Learning from Internet History

When the inventors of the Internet implemented their ideas for communication they weren’t thinking about security. Indeed at that time there was little justification for thinking about security and no one could ever have predicted the profound impact and trillion dollar industries that have been built based on their invention. 

The reality is that there has been little fundamental cryptographic innovation in security over the last 40 years. Public Key Infrastructure (PKI) still remains the only tool in the cryptographic toolshed for authenticating data, but the model is based on centralized trust authorities which are in direct opposition to distributed open systems such as the Internet. 

PKI was invented so that two parties can share a secret across an insecure channel–and for that purpose it has been a massive success, as implemented in protocols such as TLS. For everything else and especially for authentication of data, the complexities and cost of key management make it impossible to scale.

The reality is that for the Industrial Internet System Integrity  is much more important than confidentiality. Let’s consider some examples.

Integrity Breach

Confidentiality Breach

Your Car

Your braking system stops working.

Your braking patterns are exposed.

Your Flight

Your plane’s instruments report that you are 1,000 feet lower than you actually are

Your flight plan is posted on the Internet. (note: it already is)

Your Power Station

Critical systems compromised leading to shutdown  or catastrophic failure

Your electricity bill is published online.

Your Pacemaker

Shutdown and death

Your heartbeat becomes public knowledge.

Your Home

Your security system is remotely disabled

The contents of your fridge are “leaked”. You drink how much beer? 

Enter the Blockchain

One of the most significant trends over the last few years, (spearheaded by Bitcoin) has been the move away from centralized trust authorities to decentralized "consensus" trust models where assertions about what is and what is not true can be verified independently using a public ledger built using consensus based decision making.

Keyless Signature Infrastructure (KSI) is an example of a blockchain technology optimized for the Industrial Internet–trusted parties are eliminated for verifying the integrity and provenance of both infrastructure components and data generated from that infrastructure. If we think of the Industrial Internet as a giant logistics platform for data, then we can think of a transaction as a transport or processing of data. Data is generated from sensors (network), processed (compute) and kept for reuse at a later date (storage).

Imagine if the Blockchain contained every data transaction-every transport, compute and storage of data, i.e. every step in the data supply chain. 

The truth would be inside the block chain, which can be used to verify the status of infrastructure and provide complete chain of custody for all data that was generated and transmitted through that infrastructure. Everyone can independently verify the status of that infrastructure and any change would indicate a breach, which can be acted upon in real- time. 

It is security based on different assumptions;   assumptions that provide a level of empirical verifiability that has not been possible to date. Subsequently, with this real- time awareness, incident response, data-loss prevention, investigation, and/or network resilience it is now possible to detect and react to any misconfiguration, network and/or component/application failure.

Implementing the Blockchain

A Blockchain security system for the Industrial Internet would give complete traceability, accountability and transparency, organizations that are either using or administrating the Industrial Internet can be held responsible for their actions. Regulators get to audit all processes and everyone involved can verify what happened after the fact—and act in real time when things go wrong.

Of course a reasonable question to ask would be whether such a system could be built in reality. Billions of data transactions every second that would need to be entered into the blockchain and distributed out to the edge. The implied network, storage and compute requirements would make it impossible to scale–but these are precisely the challenges KSI was invented to solve.

Now here's a thought.  Imagine if that blockchain wasn't just for one industrial network, but for all networks, and all data; every transport, compute and storage of data across all networks in the world. Imagine what such as a system would imply for accountability and transparency for global society. It would transform our society from one that is trust based to one that is truth based, i.e. humans can choose to trust each other, but they can also verify; they can prove what happened without trusting anyone.

Published in CIOReview: IoT Technology magazine.