How blockchain technology can create secure digital identities

Most people associate the word ‘blockchain’ with cryptocurrency and given the amount of press coverage the latter has received, particularly in the last two years, it may seem that the two are indistinguishable, but that is not the case.

Blockchain is ultimately a means of storing information, no different in some respects from an Excel file, SQL database, or even a hard drive. The major difference is that this technology is distributed over a network of peers called ‘nodes’. Each entry in a blockchain contains a cryptographic hash linking it to previous blocks in a chain, meaning that once data is recorded it cannot be altered without altering all subsequent blocks.

 
Mario Galatovic
Mario Galatovic,
Vice President
Products and Alliances,
Utimaco

Given their high level of security, blockchains have been mooted as a solution for a range of problems, and despite the ‘wild west’ reputation that it has due to some spectacular security breaches in cryptocurrency trading, major companies like IBM are using it in applications ranging from trade finance to vaccine distribution.

One key application that would solve a huge number of problems is that of identity: identity theft is a growing problem, and proving identity is a difficult task that places a huge administrative burden on companies and individuals. Before getting a loan, buying a house or starting a business an individual has to prove their identity, and this can be an onerous task, particularly if you are one of the 1.7 billion people in the world without a bank account, one of the world’s 82.4 million refugees or an undocumented migrant.

So how might blockchain technology help create digital identities, and how might they be secured?

Opportunities and challenges for digital identities on the blockchain

The idea of creating a secure digital identity isn’t new, but the need for it is becoming more pressing by the year, as more problems with our current system of disconnected digital and analogue documents certified by multiple authorities become apparent. A so-called ‘Good Digital Identity’ was one of the pillars of the 2018 World Economic Forum meeting in Davos, aimed at creating ‘a new chapter in the social contract’. Worldwide the market for identity services is expected to reach $14.82 billion this year, and the administrative and social costs of the difficulty of proving identity is impossible to estimate but likely to be much higher.

Real-world applications of this technology already exist: the UMHCR already uses blockchain technology to distribute food to refugees based on biometric data, and it is possible that the technology could be used to prevent the estimated $40 billion in corruption caused by aid not reaching the people it is intended for. Both applications depend on identity: being able to link a person’s iris scan to a ledger of when they last received food aid and being able to ensure that payments reach a particular person or agency and no others.

There are also uses for this technology that could become more widespread: international travel could be sped up considerably by having digital instead of analogue passports, as anyone who has lost a passport before travelling could tell you. Background checks when applying for sensitive job roles could also be done instantly as opposed to through contacting multiple agencies. Transferring healthcare information internationally, which often involves fax machines, would also speed up considerably.

Returning to the subject of cryptocurrency, despite the security inherent to storing financial information on the blockchain, many cryptocurrency users have either had their wallets compromised or simply lost the passwords for them because there is no way to connect that wallet to their physical identity. If you forget the PIN for your bank card it can be reset because there is always a ‘you’ to connect that account to, but if a cryptocurrency wallet that can be accessed with only a username and password is lost then it could be gone for good. A robust digital identity system could solve this problem.

How blockchain can secure identity

Blockchain technology is a sensible way to achieve a ‘good’ digital identity. Although there have been concerns about speed when applied in the cryptocurrency space, where making a payment or transfer can take considerable time as the blockchain works through a backlog, blockchain technology is potentially very fast, and being ‘centralised’ (in the sense of all being in one blockchain) means that auditing information will be much faster and tamper-proof. Being decentralised, an identity blockchain could be accessed from anywhere but would be extremely secure: for example, if you were applying for a loan online you could grant the lender access to the details they need and nothing more, just as when you sign up to a service with Facebook it will tell you that it will have access to your friends and so on.

When applying for a new job you could allow access to your work history but not your medical record, when having a check-up with a doctor you could grant access to medical records but not your work history. Because each granting of access would be a ‘transaction’ on the blockchain you would have oversight on who has access to which elements of your digital identity, and this system could even use smart contracts to allow time-limited or conditional access to certain records.

There is also the matter of security. Blockchain technology is innately more secure than other information storage technologies because of the very fact of it being a ‘chain’ – you cannot go back and alter a piece of information, deleting the record of a payment so that it ‘never happened’ for example. Although it would be very difficult, this would be hypothetically possible in current forms of data storage – your bank balance is effectively a number in a spreadsheet. Blockchain technology wouldn’t allow for this, making it ideal for highly sensitive applications like identity.

Of course, blockchains can and have been compromised, so they will need to be secured with similar technology to that which secures more traditional information storage. Public and private keys backed by strong, quantum-safe cryptography generated by hardware security modules will enhance the safety of blockchains and allow for the creation of secure digital identities.

 

 

----
Source: Article in The IBS Intelligence (IBSi)

News

What is the difference between a General Purpose and Payment HSM?

blockchainAlthough we do not give much thought to hardware security modules (HSMs), they are a critical element of security in an organisation’s IT infrastructure used for securing sensitive data.

Read more ...

Hardware Security Module (HSM) Explained

blockchainA hardware security module (HSM) is a small device that allows you to create, manage, and store cryptographic keys. They are considered one of the most secure ways to protect sensitive encrypted data.

Read more ...

The Role of HSMs in Public Key Infrastructure (PKI)

blockchainThe underlying hardware security modules (HSMs) in publick key infrastructure (PKI) are the root of trust which protect PKI from being breached. 

Read more ...

Providing a Secure Blockchain Through the Adoption of HSMs

blockchainThe strong cryptography provided by HSMs will become crucial to blockchain-based fintechs as they generate, store and protect the private and public keys that form the ‘root of trust’ in blockchains.

Read more ...

Hardening your AD FS servers with HSMs

adfssecMicrosoft provides best practices for the secure planning and deployment of Active Directory Federation Services (AD FS) and Web Application Proxy.

Read more ...