STANDARDS NOW
Blockchain Standards for Compliance and Trust
Blockchain methods are emerging as practical tools for validation, record-keeping, and access control in addition to their early applications in cryptocurrency. This column explores the options for use of blockchains to enhance security, trust, and compliance in a variety of industry settings and explores the current state of blockchain standards.
ryptocurrency applications of distributed ledger methods such as blockchains are now well estab- Ashiq Anjum lished, but their implications for more general topics University of Derby are just beginning to be appreciated. Beyond appli- Manu Sporny cations in finance and banking, new applications are emerg- Digital Bazaar ing in supply chain management, manufacturing, agricultural product tracking, advertising verification, Internet of Things, Alan Sill healthcare, and the pharmaceutical industry, among others. Texas Tech University
This column will explore Distributed Trust current and open topics for The idea of a completely stand-alone, autonomous, trust, verification, compliance, self-contained, self-validating application that does and security in distributed environments with a spe- not depend on either immediate or eventual net- cific focus on the current status of standards efforts work communication is becoming nearly unthink- related to blockchain technologies. able. In the past, keeping something secure usually depended on providing it with isolated defenses, such as placing it in a physical safe or otherwise iso- lating it from external access. This approach is still a component of some forms of electronic security, such as offline hardware cryptographic modules for certificate authorities, but blockchain methods depend, in contrast, on the idea of independent EDITOR open verification rather than isolated operation. ALAN SILL Distributed methods carry the advantage of being Texas Tech University useful in multiple, physically separated settings, but [email protected] require the existence of methods to determine that a given transaction is complete. Blockchains have
2 IEEE CLOUD COMPUTING PUBLISHED BY THE IEEE COMPUTER SOCIETY 2325-6095/17/$33.00 © 2017 IEEE become popular precisely because they is that, just like the web itself, this rep- physical human- or machine-readable provide noncentralized, independently resents the applicability of blockchain labels, such as bar codes or RFID tags. verifiable capabilities to ensure the integ- techniques to solve problems in a way Furthermore, such physical labels do not rity and consistency of distributed ledgers that adds to, rather than replaces, exist- themselves permit recording of associ- and the associated transactions. ing business, scientific, record-keeping, ated data, such as temperature or shock and audit trail logging use cases.2 protection handling records during ship- Key Success Factors To make a true leap to a status that ment. Blockchain methods can be added One factor that drives the interest in dis- could in fact be revolutionary, interna- readily to verify the association of such tributed ledger-based methods is the ease tional standards will have to be devel- records with food or parts during ship- with which they can be added to existing oped simultaneously across a wide range ment at extremely low costs once the basic workflows and data processing lifecycles. of needs, as outlined in these tables; or distributed ledger methods are in place. This consideration may be more impor- alternatively, developed in a way that will Advertising verification is another tant, in the long run, than the current allow their characteristics to be mixed area in which adding trust and compli- emphasis on inventing entirely new busi- and matched seamlessly depending on ance to existing business models can ness models based on such methods. the application area. Much work is going enhance value. In addition to the direct Key success factors, in this view, for on in pursuit of such approaches. use case of allowing billing verifica- the use of distributed ledger technolo- tion through shared ledgers, blockchain gies basically boil down to whether the Compliance Using Blockchains methods can also be applied directly introduction of such methods will solve Consider the example of providing during generation of the advertising particular problems without requiring RFID tags to parts to enable tracking impressions to ensure their authenticity the addition of entirely new business them through a supply chain. While it and uniqueness. In this way, fake views, models and can be incorporated into is easy to register unique tags to each spoofed domains, and other mecha- existing processes. part, even for items produced at large nisms for advertising fraud can be volumes, nothing prevents a given reg- avoided.4 The adChain Registry (https:// Blockchain Types and istry tag from being assigned to more adtoken.com/uploads/white-paper.pdf) Performance Characteristics than one such part, or the introduction provides an example of a decentrally- By now, many different blockchain ap- of other tags that either intentionally or owned domain whitelist being launched proaches have been documented, and an accidentally duplicate such information. as