Upload
itu
View
35
Download
1
Embed Size (px)
Citation preview
ITU Workshop on “Security Aspects of Blockchain” (Geneva, Switzerland, 21 March 2017)
Blockchain and Security: A Virtuous Circle?
Dr. Mark Moir Architect, Oracle Labs, [email protected]
Geneva, Switzerland, 21 March 2017
Geneva, Switzerland, 21 March 2017
The views expressed in this talk are my own and do not necessarily reflect the
views of Oracle or anyone else
Outline
• The virtuous circle • Problems looking for soluAons – AKA: How I learned to relax and love the blockchain
• AbstracAon and regulaAon • Wrap up
Geneva, Switzerland, 21 March 2017
Outline
• The virtuous circle • Problems looking for soluAons – AKA: How I learned to relax and love the blockchain
• AbstracAon and regulaAon • Wrap up
Geneva, Switzerland, 21 March 2017
Blockchain, interpreted broadly
• Tamper-‐proof shared data • Updates follow precise rules • No trusted parAes required
• Private/confidenAal data visible only to authorized parAes
Geneva, Switzerland, 21 March 2017
Blockchain …
• New combinaAons of old ideas – Peer-‐to-‐peer networking – Distributed consensus – Replicated state machines – Programming and domain-‐specific languages for specifying rules (smart contracts)
– Cryptographic hashing for data immutability – Digital cerAficates and signatures for authenAcaAon
Geneva, Switzerland, 21 March 2017
… and related technologies
• ParAcularly related to privacy/confidenAality – EncrypAon – Secure mulAparty computaAon – Zero knowledge proofs – Homomorphic encrypAon – …
Geneva, Switzerland, 21 March 2017
Security, Interpreted Broadly
• ProtecAon of: – Machines and resources – Availability and reliability of networks and systems
Geneva, Switzerland, 21 March 2017
Security, Interpreted Broadly
• ProtecAon of: – Machines and resources – Availability and reliability of networks and systems – Integrity of data
Geneva, Switzerland, 21 March 2017
Security, Interpreted Broadly
• ProtecAon of: – Machines and resources – Availability and reliability of networks and systems – Integrity of data – Economies, global economy
Geneva, Switzerland, 21 March 2017
Security, Interpreted Broadly
• ProtecAon of: – Machines and resources – Availability and reliability of networks and systems – Integrity of data – Economies, global economy – Human rights, privacy, freedom of expression – Systems of government – Humanity!
Geneva, Switzerland, 21 March 2017
Does Blockchain Redefine CyberSecurity?
• Short answer: no • Blockchain not the soluAon to every problem • ExisAng challenges remain, new ones arise • But security is enhanced by: – ToleraAng arbitrarily bad behavior by any parAcipant (assuming enough behave well)
– Avoiding “single point of trust”
Geneva, Switzerland, 21 March 2017
Programmable trust
• Suppose I can specify: “reset my password if one friend, and one work colleague and one bank accountably a]est that I authorized it”
• My rules for my needs and circumstances • Stronger passwords, be]er protected? • Same for crypto keys, cerAficates?
Geneva, Switzerland, 21 March 2017
Enhanced economic security
• Accountability, transparency and trust spread into economic and communicaAons systems
• Reduced systemic risk? • No more GFCs?
Not just assets and finance
• Provenance – Enhanced food and drug safety?
• IdenAty, AuthenAcaAon, ReputaAon – No more fake news? – No more anonymous cyberbullying? – Protect freedom of expression? – More construcAve public discourse?
Not just assets and finance
• Terms of Service – Informed consent – Consent for purpose
• Personal control of personal data – Social media, photos – Healthcare records – Clinical trial data – …
Outline
• The virtuous circle • Problems looking for soluAons – AKA: How I learned to relax and love the blockchain
• AbstracAon and regulaAon • Wrap up
Geneva, Switzerland, 21 March 2017
Problems looking for soluXons!
• June, 2013 – Me: working on Select Commi]ee submission on proposed TelecommunicaAons IntercepAon legislaAon (New Zealand)
– Snowden: revealing that my concerns were valid ☺
• Challenge: Enable legiAmate surveillance, protect privacy
• Key issue: verifiable, accountable data access
I imagined
• Precise, understandable rules for accountable government access to private data (e.g., phone records)
• CiAzens can validate compliance • Verifiable reports summarize extent of use • Watchdogs can audit details, examine warrants, etc.
I gave a talk
Can$the$world’s$problems$$be$solved$with$good$abstrac6ons?$$
How$about$without?$$
Mark$Moir$Wellington,$NZ$
Disclaimer:$opinions$expressed$in$this$talk$do$not$represent$anyone$other$than$the$speaker.$
AbstracXon
Being abstract is something profoundly different from being vague […] the
purpose of abstracAon is not to be vague, but to create a new semanAc level in which one can be absolutely precise.
