Blockchain is a transformative technology for the two billion people in the world currently underserved by financial institutions. The technology has the potential to enhance privacy, security and freedom of conveyance of data. Blockchain is based on open, global infrastructure, decentralized public ledger of transactions that no one person or company owns or controls, ensures security of transfer of funds through public and private cryptology and third parties to verify that they shook, digitally, on an agreement.
With a blockchain, many people can write entries into a record of information, and a community of users can control how the record of information is amended and updated. However, the most distinct and important feature of blockchain technology is the distributed database created by it. In the case of a blockchain, transactions are broadcast, and every node is creating their own updated version of events , with the most popular record becoming the de-facto official record in lieu of there being a master copy. Trust is a risk judgement between different parties, and in the digital world, determining trust often boils down to proving identity (authentication) and proving permissions (authorization). In the case of blockchain technology, private key cryptography provides a powerful ownership tool that fulfills authentication requirements. Possession of a private key is ownership.Authorizing transactions is a result of the entire network applying the rules upon which it was designed (the blockchain protocol).
The same technology used for virtual currencies is now being researched by the Department of Defense to create tamper-proof military computer systems, including those systems used to control America’s nuclear weapons. The Department of Defense also looking to blockchain for development of a secure messaging system that would use the standard encryption and security features of current messaging apps such as WhatsApp, Signal, or Ricochet, but also use a decentralized Blockchain-like backbone structure that would be more resilient to surveillance and cyberattacks.
DARPA has also awarded contract to verify the software used to detect advanced persistent threats (APT). APT refer to complex, sophisticated and stealthy techniques of using software, hardware or social engineering tools to continuously monitor and extract data from targets such as organizations and/or nations for business or political motives. One of the earliest example was the Stuxnet computer worm, which targeted the computer hardware of Iran’s nuclear program.
For military, blockchain technology could create important intelligence around whether a hacker has modified something in a database, or if they are intruding and surveilling a particular military system. As Timothy Booher, who leads the DARPA blockchain efforts, describes the use of blockchains with the analogy of defending a castle. You can build walls higher and higher (i.e. network security measures), but people might still be able to find a way in no matter how well you think you sealed up all the cracks. It’s actually more important to know who has been inside the castle and what they did while inside the walls. A blockchain could log that sort of information, making it considerably harder to steal or modify files in a system.
NATO Communications and Information Agency under its 2016 Innovation Challenge, has sent a request for proposal “Military applications of Blockchains,” which includes application of blockchain technology to military logistics, application of blockchain technology to procurement and finance and a catch-all described as “other applications of interest to the military.” The NATO request for proposal also includes an Internet of Things (IoT) section, which seems appropriate for IoT-related applications of blockchain technology.
DARPA awards Galois and Guardtime $1.8M Contract to Formally Verify Blockchain-Based Integrity Monitoring System
Galois and Guardtime Federal announced they have jointly been awarded a $1.8 million contract by the Defense Advanced Research Projects Agency (DARPA) to verify the correctness of Guardtime Federal’s Keyless Signature Infrastructure (KSI). The contract will fund a significant effort that aims to advance the state of formal verification tools and all blockchain-based integrity monitoring systems.
Integrity monitoring systems like Guardtime Federal’s KSI detect evidence of advanced persistent threats (APTs) as they work to remain hidden in networks. APTs undermine the security of networks for long periods of time and have been central in many major network breaches. APTs carefully cover their tracks by removing evidence from system log files, adding information to “white-lists” used by security software, and altering network configurations. This project aims to verify the ability of keyless integrity monitoring systems to detect APTs and attest to the ongoing integrity of a system.
“Guardtime Federal sees this formal verification of block chain and keyless infrastructure technology implemented to meet national security challenges as an amazing opportunity for our clients,” said David Hamilton, President of Guardtime Federal. “By subjecting our cyber defense infrastructure to this most sophisticated methodology we will test both typical and exotic boundary conditions enabling further refinements of our defenses for protecting the most precious national security secrets and configurations of operational systems.”
