Blockchain Technology
Blockchains are immutable digital ledger systems implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority. At its most basic level, they enable a community of users to record transactions in a ledger public to that community such that no transaction can be changed once published.
Blockchains are a new information technology that have the potential to invert the cybersecurity paradigm. First, blockchain networks are trustless: they assume compromise of the network by both insiders and outsiders. Second, blockchains are transparently secure: they do not rely on failure-prone secrets but rather on a cryptographic data structure that makes tampering both exceptionally difficult and immediately obvious. Finally, blockchain networks are fault tolerant: they align the efforts of honest nodes to reject those that are dishonest. As a result, blockchain networks not only reduce the probability of compromise but also impose significantly greater costs on an adversary to achieve it. The U.S. Air Force, for example, will research and develop blockchain technology and leverage it for national defense.
A blockchain is a shared, distributed, tamper-resistant database that every participant on a network can share but that no one entity controls. In other words, a blockchain is a database that stores digital records. The database is shared by a group of network participants, all of whom can submit new records for inclusion. However, those records are only added to the database based on the agreement, or consensus, of a majority of the group. Additionally, once the records are entered, they can never be changed or erased. In sum, blockchains record and secure digital information in such a way that it becomes the group's agreed-upon record of the past.
The blockchain was first proposed in 2008 by Satoshi Nakamoto (a pseudonym) in conjunction with the cryptocurrency Bitcoin. Nakamoto's vision was to allow online payments to be sent directly from one party to another without going through a financial institution. However, without a trusted central authority to oversee accounts and transactions, there would be no way to prevent dishonest actors from spending a single Bitcoin twice. Nakamoto's solution was a distributed database of time-stamped, consensus-based, cryptographically tagged transactions that form a record that cannot be changed—a blockchain. Bitcoin became a reality in 2009.
While the blockchain was virtually synonymous with Bitcoin for several years, it should be made clear that they are two separate technologies. Bitcoin is just the first popular application of blockchain, just as e-mail was the first popular application of the Internet. Its potential is so vast, in fact, that advocates compare the maturity and innovative potential of blockchain technology today to that of the Internet in 1992, an Internet before the World Wide Web. However, because blockchain technology simply rides on the existing Internet infrastructure, the maturity of blockchain technology is likely to progress three times faster than the Internet.
Industry has recognized the potential of blockchain technology. Since 2013 more than $1 billion of venture capital has been invested into 120 blockchain start-ups. Aims are diverse, ranging from finance to the tracking and trade of indivisible assets (such as diamonds and art) to digital notary services that can serve as evidence in a court of law; however, interest has expanded beyond just start-ups. Large, mature companies such as Lockheed Martin, IBM, and Goldman Sachs have also begun investigating potential blockchain applications in their respective sectors.
Blockchains solve a challenging problem in data science: how to reliably exchange information over an unreliable network on which some of the participants cannot be trusted. The blockchain security model inherently assumes that these dishonest participants will attempt to create friction by not only generating false data but also attempting to manipulate valid data passed from honest participants. By using a variety of messaging and consensus techniques, blockchains ensure data integrity by both rejecting invalid data and preventing valid data from being secretly modified or deleted.
Blockchain technology is worthy of examination because it offers three significant advantages over traditional cyber defense strategies. First, rather than trying to defend boundaries from compromise, blockchains assume compromise by both adversaries and trusted insiders. They are designed to defend data in a contested cyber environment. Second, blockchain networks harness the aggregate power of the network to actively resist the efforts of malicious actors. Specifically, blockchains take advantage of the asymmetry of many against few. Finally, the security that blockchains provide is not dependent on secrets or trust. There are no passwords to be exposed, cryptographic keys to be protected, or administrators to be trusted. Blockchains provide an inherent security function on which additional security functions can be added, depending on the application. As result of these advantages, blockchains are capable of operating successfully and securely on the open Internet, without a trusted central authority, while fully exposed to hostile actors.
Aiming to clarify the subject for the benefit of companies and other organizations, the National Institute of Standards and Technology (NIST) released a straightforward introduction to blockchain, which underpins Bitcoin and other digital currencies.
Virtual barrels of digital ink are flowing in the media nowadays about these cryptocurrencies and the underlying blockchain technology that enables them. Much of the attention stems either from the giddy heights of value attained lately by the most well-known of these currencies, Bitcoin, or from the novelty of blockchain itself, which has been described as the most disruptive technology since the internet. Blockchain’s proponents believe it lets individuals perform transactions safely without the costs or security risks that accompany the intermediaries that are required in conventional transactions.
A blockchain is essentially a decentralized ledger that maintains transaction records on many computers simultaneously. Once a group, or block, of records is entered into the ledger, the block’s information is connected mathematically to other blocks, forming a chain of records. Because of this mathematical relationship, the information in a particular block cannot be altered without changing all subsequent blocks in the chain and creating a discrepancy that other record-keepers in the network would immediately notice. In this way, blockchain technology produces a dependable ledger without requiring record-keepers to know or trust one another, which eliminates the dangers that come with data being kept in a central location by a single owner.
The blockchain idea has attracted enough supporters that there are now several hundred digital currencies on the market and the companies that are investigating ways to employ blockchain number many more. Because the market is growing so rapidly, several stakeholders, customers and agencies asked NIST to create a straightforward description of blockchain so that newcomers to the marketplace could enter with the same knowledge about the technology.
Organizations considering implementing blockchain technology need to understand important aspects of the technology. For example, what happens when an organization implements a blockchain system and then decides they need to make modifications to the data stored? When using a database, this can be accomplished through a simple query (or major changes can be made by updating the database schema or software). However, on a blockchain, it is much more difficult to change data or update the ‘database’ software. Organizations need to understand the extreme difficulty in changing anything that is already on the blockchain, and that changes to the blockchain software may cause forking of the blockchain. Another critical aspect of blockchain technology is how the participants agree that a transaction is valid. This is called “reaching consensus”, and there are many models for doing so, each with positives and negatives for a specific business case.
Some existing blockchain technologies focus on storing wealth, while others are a platform for smart contracts (software which is deployed on the blockchain itself, and executed by the computers running that blockchain). New blockchain technologies are being developed constantly to enable new use cases and to improve the efficiency of existing systems. Some blockchain implementations are permissionless, meaning anyone can read and write to them.
Other implementations limit participation to specific people or companies, allow finer-grained controls, and may be managed by a central entity. Knowing these specifics allows an organization to understand what will be most applicable to its needs.
Despite the many variations of blockchain systems and the rapid development of new technologies, most blockchains use some common core concepts. Each transaction involves one or more addresses and a recording of what happened, and it is digitally signed. Blockchains are comprised of blocks, each block being a group of transactions. All the transactions in a block are grouped together, along with a cryptographic hash of the previous block. Finally, a new hash is created for the current block’s header to be recorded within the block data itself as well as within the next block. Over time, each block is then chained to the previous block in the chain by adding the hash of the previous block to the header of the current block.
The use of blockchain technology is not a silver bullet, and there are issues that must be considered such as how to deal with malicious users, how controls are applied, and the limitations of any blockchain implementation. That said, blockchain technology is an important concept that will be a basis for many new solutions.
Federal agencies are eager to better evaluate and adopt distributed ledger technologies (like blockchain) that use encryption and coding to improve transparency, efficiency and trust in information sharing. Blockchain use cases that agencies submit for exploration touch many parts and processes of an organization, including:
GSA’s Emerging Citizen Technology Office launched the U.S. Federal Blockchain program for federal agencies and U.S. businesses who are interested in exploring distributed ledger technology and its implementation within government.
GSA hosted the first U.S. Federal Blockchain Forum on July 18, 2017, uniting more than 100 federal managers from dozens of unique agencies to discuss use cases, limitations, and solutions. Agency teams submitted their own potential use cases for blockchain technology to our current repository of almost 200 submissions.
At its core, blockchain technology is a way to transfer any kind of data or information in a fast, tracked, and secure way without the need for an intermediary institution. Initially developed to allow peers to directly exchange digital currency faster and at lower cost, blockchain is now yielding a variety of promising new solutions beyond financial services. It is difficult to understand the full potential of these new applications at this formative stage, but they include property transfers, the execution of contracts, authentication services, device management, and records management.
Despite their novelty, these applications are beginning to gain traction with major companies and government entities, from Citibank and JPMorgan Chase to the Estonian government and Australia Post. These organizations are researching or experimenting with blockchain technology in order to keep better records and provide new and more efficient services.
The U.S. Postal Service Office of Inspector General contracted with Swiss Economics in order to better understand blockchain technology’s features and capabilities, as well as identify potential areas of interest for the Postal Service.
One major area is financial services. The Postal Service could use blockchain technology to improve the back-end of its financial products, such as international money transfers and money orders. A blockchain-based financial platform could digitize and streamline the services, making them faster and cheaper for both the Postal Service and its customers. In the long-term, blockchain technology could also be useful to the Postal Service in other areas such as identity services, supply chain management, and device management.
While blockchain was originally developed as part of digital currency, people are realizing that at its core, it is a way to transfer any kind of information in a fast and private way and that it can be useful for any kind of information or value transfer that typically involves an intermediary. This realization has spurred intense development activity in the market. In fact, people in the field are comparing it to the early stages in the development of the Internet, and there are similar levels of capital investment in startups related to blockchain services and applications as there was in the development of the Internet in the mid-1990s. Just as the Internet relies on services such as browsers and email clients to help consumers access its capabilities, blockchain technology’s utility and continued development will rely on innovation by new service providers.
Since the blockchain mechanism was originally conceived as a financial exchange tool for Bitcoins, much of the innovation activity so far has been in financial applications. It is important to note, however, that a coin on a blockchain could easily represent more than Bitcoins or money. It could represent a house, a car, a stock, or even a vote or an identity. Arguably, a coin could represent any kind of information or any piece of data. It is this realization that is sparking growth in this sector, including the development of new applications and increased interest in this technology by major players.
Blockchain transactions are quite different from typical transactions. They have unique attributes that offer users a number of potential benefits. These benefits are what have sparked the interest in this technology and innovation in this area. On the other hand, as with any new technology, there are still many challenges associated with blockchain that are important to consider.
The OIG collaborated closely with Swiss Economics to outline the benefits and shortcomings of blockchain technology. These strengths and weaknesses emerged within the context of financial applications of blockchain, but they also apply to other application areas.
Due to the decentralized nature of blockchains, users have the ability to make online transactions for a fraction of the fees charged by current intermediaries such as financial or legal institutions. Credit card companies charge a fee per transaction for processing, which is a cost that is usually borne by merchants but which can also be passed along to buyers through higher prices or an additional fee for purchasing with a credit card. Remittance service providers charge senders an average of 8 percent to transfer money to family overseas. In the financial services sector alone, Spanish bank Santander estimates that blockchain technology could save banks around the world $15-20 billion annually in settlement, regulatory, and cross-border payment costs. Outside of the financial services sector, IBM has suggested that blockchain can help reduce infrastructure and maintenance costs of scaling the Internet of Things by allowing connected devices to share computing resources without dependency on a central cloud or server, thereby optimizing resource utilization and cost. Other cost savings of the technology are only just beginning to be investigated.
Blockchain transactions are processed much more quickly than most traditional data transfer systems, usually in a matter of minutes. With blockchain, time is saved by the elimination of intermediary institutions such as clearinghouses that make sure banks or others parties have matching records. This feature is especially significant when it comes to payments, which can take hours, days, or even weeks to process. For example, when trading stocks or bonds, it usually takes 3 days for a transaction to settle and for the participants to have their funds available. This is true even for electronic transactions where the information exchange may be immediate, but it may take 3 days to receive payment. Real estate sales are also costly and time-intensive, often taking weeks to schedule a time for closing with thousands of dollars in closing costs. With smart property, selling a house could be as simple as transferring a coin. Other applications, such as not having to present yourself in-person to vote or notarize a document could save time and increase the convenience of these processes. Blockchain allows for faster, more efficient, and more customizable transactions.
Transactions across a blockchain are not bound to geographical limits. Given the virtual nature of the system, it does not matter whether an individual sends data to a neighbor or to someone on the other side of the world. In addition, as blockchains do not use intermediaries, which are bound by country-specific regulations, transactions can cross national borders with less friction. This makes blockchain well suited for international transactions.
Blockchain-based payments are irreversible; once a payment is issued, it can only be reversed by asking the receiver to pay the same amount back in another transaction. This feature is ideal for lowering transaction risk for a payment recipient, allowing merchants to be sure that buyers cannot cancel a payment after the sale of a good or service (the way they can with credit card purchases). This alleviates fraud risks and payment security costs for merchants. On the other hand, buyers may not view this as an advantage. This is because conventional card- and bank-based payment providers, acting on behalf of the buyer, can reverse transactions in order to protect buyers against fraud, such as being overcharged or if a good is defective. However, the irreversibility feature is not only beneficial to merchants. It applies to other application areas as well; including the transfer of property where there would be no way, for example, for someone selling a house on a blockchain to reverse the transaction and get the deed back after receiving payment. This feature would also mean that records could not be tampered with, altered, or undone after they have been created, making blockchain a highly transparent and auditable records management tool.
Currently, completing an ecommerce transaction or enacting a legally binding contract requires participants to disclose their personal information to another party, such as an ecommerce platform. Transferring information across a blockchain is similar to paying with cash: there is no need to disclose any personal information such as a person’s name, address, credit history, or credit card number. Individuals only disclose their wallet information, which is an alphanumeric address. In addition to protecting user privacy, blockchain transactions greatly reduce the risks of identity theft and fraud that are common with other forms of transaction or payment, such as credit cards.
Blockchain is new and very different from most of the traditional technologies that people use. As such, in its current form, it requires above-average computer literacy to use properly, which acts as a barrier to entry for businesses and individuals that are interested in applications but do not know where to begin. This can limit access to the new technology for non tech-savvy users, and can expose them to fraud risks. Further, blockchain’s decentralization means that there is no central customer care resource if users need assistance.
Although the Bitcoin blockchain has so far not been compromised, service providers (such as wallet providers or exchange services), are vulnerable to attacks. Furthermore, the privacy of transactions seen as a benefit to many is also a security concern. Not knowing the identity of the individual on the other side of the transaction makes it difficult to resolve issues that may arise and can place users at risk for fraud.
At present, access to blockchain applications is provided by online exchanges. Physical touchpoints, such as Bitcoin ATMs and other physical service locations, are scarce and scattered. Service platforms are mostly new start-up firms with little reputation and lack physical exchange points.
A lot of progress has been made in recent years, but there is still no international — or even interstate — agreement about how to regulate blockchain applications. Current regulations focus on financial applications of blockchain technology. It remains to be seen how applications such as smart contracts, smart property, and records management will be regulated. Up to this point, some government entities have emphasized instituting consumer protections while letting innovation continue to develop, but others have imposed more restrictive regulations. For example, the state of New York requires a BitLicense for businesses operating in this space, causing many startups to leave the state. This regulatory uncertainty, coupled with speculation, has led to other problems, such as exchange rate volatility in the cryptocurrency applications such as Bitcoin.
In its role as the science advisor to the Department of Homeland Security, the Science and Technology Directorate (S&T) is well-positioned to answer these questions. S&T is taking the lead with research and development projects in this area to determine viable uses for the technology.
Cutting through the sensationalism associated with such a product, S&T sees the reality of blockchain’s promise. The technology presents intriguing possibilities with associated far-reaching benefits that may be relevant to the HSE, such as:
The wide gap between the hype and the reality requires proving if security and privacy controls can be supported or enabled by blockchain and whether the benefits of adopting the technology outweigh the pain of incorporating it into a proven information technology environment.
With such potential, proving the security and privacy aspects is precisely where S&T currently is focusing its resources. It is doing so via Small Business Innovation Research projects to investigate the various capabilities of blockchain. This includes security and privacy characteristics as well as exploring its immutability, data integrity and anti-spoofing aspects via a Silicon Valley Innovation Program project.
If these research projects bear fruit, S&T will begin developing ways to implement blockchain technology to better safeguard the American people, our homeland and our values.
Security Systems Video and Audio Interoperability
Applicability of Blockchain Technology to Identity Management and Privacy Protection
Autonomous Indoor Navigation and Tracking of First Responders
Internet of Things (IoT) Low-Cost Flood Inundation Sensor
Low-Cost, Real-Time Data Analytics for Underserved EMS Agencies
Real-Time Assessment of Resilience and Preparedness
Using Social Media to Support Timely and Targeted Emergency Response Actions
Remote Identity Proofing Alternatives to Knowledge Based Authentication and Verification