-‐ Edsger Dijkstra
Advantages of abstracXon
• SpecificaAon is precise, no ambiguity • Different people can understand differently, and at different levels of detail
• We can prove there is no disconnect • Can change implementaAon of a component independent of rest of system
I discovered (i.e., learned about ☺)
• Blockchains: agreement on updates to data • Smart contracts: flexible, precise rules • No trusted intermediary required
What was/is missing?
• Scalability • ProtecAon of private/confidenAal informaAon • Accountability • Precise, flexible rules understandable by humans
• Nonetheless, a solid start towards “abstracAons to solve the world’s problems”
What was/is missing?
• Scalability • ProtecAon of private/confidenAal informaAon • Accountability • Precise, flexible rules understandable by humans
• Nonetheless, a solid start towards “abstracAons to solve the world’s problems”
Outline
• The virtuous circle • Problems looking for soluAons – AKA: How I learned to relax and love the blockchain
• AbstracAon and regulaAon • Wrap up
Geneva, Switzerland, 21 March 2017
Key Blockchain Ingredient: Cryptographic Hashing
• E.g., sha256(“information about you”) = 7d45b8e17e9892705b925213bba259bcd28e2ed9b657c64e3ae3953099ee35534
• “One way funcAon” (effecAvely) impossible to find original data given hash
• “Collision resistant”: (effecAvely) impossible to find two inputs that hash to same output
• Can’t change the input without changing the output => tamper resistance
• Each block contains a cryptographic hash of the previous block’s contents
• Changing any block changes all subsequent hashes
• Immutable, tamper-‐proof
Blockchain tamper resistance Genesis
PrevBlkHash: 0xABC….
PrevBlkHash: 0xDEF….
PrevBlkHash: 0x123….
• Blocks also contain transacAon data
• Including informaAon about you?
• It’s immutable
A closer look PrevBlkHash: 0xABC…. BlkTxData: …. informaAon about you …
PrevBlkHash: 0xDEF…. BlkTxData: ….
Right to be forgo^en PrevBlkHash: 0xABC…. BlkTxData: …. XXXXXXXXXXX …
PrevBlkHash: 0xDEF…. BlkTxData: ….
• Blocks also contain transacAon data
• Including informaAon about you?
• It’s immutable • Hmmmm, what about the right to be forgo]en?
Right to be forgo^en
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. XXXXXXXXXXX …
Hash mismatch!
• Blocks also contain transacAon data
• Including informaAon about you?
• It’s immutable • Hmmmm, what about the right to be forgo]en?
• Encrypt data and/or store cryptographic hash idenAfying off-‐chain data
Possible soluXon #1
7d45b8e1…
informaAon about you
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. 7d45b8e1… …
• Encrypt data and/or store cryptographic hash idenAfying off-‐chain data
Possible soluXon #1
7d45b8e1…
informaAon about you
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. 7d45b8e1… …
Note: its hash is its name
• Encrypt data and/or store cryptographic hash idenAfying off-‐chain data
Possible soluXon #1
7d45b8e1…
informaAon about you
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. 7d45b8e1… …
• Encrypt data and/or store cryptographic hash idenAfying off-‐chain data
Possible soluXon #1
7d45b8e1…
informaAon about you
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. 7d45b8e1… …
PrevBlkHash: 0x123…. BlkTxData: …. delete 7d45b8e1…
• Encrypt data and/or store cryptographic hash idenAfying off-‐chain data
Possible soluXon #1
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. 7d45b8e1… …
PrevBlkHash: 0x123…. BlkTxData: …. delete 7d45b8e1…
• Encrypt data and/or store cryptographic hash idenAfying off-‐chain data
Possible soluXon #1
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. 7d45b8e1… …
PrevBlkHash: 0x123…. BlkTxData: …. delete 7d45b8e1…
Did everyone delete it??
• Encrypt data and/or store cryptographic hash idenAfying off-‐chain data
Possible soluXon #1
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. 7d45b8e1… …
PrevBlkHash: 0x123…. BlkTxData: …. delete 7d45b8e1…
Did everyone delete it??
PrevBlkHash: 0xDEF…. BlkTxData: ….
Hash of “informaXon about
you” kept
• “Chameleon hashes” relax collision resistance for specially authorized parAes
• Different block with same hash
Possible soluXon #2
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. informaAon about you…
• “Chameleon hashes” relax collision resistance for specially authorized parAes
• Different block with same hash
Possible soluXon #2
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. informaAon about you…
PrevBlkHash: 0xABC…. BlkTxData: …. informaAon about you…
PrevBlkHash: 0xABC…. BlkTxData: …. nothing to see here …
• “Chameleon hashes” relax collision resistance for specially authorized parAes
• Different block with same hash
• No need to modify subsequent blocks
Possible soluXon #2
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. informaAon about you…
✓
PrevBlkHash: 0xABC…. BlkTxData: …. informaAon about you…
PrevBlkHash: 0xABC…. BlkTxData: …. nothing to see here …
SoluXon #1 vs. SoluXon #2
Encrypt and/or store off-‐chain
Chameleon hashes
Special (trusted?) authorized parAes can edit? NO YES
Special cryptographic technology required? NO YES
Honest ones keep hash and/or encrypted data? YES/MAYBE NO
Guarantee all deleted informaAon about you? NO NO
SoluXon #1 vs. SoluXon #2
Encrypt and/or store off-‐chain
Chameleon hashes
Special (trusted?) authorized parAes can edit? NO YES
Special cryptographic technology required? NO YES
Honest ones keep hash and/or encrypted data? YES/MAYBE NO
Guarantee all deleted informaAon about you? NO NO
• Immutability is a feature (auditability, integrity)
• Effect on subsequent transacAons?
