
Identity on blockchain challenges
§ How to incentivise updates (“transactions”) to the ledger?
§ Community building would take many dedicated volunteers
§ Rules are difficult to enforce
– How to discuss on the rules (voting is easy but debates are difficult)?
– How to keep misuse (cyber squatting, fallacious data) under control?
27© 2016 IBM Corporation
Whom to watch?
28© 2016 IBM Corporation
Be aware
§ A lot of projects and side-projects with varying degree of success
§ Blockchain often means first come first serve – power to early adopters
§ Online currencies are nothing new: flooz, DigiCash, e-Cash and beenz
Gavin Andersen (Lead bitcoin software developer): “Bitcoin is an experiment. Everytime I hear about somebody investing his own life savings in bitcoin, I cringe”.
29© 2016 IBM Corporation
Blockchain is not trustless
§ Trust in the concept (mathematics behind blockchain; algorithms)
§ Trust in the software and its developers
§ Trust in the service providers (remember Mr. Gox, Bitcoinica)
30© 2016 IBM Corporation
Foundation for success
§ Top-down driven
§ Focused on resolving old issues
§ Theoretical use cases
§ Open community driven
§ Focused on innovation
§ Proof of concept; bitcoin, litecoin
31© 2016 IBM Corporation
Keep an eye on: biometrics and medical records
§ For future cloning of yourself
– Sequenced DNA converted to data on blockchain (Genecoin)
– Privacy and security issues still to be addressed
§ Use in biometric authentication: private key based on biometric data
§ Medical records life cycle
– Many startups (Gem, Factom, HealthNautica) as well as multinationals (Philips Healthcare)
– Increasingly focusing on permissioned blockchains
32© 2016 IBM Corporation
Keep an eye on: banks
§ As bitcoin has capitalized over 5 billion USD, it got the (unwanted) attention
§ R3 consortium of banks (!) jumping on the blockchain wagon (to exert control?)
– Private blockchain concepts
– Intra-bank blockchain initiatives
§ Banks as “trusted” brokers/“trusted” authorities to verify identities
33© 2016 IBM Corporation
Adoption and partnerships
§ Startups collaborating with large(r) organizations
– DocuSign with Ariba and NetSuite
– Ethereum with IBM
§ Tech giants joining the buzz
– Microsoft jumping on the blockchain digital signing wagon
– IBM’s permissioned blockchain (not for identity management, yet)
§ POCs to decrease ledger sizes – compression, distribution
34© 2016 IBM Corporation
Blockchain information: useful web sources
§ Bitcoin/blockchain ecosystem in several detailed chapters
http://tech.eu/features/926/bitcoin-ecosystem/
§ Easy and well-thought out explanation of the blockchain concept
http://www.razormind.co.uk/blockchain/
§ Another use-case of blockchain for identity management in two parts
https://www.youtube.com/watch?v=W4faDEyHJeM
35© 2016 IBM Corporation
Blockchain information: from service providers
§ Current bitcoin blockchain stats and information
https://blockchain.info
§ All about bitcoin, blockchain and more
http://www.coindesk.com
§ Big blue and the blockchain
http://www.ibm.com/blockchain/
36© 2016 IBM Corporation
Contact details
Drs. Mike Chung RE CISSP
Associate Partner IBM Security
+31 6 2565 7593 (the Netherlands)
+82 10 3521 7754 (South Korea)