Proving one’s identity today is an expensive process. Each identity document validation takes a lot of time and is built around lowtech, paperwork processes. We would all like to get more use out of these expensively-validated documents.
In one promising example of just that, Estonian banks have realized that account access can be given through national IDs and bank cards. The rise of multi-use IDs could in turn drive consolidation toward a few competitive global systems.
Using ledgers that never lose data could also alter the way society views identity, privacy and security. Behaviors will change, and societal conventions will alter as a result. When our identities are forever etched in immutable stone, we may act more responsibly.
Public Key Infrastructure (PKI) is a popular form of public key cryptography that secures emails, messaging apps, websites and other forms of communication. However, because most implementations of PKI rely on centralized, trusted third-party Certificate Authorities (CA) to issue, revoke and store key pairs for every participant, hackers can compromise them to spoof user identities and crack encrypted communications.
CertCoin is one of the first implementations of a blockchain-based PKI. The project, developed at MIT, removes central authorities altogether and uses the blockchain as a distributed ledger of domains and its associated public keys. CertCoin provides a public and auditable PKI that also doesn’t have a single point of failure.
The blockchain alternative to document signing replaces secrets with transparency, distributing evidence across many blockchain nodes and making it practically impossible to manipulate data without being caught. With data on a blockchain-based distributed ledger, everything becomes or can become general knowledge.
Keyless Signature Structure (KSI), a blockchain project led by data security startup GuardTime, is one entity that aims to replace key-based data authentication. KSI stores hashes of original data and files on the blockchain and verifies other copies by running hashing algorithms and comparing the results with what is stored on the blockchain. Any manipulation of the data will be quickly discovered because the original hash exists on millions of nodes.
KSI is already being considered by organizations such as the Defense Advanced Research Projects Agency (DARPA) to protect sensitive military data and by the Estonian eHealth Foundation to secure over one million health records.
As it relates to healthcare, blockchain company Gem is using the technology to provide data transparency, change-auditing and fine-grained access control to health records. This is especially important as healthcare providers handle reams of sensitive data and have been victims of huge data breaches. Blockchain technology would help in verifying the integrity of patient data shared across different organizations, create immutable audit trails for data governing health care business processes and maintain the integrity of data collected in clinical health trials.
Protecting Centralized Infrastructure
A transparent, distributed Domain Name Server (DNS), where domain records are under their owner’s control, will eventually make it virtually impossible for any single entity, including governments, to manipulate entries at their whim. A massive DDoS attack in October made it abundantly clear how simple it is for hackers to target critical services and cut off access to Netflix, Twitter and PayPal for hours.
A blockchain approach to storing DNS entries could improve security by removing a single target that can compromise an entire system’s infrastructure.
Nebulis uses the Ethereum blockchain and the Interplanetary File System (IPFS), a distributed alternative to HTTP’s centralized structure, to make its DNS infrastructure immune to DDoS attacks. The aspiration behind the project is one of doing away with redundancies in traditional DNS and improving the pressure of the physical internet.
The team has finished the first draft of the Nebulis directory. It plans to launch the first iteration of the directory soon.