Everyone knows about blockchain; it's the technical foundation of the popular and controversial bitcoin currency....
While bitcoin has popularized the notion of blockchain, it's done nothing to educate IT professionals on its value and uses. Blockchain could revolutionize many things, one of which is mobile and internet of things security. To decide if you could benefit, take a look at the real foundation of blockchain and its strengths and limitations, follow a specific set of steps in establishing a blockchain mobile security strategy and never take your eyes off the notion of community.
Blockchain technology was developed to address a challenge in the world of electronic finance: How do you trust mutual interactions, like bills and payments, when the contents of either could be altered by either party? The traditional approach to this has been the use of a trusted intermediary, a third party who held authoritative copies. Blockchain eliminated the need for this by creating a distributed database or ledger that could be used by all parties and whose authenticity could be verified from the data itself.
Blockchains are, as the name suggests, chained blocks or sets of transactions. The parties to a blockchain sign their own transactions with strong keys, and this assures that every entry is authentic. Two strong hash codes are added to a block, one to provide tamper protection for the block and another to protect what went before. The combination of these hashes makes it impossible for a party to change transactions without having the tampering detected, which would alert other parties.
Blockchain is a revolution
As a virtual clearinghouse for commercial cooperation without mediation, blockchain is a revolution. Any user of blockchain can be assured that that which is on it is legitimate -- it's been said (and is likely true) that bitcoin has never been hacked. Think of blockchain as a ledger, a place where a community of users record their transactions and to which they turn for a trusted record of what has been done.
This probably doesn't sound much like security -- or seem to apply to mobile devices – but, in fact, blockchains are a way of creating collaboration and cooperation without the awkward and often intrusive presence of a third party. If verification/authentication is a key to trust, then blockchain addresses the issue. What's security except living in a world short on trust? It's actually fairly easy to see how the notion of auto-verified collaboration could help mobile security a lot but also to recognize its limitations. Authenticity is critical to a mobile security strategy in many ways, but it's not a universal or total answer to mobile security problems.
Mobile blockchains are likely to start in a registration blockchain that would register a device at the time of sale or even at build time. Mobile devices already have unique IDs that would facilitate this. The registry could then track changes in device ownership and also the uses or applications for which the device was authorized. The same ID could register with social media, vendors, banks and financial institutions -- even geographic subregistries.
Blockchain can also validate the source of mobile apps and mobile updates and even ensure that the correct version of mobile front-end software is used in the cloud or data center to process mobile transactions. What it can't do is protect the device from exploit-based malware that enters through a validated app like a browser or, in fact, even prevent the device user from loading apps and making changes that go around the blockchain-based protections. In short, blockchain is an important piece of a mobile security ecosystem but a piece that has to be designed into and developed properly for that ecosystem. Today, for mobile security more so than for many blockchain target application areas, users will have to do some work of their own to build that ecosystem.
Using blockchain for mobile security
How do you adopt blockchain in a mobile security strategy? First, identify elements of your mobile applications that are community-based. You don't need blockchain where you are the only party to the activity, so you want to find elements where there are other players and where those players can be incented to cooperate with you. Authenticating the contribution of the players is what blockchain is good at, and the more players there are, the more authentic and fail-safe the blockchain is.
The second step is to frame the specific transactions that blockchain will authenticate. Most blockchain applications do one of two things: mediate the ownership of value of a shared resource (bitcoin does this) or record all sides of a multiparty transaction, like a bill/payment or quote/bid. Applications that work either way work well with blockchain.
Don't forget community
Step three is to look for a community platform. If blockchain is about communities, then the best mobile security strategy for blockchain is likely driven by a community. Vendors are already presenting community proofs of concept in mobile and internet of things security; IBM and Samsung have their Adept concept, or Autonomous Decentralized Peer-to-Peer Telemetry, for building an IoT network. It could apply to mobile devices as well.
Step four is to strongly consider a blockchain-as-a-service model if you proceed on your own. In theory, you could deploy a single blockchain across multiple IT/software platforms, cloud providers, etc. In practice, it will be a lot easier to start with a common platform for your community. That's one reason blockchain as a service is a good thing to consider.
Through all your mobile security strategy planning for blockchain, never forget the central notion of community. It's ironic that while blockchain's value and security actually grow with the number of members in a blockchain, the difficulties in planning blockchains grow as well.
It's also important to remember that blockchain records promises but doesn't enforce them. It can, via digital signatures, identify parties or elements. It can, via hashes, prevent tampering with records. At the end of the day, though, it often creates little more than a self-authenticating audit trail of activity. You'll have to work that into a mobile security strategy to make blockchain useful.
Blockchain: Going beyond finance
World moving toward blockchain-based economy
A look at blockchain and the IoT