Looking for nails to hit with my blockchain hammer

A Q&A with Adventium blockchain expert T.D. Smith

1 2 Page 2
Page 2 of 2

Passwords are a means of authentication. There are other means of authentication, but blockchain doesn’t help with authentication. Blockchain distributes data and makes it hard to modify existing records, but it doesn’t guarantee that a device on your network is supposed to be there, and it doesn’t give you a new way to provision a new device or grant a new device access. You could store access permissions in a blockchain, but you’d still need a non-blockchain method of provisioning and protecting devices.

Automation is orthogonal to blockchain. A blockchain could store information related to automation, but blockchain itself is a data structure that is agnostic to its application.

SN: I don’t understand.  If machines can talk to each other they could evaluate a request and if consensus is reached, execute a transaction and record it in the ledger – automatically.

TD: Right, but the “magic” in that process is how they evaluate a request.  Blockchain gives you trusted storage of the transaction, but it doesn’t give you a way to determine whether the request is legitimate. Blockchain could be part of automated authentication and authorization, but only as storage.

For example, blockchain could give us a hard-to-modify record of approved MAC addresses, devices IDs, etc., but it doesn’t give us a way to differentiate an authorized device addition from an illicit addition unless the user manually adds information about the new device to the blockchain.

Conclusion

Thanks for these insights, Tyler.  Clearly blockchain is not the security panacea that one may perceive from the hype, but it also has some strong attributes that will be valuable to some IoT applications.  I think we have uncovered five key takeaways:

  • Private blockchains are unlikely to offer economic advantage over existing secure key-based secure databases.
  • Blockchain works in trustless applications, but with the security comes transparency that can limit utility.
  • Blockchain works well for data streams that do not change, e.g. time-based temperature and shock experience of a thing, but developers must remember that the robustness of the distributed ledger comes at the expense of flexibility. 
  • Proof-of-stake is more likely to be the right approach to managing a ledger for IoT due to the cost and complexity of proof-of-work used in cryptocurrencies.
  • Authentication and authorization are not part of blockchain and have to be added and curated to implement a blockchain-based application.  The promise of automated transactions from blockchain will only be realized with the addition of authentication and authorization techniques.

I believe there is still a lot of value to be realized in the application of blockchain.  I look forward to seeing developers leverage these values to improve both the security and robustness of IoT applications with this technology.

Copyright © 2017 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 secrets of successful remote IT teams