Military’s requirement for secure unhackable messaging system based on BlockChain
There is a critical DoD need to develop a secure messaging and transaction platform accessible via web browser or standalone native application. DARPA’s goal is to have “a secure messaging system that can provide repudiation or deniability, perfect forward and backward secrecy, time to live/self-delete for messages, one time eyes only messages, a decentralized infrastructure to be resilient to cyber-attacks, and ease of use for individuals in less than ideal situations,” according to a notice looking for proposals, which was recently posted on a government platform that offers federal research funds to small businesses.
The messaging platform would act as the transport for a cryptographically sound record of all transactions whether they be MIPRs, contracts, troop movements or intelligence. Troops on the ground in denied communications environments would have a way to securely communicate back to HQ and DoD back office executives could rest assured that their logistics system is efficient, timely and safe from hackers.
The advantages of this decentralized structure is that it would be more resilient, and there would be no centralized server where a spy or hacker could gather metadata, according to Frederic Jacobs, an independent security researcher who in the past worked as a developer for the encryption messaging app Signal. However, such a structure would have higher latency and it’s harder to deploy at scale, he further added.
DARPA awards contract for development of Blockchain based secure messaging and transaction platform
The US Defense Advanced Research Projects Agency (DARPA) has signed another Blockchain innovation deal, this time with Crypto-Chat developer ITAMCO. Under plans published Thursday, ITAMCO will develop a “secure, non-hackable messaging and transaction platform for the U.S. military” after it won the DARPA contract.
“We are excited to work with DARPA to develop the latest in military-grade encryption software using blockchain technology, and look forward to offering an enterprise solution for secure messaging to industry,” director of research and development Joel Neidig said in a press release. The messaging platform will use Blockchain technology to ensure data sent is “virtually hack-proof” by separating message creation from transmission. In practice, its uses will “include the communication of troops on the ground with HQ, or sending information between intelligence officers and the Pentagon.”
Legacy messaging and backoffice infrastructures, traditionally based on centralized, unencrypted hub-and spoke database architecture, are expensive, inefficient, brittle and subject to cyber-attack. The overhead costs of maintaining such architectures is rising rapidly. Many organizations unknowingly keep duplicate information and fail to ensure synchronization thus amplifying the potential for data theft and data corruption/rot.
Incorporating a truly transparent mechanism for conducting journaled transactions enables the DoD to leverage its distributed footprint for a reduction in latency of these transactions, their security and their integrity and assurance. The objective is to create a secure messaging and transaction platform that separates the message creation, from the transfer (transport) and reception of the message using a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger.
The messaging platform will transfer messages via a secure decentralized protocol that will be secured across multiple channels, including but not limited to: 1) Transport protocol, 2) Encryption of messages via various application protocols, 3) Customized blockchain implementation of message deconstruction and reconstruction, and decentralized ledger implementation.
With this messaging platform the business logic of the DoD ecosystem would be mapped onto a network of known entities using distributed ledgers. By doing this significant portions of the DoD backoffice infrastructure can be decentralized, ‘smart documents and contracts’ can be instantly and securely sent and received thereby reducing exposure to hackers and reducing needless delays in DoD backoffice correspondance.
As an example, Military Interdepartmental Purchase Requests (MIPR) could be implemented using the secure ledger. Regulators with access to the ledger could read the correspondance and thus easily verify that a MIPR transaction didn’t violate Federal Acquisition Regulations (FAR). The benefits are broad and could even be applied to domains such as space. With crowded skies it’s important to maintain situational awareness of all satellites and those concerned with space situational awareness/telemetry or air traffic control could instantly share data between nations using a separate but equivalent ledger implementation thus removing questions as to the authenticity and integrity of the data.
The contract includes three phases. The first phase will focus on “creating a model, …experimenting with encryption schemes, evaluating hardware…and defining the product feature set.” Phase two would be testing, and phase three would be implementation.
Blockchain for Homeland Security
The US Department of Homeland Security (DHS) is preparing to utilize Blockchain technology, in securing the transmission and storage of data collected by security cameras, sensors and internal databases. The DHS is aiming to prevent data manipulation and potential hacking attacks on thousands of devices operating in airports and on the US borders with Mexico and Canada. Currently, these devices rely on an outdated system based on centralized servers and databases, which are vulnerable to sophisticated malware-related attacks.
