BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Everyone knows about blockchains; it’s the technical foundation of the popular and controversial Bitcoin currency. While Bitcoin has popularized the notion of the blockchain it’s done nothing to educate IT professionals on blockchain security and the value and uses of blockchains. Here we will attempt to remedy that that problem.
Driving digital transformations
Blockchain could revolutionize many things, one of which is mobile and IoT digital transformations. To decide if you could benefit, take a look at the real foundation of blockchain and its strengths and limitations, follow a specific set of steps in establishing a mobile security blockchain security plan, and never take your eyes off the notion of community.
Blockchain technology was developed so address a challenge in the world of electronic finance that arose as it underwent a digital transformation —how do you trust mutual interactions like bills and payments when the contents of either could be altered by either party? The traditional solution to this has been the use of a trusted intermediary, a third party who held authoritative copies. Blockchain eliminated the need for this by creating a distributed database or ledger that could be used by all parties and whose authenticity could be verified from the data itself.
Blockchain security and digital transactions
Blockchains are, as the name suggests, chained blocks or sets of transactions. The parties to a blockchain sign their own transactions with strong keys, and this assures that every entry is authentic. Two strong hash codes are added to a block, one to provide tamper protection for the block and another to protect what went before. The combination of these hashes makes it impossible for a party to change transactions without having the tampering detected, which would alert other parties.
As a virtual clearinghouse for commercial cooperation without mediation, blockchain security is a revolution. Any user of blockchain can be assured that that which is on it is legitimate—it’s been said (and is likely true) that Bitcoin has never been hacked. Think of blockchain as a ledger, a place where a community of “users” record their transactions and to which they turn for a trusted record of what has been done.
This probably doesn’t sound much like security, or seem to apply to mobile devices, but in fact blockchains are a way of creating collaboration and cooperation without the awkward and often intrusive presence of a third party. If verification/authentication is a key to trust, then blockchain addresses the issue. What’s security except living in a world short on trust? It’s actually fairly easy to see how the notion of auto-verified collaboration could help mobile security a lot, but also to recognize its limitations. Authenticity is critical to mobile security in many ways, but it’s not a universal or total solution to mobile security problems.
Mobile blockchains are likely to start in a registration blockchain that would register a device at the time of sale or even at build-time. Mobile devices already have unique IDs that would facilitate this. The registry could then track changes in device ownership, and also the uses or applications for which the device was authorized. The same ID could register with social media, vendors, banks and financial institutions, and even geographic sub-registries.
Blockchain security can also validate the source of mobile apps and mobile updates, and even insure that the correct version of mobile front-end software is used in the cloud or data center to process mobile transactions. What it can’t do is protect the device from exploit-based malware that enters through a validated app like a browser, or in fact even prevent the device user from loading apps and making changes that go around the blockchain-based protections. In short, blockchain is an important piece of a mobile security ecosystem, but a piece that has to be designed into and developed properly for that ecosystem. Today, for mobile security more so than for many blockchain target application areas, users will have do some work of their own to build that ecosystem.
Digitally transforming mobile security
How do you adopt blockchain in mobile security when undergoing a digital transformation? First, identify elements of your mobile applications that are community-based. You don’t need blockchain where you are the only party to the activity, so you want to find elements where there are other players and where those players can be incented to cooperate with you. Authenticating the contribution of the players is what blockchain is good at, and the more players there are, the more authentic and fail-safe the blockchain is.
The second step is frame the specific transactions that blockchain will authenticate. Most blockchain applications do one of two things; mediate the ownership of value of a shared resource (Bitcoin does this) or record all sides of a multi-party transaction like a bill/payment or quote/bid. Applications that work either way work well with blockchain.
The digital transformation community
Step three is look for a community platform. If blockchain is about communities, then the best mobile security blockchain strategy is likely driven by a community. Vendors are already presenting community proof-of-concepts in mobile and IoT security; IBM and Samsung have their ADEPT concept, or Autonomous Decentralized Peer-to-Peer Telemetry, for building an IoT network. It could apply to mobile devices as well.
Step four in making blockchain security part of your digital transformation is to strongly consider a blockchain-as-a-service model if you proceed on your own. In theory, you could deploy a single blockchain across multiple IT/software platforms, cloud providers, etc. In practice, it will be a lot easier to start with a common platform for your community. That’s one reason why blockchain-as-a-service is a good thing to consider.
Through all your mobile security blockchain planning, never forget the central notion of community. It’s ironic that while blockchain’s value and security actually grow with the number of members in a blockchain, the difficulties in planning blockchains grow as well.
It’s also important to remember that blockchain security records promises but doesn’t enforce them. It can, via digital signatures, identify parties or elements. It can, via hashtags, prevent tampering with records. At the end of the day, though, it often creates little more than a self-authenticating audit trail of activity. You’ll have to work that into mobile security to make blockchain useful.
How blockchain technology can benefit a distributed architecture
Best practices for mixing blockchain technology and blockchain security with a digital transformation
Critical questions to ask when embarking upon a digital transformation