Blockchain technology has won accolades for improving efficiency and transparency in business operations. It has also been seen as improving security.
But blockchain security is a complex issue that pits anonymity against trust, according to IBM’s Security Intelligence, a thought leadership and technical expertise hub for executives who manage enterprise risk and security.
Permissionless blockchains such as bitcoin’s do not require identity information from their participants. The bitcoin blockchain achieves trust through encryption. After each transaction, the cryptographic operation makes the transaction part of the chain.
Private blockchains serve a different purpose. The goal is to create a private network for known participants. Hence, participants’ identities are important.
For private blockchains to deliver their potential benefits, they need to provide identity and access management (IAM) functions. Such blockchains need to identify rather than anonymize their users.
Parties to a blockchain smart contract are identified and given particular roles. Specific actions are linked to specific participants.
For example, party A offers to sell a toaster to party B. Party B accepts the offer, and party A sends party B the toaster. The delivery service then delivers the toaster and party B pays party A.
The transaction can be embedded in a smart contract, which is a blockchain with rules. Besides recording externally entered transactions, the rules allow certain actions to take place among participants. A smart contract can transfer payment from a buyer to a seller when the delivery service sends a receipt to the blockchain.
But the question remains: how do we know the parties’ true identities?
There are two parts to the identification process. The first is to identity verification; someone has to assert that part A is party A, and someone also has to verify their identity. This verification requires an external party who examines party A’s identifying information, such as a bank account or passport.
The second part of the verification process is to associate party A with subsequent actions they take.
To utilize a private blockchain, parties must verify who they are dealing with. It is also necessary to determine the participants’ level of access. The following questions are important for blockchains:
• Who or what has to be identified or verified?
• What authentication level is needed? Must it be verified externally or just internally?
• What must be authorized?
• What blockchain actions should require authorization?
• Should certain actions be allowable to only certain parties?
These factors can change as organizations become more adept in blockchain use.
Every blockchain will have its own rules governing the amount of verification required when agreeing on changes to the transparent ledger or the smart contract.
Consensus on a blockchain is usually achieved with a two-thirds majority. This prevents problems associated with a single faulty node by quarantining the node.
Blockchains can use different consensus rules relying on a smaller number of nodes or a single node to verify activities. The process establishes node influence levels in the network and raises the need for proper IAM functions.
A private blockchain needs a reliable IAM function. Merging blockchain with identity creates new possibilities.
Last modified (UTC): October 7, 2016 19:11