Upload
mike-c
View
147
Download
1
Embed Size (px)
Citation preview
© 2016 IBM Corporation
Blockchain for Identity ManagementPart 2 (of 3)
Mike Chung | Associate Partner IBM Security
November 2016 Seoul
2© 2016 IBM Corporation
Items
§ What is blockchain? Part 1
– Blockchain explained in layman’s terms
§ How can we use blockchain? Part 2 Use case A; Part 3 Use case B
– Potential applications in Identity Management
§ Whom to watch? Part 3
– Initiatives and developments
4© 2016 IBM Corporation
Valuable characteristics
§ No SPF
§ Data integrity
§ ID data ownership
§ Large ID repositories
§ Identity fraud; unmatching ID data
§ Dependency on large organizations
5© 2016 IBM Corporation
Clash of principles
§ Pseudo(-ano)nimity
§ Transactions matter, not your identity
§ Multiple identities allowed
§ Proof of (physical) identity
§ Identity matters, not transactions
§ One single identities allowed
7© 2016 IBM Corporation
Identity federated
Service AIDP
Service B
Service C
Service A
Service B
Service C
UID A
UID B
UID C
UID A
8© 2016 IBM Corporation
Identity on blockchain
Service A
Service B
Service C
Service A
Service B
Service C
UID A
UID B
UID C
BC UID
9© 2016 IBM Corporation
Identity on blockchain: layers
E.g. Bitcoin Blockchain
Digital assets protocol layer
Blockchain interface (thin client)/gateway layer
Registar: Service Provider
10© 2016 IBM Corporation
Identity on blockchain: validation by the blockchain
E.g. Bitcoin Blockchain
Digital assets protocol layer
Validation of transaction
Blockchain interface/gateway layer
Use-cases
Registar: Service Provider
11© 2016 IBM Corporation
Identity on blockchain: coloring of Bitcoins
E.g. Bitcoin Blockchain
Digital assets protocol layer
Validation of transaction
Using Bitcoin to represent digital
assets (e.g. identity)
Blockchain interface/gateway layer
Use-cases
Registar: Service Provider
12© 2016 IBM Corporation
Identity on blockchain: identity services
E.g. Bitcoin Blockchain
Digital assets protocol layer
Validation of transaction
Using Bitcoin to represent digital
assets (e.g. identity)
Blockchain interface/gateway layer Providing digital identity services
Use-cases
Registar: Service Provider
14© 2016 IBM Corporation
Potential advantages
§ Many CAs need to be trusted
§ Certificates are rarely for free
§ Difficult to manage & maintain
§ No single/centralized point of failure
§ Low cost; low remittance
§ Public key in the blockchain
16© 2016 IBM Corporation
The story of Namecoin
§ First fork of the bitcoin blockchain
§ Top level domain, censorship-resistant and independent of ICANN: .bit
§ Mainly misused for domain squatting and trivial use
17© 2016 IBM Corporation
Client certificates: mutual SSL authentication
Exchange of authentication data
Trust Trust
18© 2016 IBM Corporation
Client certificates: in the majority of current cases
Trust Trust
Exchange of authentication data
Dependency
19© 2016 IBM Corporation
Client certificates: in the majority of current cases
Trust Trust
Exchange of authentication data
DependencyCumbersome
SPF
20© 2016 IBM Corporation
Client certificates: on the blockchain
Exchange of authentication data
Trust Trust
Check
21© 2016 IBM Corporation
1
Client certificates: steps
Blockchain service providerRegister
2
Download software
Certificate generation software
22© 2016 IBM Corporation
1
Client certificates: steps
Blockchain service providerRegister
2
Download software
3 Certificate generationCertificate generation software
23© 2016 IBM Corporation
1
Client certificates: steps
Blockchain service providerRegister
2
Download software
3 Certificate generation
4Certificate (public part) publication in the blockchain X
24© 2016 IBM Corporation
1
Client certificates: steps
Browser
Blockchain service providerRegister
2
Download software
3 Certificate generation
4Certificate (public part) publication in the blockchain X
5Certificate upload to your browser
27© 2016 IBM Corporation
Client certificates blockchain considerations
§ Additional “dependency” component, namely the blockchain
– As it stands, only for specific blockchain(s)
– Only when the service is enabled for that blockchain (< 5%)
§ Identities are not verified by an independent third party; only applicable in cases where aliases are accepted
§ What is the definite improvement over already existing solutions (password managers, free SSL certificate services)?
28© 2016 IBM Corporation
Contact details
Drs. Mike Chung RE CISSP
Associate Partner IBM Security
+31 6 2565 7593 (the Netherlands)
+82 10 3521 7754 (South Korea)