SoluXon #1 vs. SoluXon #2
Encrypt and/or store off-‐chain
Chameleon hashes
Special (trusted?) authorized parAes can edit? NO YES
Special cryptographic technology required? NO YES
Honest ones keep hash and/or encrypted data? YES/MAYBE NO
Guarantee all deleted informaAon about you? NO NO • Limits soluAons • SAfles innovaAon
SoluXon #1 vs. SoluXon #2
Encrypt and/or store off-‐chain
Chameleon hashes
Special (trusted?) authorized parAes can edit? NO YES
Special cryptographic technology required? NO YES
Honest ones keep hash and/or encrypted data? YES/MAYBE NO
Guarantee all deleted informaAon about you? NO NO • Remember: one way funcAons • Honest ones will delete informaAon
SoluXon #1 vs. SoluXon #2
Encrypt and/or store off-‐chain
Chameleon hashes
Special (trusted?) authorized parAes can edit? NO YES
Special cryptographic technology required? NO YES
Honest ones keep hash and/or encrypted data? YES/MAYBE NO
Guarantee all deleted informaAon about you? NO NO
• No soluAon ensures dishonest parAcipants delete data they had!
Regulatory AbstracXon?
• EU RegulaAon 2016/679: General Data ProtecAon RegulaAon (GDPR)
• Recital 66: “erase any links to, or copies or replicaDons”
• Precise interpretaAon of “erase” and “link” directly affect soluAons possible
Precise meaning of “erase”?
• AbstracAon is about observable behavior, not about implementaAon:
• lookup(7d45b8e1, store(7d45b8e1, “information about you”)) = “information about you”
Precise meaning of “erase”?
• AbstracAon is about observable behavior, not about implementaAon:
• lookup(7d45b8e1, erase(7d45b8e1, store(7d45b8e1, “information about you”)))= “not found”
• Data is referred to by its cryptographic hash
• Is hash a “link” that must be “erased”?
Precise meaning of “link”?
7d45b8e1…
informaAon about you
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. 7d45b8e1… …
• Data is referred to by its cryptographic hash
• Is hash a “link” that must be “erased”?
• Or is recording data’s erasure sufficient?
Precise meaning of “link”?
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. 7d45b8e1… …
PrevBlkHash: 0x123…. BlkTxData: …. delete 7d45b8e1…
• Data is referred to by its cryptographic hash
• Is hash a “link” that must be “erased”?
• Or is recording data’s erasure sufficient?
• How to hold cheaters accountable?
Precise meaning of “link”?
PrevBlkHash: 0xDEF…. BlkTxData: ….
PrevBlkHash: 0xABC…. BlkTxData: …. 7d45b8e1… …
PrevBlkHash: 0x123…. BlkTxData: …. delete 7d45b8e1…
Broad excepXons
• GDPR, recital 65: “the further retenDon of the personal data should be lawful where it is necessary, for exercising the right of freedom of expression and informaDon, for compliance with a legal obligaDon, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scienDfic or historical research purposes or staDsDcal purposes, or for the establishment, exercise or defence of legal claims”
Broad excepXons
• GDPR, recital 65: “the further retenDon of the personal data should be lawful where it is necessary, for exercising the right of freedom of expression and informaDon, for compliance with a legal obligaDon, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scienDfic or historical research purposes or staDsDcal purposes, or for the establishment, exercise or defence of legal claims”
• Is storage in immutable blockchain “archiving in public interest”?
• Is the excepXon too broad?
PragmaXc, accountable abstracXon
• “Code is law” great, right up unAl it isn’t • Need to enable accountable human judgment • Can’t encode “in public interest” • Can encode “three of four named organizaAons say it is” or “judge in one of named courts says it is”
Concluding remarks
• Blockchain needs security • Blockchain can enhance security • Virtuous circle: “solve the world’s problems” • AbstracAon: be careful what you ask for • PragmaAc blend of precise rules and accountable human judgment needed
Geneva, Switzerland, 21 March 2017
Thanks! QuesXons?
[email protected] h]ps://www.linkedin.com/in/markmoir
Geneva, Switzerland, 21 March 2017