Recent news highlights multiple countries attempting to create systems of invisible border controls to ease the passage of people and goods faster across international borders. The news reports reference many uses of blockchain to implement security for this purpose.
However, b lockchain should not be treated as a silver bullet for this or any other security issue; on the contrary, it should be the last step of a series of security controls in every business use-case.
Placing excessive confidence in one specific technology to address complex security issues would be misguided. While distributed ledger technology (DLT) does enable multiparty trust, digital signatures offered equivalent security 25 years ago when implemented appropriately and securely. However, that powerful technology remains sidelined today, despite the overwhelming and expensive adoption by banks, enterprises and government agencies in the mid-‘90s. Companies and governments would be well advised to eliminate far more significant risks in their infrastructure before investing in DLT.
Failure to implement basic, well-known security standards is illustrated perfectly in the 2016 Bangladesh Central Bank robbery. The SWIFT network did not use, or enforce, strong authentication for user logins for interbank transfers across countries when public key infrastructure (PKI) has been around since 1996. Additionally, SWIFT neither required non-repudiable digital signature authorizations for international wire transfers, nor from at least two authorized users for transfers exceeding $1 million.
Similarly, the Federal Reserve Bank at New York City also failed in enforcing strong authentication and authorization controls for international wire-transfers on its depository accounts from SWIFT, and in not requiring a verification transaction (based on a non-repudiable digital signature) from an authorized signatory at its customer for transactions exceeding a certain amount.
In other words, blockchain would not have prevented this heist.
Countries attempting to implement invisible border controls for the 21st century need to build a strong foundation of basic security controls before jumping into blockchain. To begin with, they should eliminate all forms of “shared secret” authentication for human users: passwords, one-time pins, short message service codes and knowledge-based authentication. These forms of authenticating a human through a secret shared by the human and the computer — a technology invented more than 50 years ago — represents the single largest vulnerability in systems today.
Authentication based on public-key cryptography has been the most advanced form of authentication for two decades and is resurging with simpler, stronger authentication through the FIDO Alliance, a nonprofit standards group. FIDO is an acronym for “Fast Identity Online,” and the Alliance’s goal is to eliminate passwords from the internet through the use of cryptographic protocols. These protocols include Universal 2nd Factor, Universal Authentication Framework for mobile apps and FIDO2, which incorporates the Web Authentication application programming interface standardized by the World Wide Web Consortium. FIDO2 is capable of working on all types of platforms: desktops, laptops, mobile devices, etc.
In implementing invisible border control, countries are considering using biometric data such as facial scans for “enhanced licenses” that would verify the identity of delivery drivers at border crossings. W hile biometrics certainly appear to make the user’s authentication experience easier, it doesn’t necessarily make it more secure. Without an appropriate implementation that preserves the user’s biometric information on local authentication devices (as opposed to network servers), the theft of such data is irreparable — not to mention that these might now violate multiple privacy laws in many nations. The use of biometric technology combined with a FIDO protocol for strong authentication, in which the biometric data remains on the user’s local device rather than being sent to the border patrol website, is a much more secure option that is designed to protect the user’s privacy.
A second point for stronger security: implementers of border control security should encrypt sensitive data within the application to ensure confidentiality — to minimize the risk of data-breaches, this is the only layer of technology within a computer that should be permitted to encrypt and decrypt sensitive information. The encryption should be supplemented by secure key-management techniques using dedicated cryptographic hardware such as the Trusted Platform Module — a low-cost, high-security chip designed over a decade ago. Lack of such basic security led to breaches at thousands of companies over the last 15 years, including the U.S. Office of Personnel Management, Uber and Marriott.
Finally, given that completely new systems are being created to support invisible boundaries, it would be wise to add integrity controls to transactions through the use of digital signatures. Not only are such transactions independently verifiable without the use of blockchain, but subtle, yet sophisticated attacks are possible when such security is not in place. Transactions may be modified before they get on a blockchain, leading the DLT to falsely assert the modified transaction as being true — thus reaffirming the age-old principle of computing: garbage in, garbage out.
Only when these foundational security elements are in place should blockchain be considered. Blockchain’s main technical capability is in preserving an immutable record of transactions within a “ledger” of sequential transactions that can be viewed across ecosystems by many participants. As a consequence, the primary business benefit it delivers is “transaction transparency” and faster settlement of multiparty transactions. To confuse this benefit with the foundational security benefits of strong-authentication, data confidentiality and data integrity is to put the cart before the horse.
It is strongly recommended that countries implementing invisible border controls focus on the foundational security controls before leveraging blockchain; without these controls, companies and governments are setting themselves up for yet another multi-billion-dollar disappointment similar to the hyper-inflated expectations of PKI two decades ago.
Arshad Noor is the chief technology officer at StrongKey, a company focused on securing data through strong authentication, encryption, digital signatures and key management. Noor also reprensents StrongKey at the FIDO Alliance.