blockchain for identity management ibm part 2 of 3

© 2016 IBM Corporation

Blockchain for Identity ManagementPart 2 (of 3)

Mike Chung | Associate Partner IBM Security

November 2016 Seoul

2© 2016 IBM Corporation

Items

§ What is blockchain? Part 1

– Blockchain explained in layman’s terms

§ How can we use blockchain? Part 2 Use case A; Part 3 Use case B

– Potential applications in Identity Management

§ Whom to watch? Part 3

– Initiatives and developments


How can we use blockchain for identity management?


Valuable characteristics

§ No SPF

§ Data integrity

§ ID data ownership

§ Large ID repositories

§ Identity fraud; unmatching ID data

§ Dependency on large organizations


Clash of principles

§ Pseudo(-ano)nimity

§ Transactions matter, not your identity

§ Multiple identities allowed

§ Proof of (physical) identity

§ Identity matters, not transactions

§ One single identities allowed


Identity: “legacy”

Service A

Service B

Service C

UID A

UID B

UID C


Identity federated

Service AIDP

Service B

Service C

Service A

Service B

Service C

UID A

UID B

UID C

UID A


Identity on blockchain

Service A

Service B

Service C

Service A

Service B

Service C

UID A

UID B

UID C

BC UID


Identity on blockchain: layers

E.g. Bitcoin Blockchain

Digital assets protocol layer

Blockchain interface (thin client)/gateway layer

Registar: Service Provider


Identity on blockchain: validation by the blockchain



Validation of transaction

Blockchain interface/gateway layer

Use-cases



Identity on blockchain: coloring of Bitcoins




Using Bitcoin to represent digital

assets (e.g. identity)

Blockchain interface/gateway layer

Use-cases



Identity on blockchain: identity services




Using Bitcoin to represent digital

assets (e.g. identity)

Blockchain interface/gateway layer Providing digital identity services

Use-cases



Use case A: client certificates on blockchain


Potential advantages

§ Many CAs need to be trusted

§ Certificates are rarely for free

§ Difficult to manage & maintain

§ No single/centralized point of failure

§ Low cost; low remittance

§ Public key in the blockchain


Challenging the Zooko’s Triangle

Human-readable

Secure Decentralized


The story of Namecoin

§ First fork of the bitcoin blockchain

§ Top level domain, censorship-resistant and independent of ICANN: .bit

§ Mainly misused for domain squatting and trivial use


Client certificates: mutual SSL authentication

Exchange of authentication data

Trust Trust


Client certificates: in the majority of current cases

Trust Trust


Dependency


Client certificates: in the majority of current cases

Trust Trust


DependencyCumbersome

SPF


Client certificates: on the blockchain


Trust Trust

Check


1

Client certificates: steps

Blockchain service providerRegister

2

Download software

Certificate generation software


1



2

Download software

3 Certificate generationCertificate generation software


1



2

Download software

3 Certificate generation

4Certificate (public part) publication in the blockchain X


1


Browser


2

Download software

3 Certificate generation

4Certificate (public part) publication in the blockchain X

5Certificate upload to your browser


Client certificates: easy and secure

Check

“Perpetual” login


Client certificates: ..if supported

Blockchain X enabled


Client certificates blockchain considerations

§ Additional “dependency” component, namely the blockchain

– As it stands, only for specific blockchain(s)

– Only when the service is enabled for that blockchain (< 5%)

§ Identities are not verified by an independent third party; only applicable in cases where aliases are accepted

§ What is the definite improvement over already existing solutions (password managers, free SSL certificate services)?


Contact details

Drs. Mike Chung RE CISSP

Associate Partner IBM Security

[email protected]

+31 6 2565 7593 (the Netherlands)

+82 10 3521 7754 (South Korea)

blockchain for identity management ibm part 2 of 3

Technology