a collaboration of industry groups. increasing number of them are beginning Some might argue that distrib- The adChain Registry is a smart con- to receive significant use. Figure 1 docu- uted ledgers can entirely replace physi- tract on the Ethereum blockchain ments different blockchain approaches cal tags and labels, but we believe that which stores domain names accredited and how capable they are at achieving tra- there is an overlap between these tech- as nonfraudulent by participants. ditional information security principles.1 nologies. There are definitely situations Not all of these perform in the same in which human- or machine-readable Blockchains for Recordkeeping way on a given usage pattern. Some are labels are valuable, or even essential. Since many applications of block- more suited to particular types of oper- With the addition of a digital signature chain technology beyond cryptocur- ation than others. Figure 2 highlights and incorporation of that signature into rency relate strongly to recordkeeping, some of the primary performance char- a blockchain, such tags can be checked existing standards on information and acteristics of several different types of easily with respect to their authenticity records management are applicable blockchains.1 and uniqueness. Counterfeit parts can and provide a good basis for extrapo- Beyond the generally-applicable be excluded, and accidental duplica- lation. A good review of this aspect of types of blockchains explored in these tions eliminated, through this method. blockchain applications is contained in figures, an increasingly wide range of Such approaches can also be applied the article by Lemieux, which summa- specialized distributed ledger technolo- to any sort of record management to rizes previous applicable recordkeep- gies has emerged focused on specialized ensure tamper resistance and authen- ing standards and also points out some fields of application. Although some ticity of business records.3 limitations inherent in overdependence have argued that this represents a foun- Some transactions, however, are too on distributed ledger technologies for dational shift in technology, our belief small or otherwise unsuited to affixing record-keeping.5
JULY/AUGUST 2017 IEEE CLOUD COMPUTING 3 STANDARDS NOW
Many Di erent Types of Blockchains
Principle Bitcoin Ethereum Stellar IPFS Blockstack Hashgraph
Confidentiality None None None Hash-based None None content addresses
Information Block Block Ledger Graph and Block Hashgraph/ availability mirroring mirroring mirroring file mirroring mirroring/ mirroring; DHT Optional mirroring Event History
Intergrity Multiple Multiple Latest Hash-based Multiple Consensus block block block content block with verifications verifications verification addressing verifications probability one
Non Digital Digital Digital Digital Digital Digital repudiation signatures signatures signatures signatures signatures signatures
Provenance Transaction Ethereum Digitaly Digital Transaction Hashgraph/ inputs/outputs state signed ledger signatures inputs & mirroring; machine and transition and outputs and Optional transition instructions versioning virtual chain Event History functions references
Pseudonymity Public keys Public keys Public keys Public keys Public keys, Not and contract but public supported; addresses information could be encouraged layered
Selective None None None None Selective Not disclosure access to supported; encrypted could be storage layered
FIGURE 1. Blockchain information security principle analysis.
It is worth remembering that most Current State of Standards Conditions under which standards can ledgers function by storing and crypto- Applications of blockchain methods be expected to contribute usefully to graphically signing hashes associated are growing rapidly due to the consid- developing areas of technology can be with information and transactions, and erations just mentioned. As with any characterized and quantified.6 Strong do not necessarily contain the primary rapidly developing field, there has been bidirectional feedback and communica- information being recorded. While a chorus of calls for standardization of tion between application user commu- there are ledger standards under devel- associated terminology and technologies nities and the organizations developing opment to store information directly to optimize interoperability and useful- the standards are also crucial.7 in the blockchain, such as the Web ness of these methods. Items that could be targets for further Ledger Protocol (https://w3c.github.io The decision to pursue develop- standardization include the following:8 /web-ledger/), many existing blockchains ment of standards depends strongly require additional layers and long-term on whether they will simplify the field • Basic data models for Blockchain repositories to allow blockchain signing by producing an overlap among mul- (Blocks, Events, and State Machine) to function efficiently as part of record- tiple suppliers, particularly in a way • Consensus algorithms (Proof of keeping systems. that promotes creation of markets. Work, Stellar Consensus, Hashgraph)
4 IEEE CLOUD COMPUTING WWW.COMPUTER.ORG/CLOUDCOMPUTING er orm ce h r cter st cs o oc ch s