Usage #1 - Protecting integrity of infrastructures with Blockchain
The CIA of information
The basics of cyber security always circles around the Confidentiality, Integrity and Availability (CIA) of information. Data breaches is a compromise to confidentiality; data manipulation is compromise to integrity; and denial of service attack is a compromise to availability.
Cost of compromising Confidentiality versus Integrity
|Confidentiality Breach||Integrity Breach|
|Your car's telematics||Your driving pattern is exposed||Your car reports that braking system is fine when it has failed|
|Your pacemaker||Your heartbeat pattern is made known publicly||It could be maliciously shutdown, causing death|
|Your medical records||Your allergies are known to public||Your allergies are erased causing allergens to be administered during medical care|
|Your transport fleet||Your competitors know how many of your platforms are serviceable||Your competitors can affect your decision in assigning platform for jobs|
|Your destination GPS location||Your destination is known to public||You can be redirected to another location|
Hash has pretty much been a tamper-evident seal on a digital asset. When you download files, you check against it’s published MD5 to validate it’s integrity.
So how can blockchain help?
When protecting sensitive records, the danger is often the fact that they can be altered, deleted, maliciously changed, affected by hackers, malware, etc. For this, blockchain can prove the integrity of the record during its life-cycle in information systems.
While hash serves as a tamper-evident seal on digital assets, the storage of the hash is not tamper resistant. Malicious actors can manipulate both the digital asset and hash and it will go undetected.
In earlier section, we mentioned about storing of hash onto the blockchain to provide tamper-resistance to the hash value.
Guardtime’s Keyless Signatures’ Infrastructure (KSI) technology leverages linking-based time-stamping system to provide both proof of time and integrity of digital assets. KSI only uses hash-function cryptography, allowing verification to rely only on the security of hash-functions and the availability of the public ledger (i.e. blockchain).
A user interacts with the KSI system by submitting a hash-value of the data to be signed into the KSI infrastructure and is then returned a signature which provides cryptographic proof of the time of signature, integrity of the signed data, as well as attribution of origin i.e. which entity generated the signature.
One point to note is that records themselves are not stored in KSI. What is being stored is just a series of hash values that show every time a file or data is updated.
Do I need Guardtime’s KSI to achieve it?
Well, not really. One can build a linking-based time-stamping system for hashes on blockchain. It is just a matter of capital expenditures (CAPEX) and operating expenses (OPEX) of building your own system versus a turnkey.
For a proof-of-concept, perhaps it will be good to build your own to see if it fits your needs.
Some queries I have currently regarding this
One thing that has been bothering me in such system is what goes into validating the data before it get persisted on the blockchain. In cryptocurrencies, validations like ensuring there are no double-spending or spending when your wallet is empty. But what goes into KSI?