According to cointelegraph,com, depending on a traditional IT infrastructure is inefficient for a wide-reaching agency since it often leads large-scale operations hugely reliant on the storage and processing of information. Factom, a Blockchain startup, has secured a contract with the DHS to provide an infrastructure for departments such as the US Customs and Border Protection which is efficient, immutable and transparent.
“When law enforcement investigates suspected front companies involved in terror finance, one of the first places it looks is corporate registries. Every US state manages its own registry, as does every foreign country, and there is no reliable way to search across registry databases. The job gets more difficult when trying to crack the opaque offshore jurisdictions that illicit financiers favor.”
Enterprising startups are now experimenting with the blockchain technology that underpins virtual currencies like Bitcoin. Blockchain is an authenticated ledger that records digital transactions, but is increasingly used for validating all types of records. If a blockchain system were set up to hold corporate registry information internationally, it would help governments manage business data and identify firms and individuals engaged in illicit activity.
“Critics of Silicon Valley from the national-security community charge that technology is enabling terrorists to operate undetected. This same technological knowhow, however, could help the intelligence community thwart those plotting against us and our allies. Silicon Valley has become renowned for innovation, but it could one day become a byword for something even more important: keeping America and the world safe,” says Yaya J. Fanusie, a former CIA counterterrorism analyst
Block chain’s distributed consensus model
Marc Andreessen, the doyen of Silicon Valley’s venture capitalists, listed the blockchain’s distributed consensus model as the most important invention since the Internet itself. “Today, every interaction you have online relies on a central trusted authority. No matter what you do online, you’re trusting someone to tell you the truth — whether it’s your bank giving you your statement balance, your email service provider telling you your message was delivered, or your antivirus software assuring you that everything’s A-OK,” writes Mike Gault, Founder and CEO, Guardtime.
In fact, there’s always the risk that a single provider of information could lie, or simply be wrong. That’s why Internet security is such a disaster today; we’re trusting sources that can be hacked, manipulated or compromised. And increasingly we’re trusting them with our most precious personal data and life events
The blockchain could change all of that. A blockchain is the structure of data that represents a financial ledger entry, or a record of a transaction. Each transaction is digitally signed to ensure its authenticity and that no one tampers with it, so the ledger itself and the existing transactions within it are assumed to be of high integrity. All these digital ledger entries are distributed among a deployment or infrastructure. These additional nodes and layers in the infrastructure serve the purpose of providing a consensus about the state of a transaction at any given second; they all have copies of the existing authenticated ledger distributed amongst them.
When a new transaction or an edit to an existing transaction comes in, generally a majority of the nodes within a blockchain implementation must execute some algorithms and essentially evaluate and verify the history of the individual blockchain block that is proposed, and come to a consensus that the history and signature is valid, then the new transaction is accepted into the ledger and a new block is added to the chain of transactions. If a majority of nodes do not concede to the addition or modification of the ledger entry, then it is denied and not added to the chain.
This distributed consensus model is what allows blockchain to run as a distributed ledger without the need for some central, unifying authority saying what transactions are valid and (perhaps more importantly) which ones are not. By enabling this distributed consensus, it can actually create a true record of events, past and present, in the digital world.
Crucially, it does this without compromising privacy. You can record the fact that the event happened, and even that it happened correctly, without exposing confidential details about the subject matter or the parties involved. This explains why bitcoin enables black-market transactions; despite the public nature of the ledger, the users themselves can remain completely anonymous. Blockchain can be configured to work in a number of ways that use different mechanisms to achieve consensus on transactions and, in particular, to define known participants in the chain and exclude everyone else.
The largest example of blockchain in use, Bitcoin, employs an anonymous public ledger in which anyone can participate. For more private uses of blockchain among a smaller number of known actors, many organizations are deploying permissioned blockchains to control who participates in transaction activity.
Linux Foundation’s Hyperledger Project, is a collaborative effort started in December to develop an open, distributed ledger platform that will satisfy a variety of use cases across multiple industries. Hyperledger’s blockchain technology is independent of Bitcoin, and is supported by high-profile cross-industry players such as IBM, Intel, Accenture, as well as several banks and financial services firms. The country of Estonia, which secures much of its banking infrastructure with a blockchain, boasts the lowest rate of credit card fraud in the euro zone.
References and Resources also include: