Blockchain and Security : A Virtuous Circle?

ITU Workshop on “Security Aspects of Blockchain” (Geneva, Switzerland, 21 March 2017)

Blockchain and Security: A Virtuous Circle?

Dr. Mark Moir Architect, Oracle Labs, [email protected]

Geneva, Switzerland, 21 March 2017


The views expressed in this talk are my own and do not necessarily reflect the

views of Oracle or anyone else

Outline

•  The virtuous circle •  Problems looking for soluAons – AKA: How I learned to relax and love the blockchain

•  AbstracAon and regulaAon •  Wrap up


Outline





security

blockchain

Virtuous Circle?

Blockchain, interpreted broadly

•  Tamper-‐proof shared data •  Updates follow precise rules •  No trusted parAes required

•  Private/confidenAal data visible only to authorized parAes


Blockchain …

•  New combinaAons of old ideas – Peer-‐to-‐peer networking – Distributed consensus – Replicated state machines – Programming and domain-‐specific languages for specifying rules (smart contracts)

– Cryptographic hashing for data immutability – Digital cerAficates and signatures for authenAcaAon


… and related technologies

•  ParAcularly related to privacy/confidenAality – EncrypAon – Secure mulAparty computaAon – Zero knowledge proofs – Homomorphic encrypAon – …


Security

•  ProtecAon of: – Machines and resources


Security, Interpreted Broadly

•  ProtecAon of: – Machines and resources – Availability and reliability of networks and systems



•  ProtecAon of: – Machines and resources – Availability and reliability of networks and systems –  Integrity of data



•  ProtecAon of: – Machines and resources – Availability and reliability of networks and systems –  Integrity of data – Economies, global economy



•  ProtecAon of: – Machines and resources – Availability and reliability of networks and systems –  Integrity of data – Economies, global economy – Human rights, privacy, freedom of expression – Systems of government – Humanity!


Does Blockchain Redefine CyberSecurity?

•  Short answer: no •  Blockchain not the soluAon to every problem •  ExisAng challenges remain, new ones arise •  But security is enhanced by: – ToleraAng arbitrarily bad behavior by any parAcipant (assuming enough behave well)

–  Avoiding “single point of trust”



security

blockchain

Virtuous Circle?

Programmable trust

•  Suppose I can specify: “reset my password if one friend, and one work colleague and one bank accountably a]est that I authorized it”

•  My rules for my needs and circumstances •  Stronger passwords, be]er protected? •  Same for crypto keys, cerAficates?



security

blockchain

Virtuous Circle?

More secure, more useful

•  Higher value assets •  More important use cases •  Wider adopAon


security

blockchain

Virtuous Circle?

Enhanced economic security

•  Accountability, transparency and trust spread into economic and communicaAons systems

•  Reduced systemic risk? •  No more GFCs?

Not just assets and finance

•  Provenance – Enhanced food and drug safety?

•  IdenAty, AuthenAcaAon, ReputaAon – No more fake news? – No more anonymous cyberbullying? – Protect freedom of expression? – More construcAve public discourse?

Not just assets and finance

•  Terms of Service –  Informed consent – Consent for purpose

•  Personal control of personal data – Social media, photos – Healthcare records – Clinical trial data – …


security

blockchain

Virtuous Circle Spiral?

Outline




Problems looking for soluXons!

•  June, 2013 – Me: working on Select Commi]ee submission on proposed TelecommunicaAons IntercepAon legislaAon (New Zealand)

– Snowden: revealing that my concerns were valid ☺

•  Challenge: Enable legiAmate surveillance, protect privacy

•  Key issue: verifiable, accountable data access

I imagined

•  Precise, understandable rules for accountable government access to private data (e.g., phone records)

•  CiAzens can validate compliance •  Verifiable reports summarize extent of use •  Watchdogs can audit details, examine warrants, etc.

I gave a talk

Can$the$world’s$problems$$be$solved$with$good$abstrac6ons?$$

How$about$without?$$

Mark$Moir$Wellington,$NZ$

Disclaimer:$opinions$expressed$in$this$talk$do$not$represent$anyone$other$than$the$speaker.$

AbstracXon

Being abstract is something profoundly different from being vague […] the

purpose of abstracAon is not to be vague, but to create a new semanAc level in which one can be absolutely precise.

-‐ Edsger Dijkstra

Advantages of abstracXon

•  SpecificaAon is precise, no ambiguity •  Different people can understand differently, and at different levels of detail

•  We can prove there is no disconnect •  Can change implementaAon of a component independent of rest of system

I discovered (i.e., learned about ☺)

•  Blockchains: agreement on updates to data •  Smart contracts: flexible, precise rules •  No trusted intermediary required

What was/is missing?

•  Scalability •  ProtecAon of private/confidenAal informaAon •  Accountability •  Precise, flexible rules understandable by humans

•  Nonetheless, a solid start towards “abstracAons to solve the world’s problems”

What was/is missing?

•  Scalability •  ProtecAon of private/confidenAal informaAon •  Accountability •  Precise, flexible rules understandable by humans

•  Nonetheless, a solid start towards “abstracAons to solve the world’s problems”

Outline




Key Blockchain Ingredient: Cryptographic Hashing

•  E.g., sha256(“information about you”) = 7d45b8e17e9892705b925213bba259bcd28e2ed9b657c64e3ae3953099ee35534

•  “One way funcAon” (effecAvely) impossible to find original data given hash

•  “Collision resistant”: (effecAvely) impossible to find two inputs that hash to same output

•  Can’t change the input without changing the output => tamper resistance

•  Each block contains a cryptographic hash of the previous block’s contents

•  Changing any block changes all subsequent hashes

•  Immutable, tamper-‐proof

Blockchain tamper resistance Genesis

PrevBlkHash: 0xABC….

PrevBlkHash: 0xDEF….

PrevBlkHash: 0x123….

•  Blocks also contain transacAon data

•  Including informaAon about you?

•  It’s immutable

A closer look PrevBlkHash: 0xABC…. BlkTxData: …. informaAon about you …

PrevBlkHash: 0xDEF…. BlkTxData: ….

Right to be forgo^en PrevBlkHash: 0xABC…. BlkTxData: …. XXXXXXXXXXX …




•  It’s immutable •  Hmmmm, what about the right to be forgo]en?

Right to be forgo^en


PrevBlkHash: 0xABC…. BlkTxData: …. XXXXXXXXXXX …

Hash mismatch!



•  It’s immutable •  Hmmmm, what about the right to be forgo]en?

•  Encrypt data and/or store cryptographic hash idenAfying off-‐chain data

Possible soluXon #1

7d45b8e1…

informaAon about you


PrevBlkHash: 0xABC…. BlkTxData: …. 7d45b8e1… …


Possible soluXon #1

7d45b8e1…




Note: its hash is its name


Possible soluXon #1

7d45b8e1…





Possible soluXon #1

7d45b8e1…




PrevBlkHash: 0x123…. BlkTxData: …. delete 7d45b8e1…


Possible soluXon #1





Possible soluXon #1




Did everyone delete it??


Possible soluXon #1




Did everyone delete it??


Hash of “informaXon about

you” kept

•  “Chameleon hashes” relax collision resistance for specially authorized parAes

•  Different block with same hash

Possible soluXon #2


PrevBlkHash: 0xABC…. BlkTxData: …. informaAon about you…



Possible soluXon #2




PrevBlkHash: 0xABC…. BlkTxData: …. nothing to see here …



•  No need to modify subsequent blocks

Possible soluXon #2



✓


PrevBlkHash: 0xABC…. BlkTxData: …. nothing to see here …

SoluXon #1 vs. SoluXon #2

Encrypt and/or store off-‐chain

Chameleon hashes

Special (trusted?) authorized parAes can edit? NO YES

Special cryptographic technology required? NO YES

Honest ones keep hash and/or encrypted data? YES/MAYBE NO

Guarantee all deleted informaAon about you? NO NO



Chameleon hashes





•  Immutability is a feature (auditability, integrity)

•  Effect on subsequent transacAons?



Chameleon hashes




Guarantee all deleted informaAon about you? NO NO •  Limits soluAons •  SAfles innovaAon



Chameleon hashes




Guarantee all deleted informaAon about you? NO NO •  Remember: one way funcAons •  Honest ones will delete informaAon



Chameleon hashes





•  No soluAon ensures dishonest parAcipants delete data they had!

Regulatory AbstracXon?

•  EU RegulaAon 2016/679: General Data ProtecAon RegulaAon (GDPR)

•  Recital 66: “erase any links to, or copies or replicaDons”

•  Precise interpretaAon of “erase” and “link” directly affect soluAons possible

Precise meaning of “erase”?

•  AbstracAon is about observable behavior, not about implementaAon:

•  lookup(7d45b8e1, store(7d45b8e1, “information about you”)) = “information about you”

Precise meaning of “erase”?

•  AbstracAon is about observable behavior, not about implementaAon:

•  lookup(7d45b8e1, erase(7d45b8e1, store(7d45b8e1, “information about you”)))= “not found”

•  Data is referred to by its cryptographic hash

•  Is hash a “link” that must be “erased”?

Precise meaning of “link”?

7d45b8e1…






•  Or is recording data’s erasure sufficient?







•  Or is recording data’s erasure sufficient?

•  How to hold cheaters accountable?





Broad excepXons

•  GDPR, recital 65: “the further retenDon of the personal data should be lawful where it is necessary, for exercising the right of freedom of expression and informaDon, for compliance with a legal obligaDon, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scienDfic or historical research purposes or staDsDcal purposes, or for the establishment, exercise or defence of legal claims”

Broad excepXons

•  GDPR, recital 65: “the further retenDon of the personal data should be lawful where it is necessary, for exercising the right of freedom of expression and informaDon, for compliance with a legal obligaDon, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scienDfic or historical research purposes or staDsDcal purposes, or for the establishment, exercise or defence of legal claims”

•  Is storage in immutable blockchain “archiving in public interest”?

•  Is the excepXon too broad?

PragmaXc, accountable abstracXon

•  “Code is law” great, right up unAl it isn’t •  Need to enable accountable human judgment •  Can’t encode “in public interest” •  Can encode “three of four named organizaAons say it is” or “judge in one of named courts says it is”

Concluding remarks

•  Blockchain needs security •  Blockchain can enhance security •  Virtuous circle: “solve the world’s problems” •  AbstracAon: be careful what you ask for •  PragmaAc blend of precise rules and accountable human judgment needed


Thanks! QuesXons?

[email protected] h]ps://www.linkedin.com/in/markmoir


Technology

Blockchain and Security : A Virtuous Circle?