Looking for nails to hit with my blockchain hammer

A Q&A with Adventium blockchain expert T.D. Smith

1 2 Page 2
Page 2 of 2

I have read about using blockchains for authorization and access controls implemented via the collection of personal and enterprise devices used by a given individual.  I could extend this to devices themselves particularly as they become smarter and mobile.  This seems like a very effective application because it automates the maintenance and control of authorization of devices in multi-device applications – whether personal or enterprise.  Am I missing something?

Passwords are a means of authentication. There are other means of authentication, but blockchain doesn’t help with authentication. Blockchain distributes data and makes it hard to modify existing records, but it doesn’t guarantee that a device on your network is supposed to be there, and it doesn’t give you a new way to provision a new device or grant a new device access. You could store access permissions in a blockchain, but you’d still need a non-blockchain method of provisioning and protecting devices.

Automation is orthogonal to blockchain. A blockchain could store information related to automation, but blockchain itself is a data structure that is agnostic to its application.

SN: I don’t understand.  If machines can talk to each other they could evaluate a request and if consensus is reached, execute a transaction and record it in the ledger – automatically.

TD: Right, but the “magic” in that process is how they evaluate a request.  Blockchain gives you trusted storage of the transaction, but it doesn’t give you a way to determine whether the request is legitimate. Blockchain could be part of automated authentication and authorization, but only as storage.

For example, blockchain could give us a hard-to-modify record of approved MAC addresses, devices IDs, etc., but it doesn’t give us a way to differentiate an authorized device addition from an illicit addition unless the user manually adds information about the new device to the blockchain.

Conclusion

Thanks for these insights, Tyler.  Clearly blockchain is not the security panacea that one may perceive from the hype, but it also has some strong attributes that will be valuable to some IoT applications.  I think we have uncovered five key takeaways:

  • Private blockchains are unlikely to offer economic advantage over existing secure key-based secure databases.
  • Blockchain works in trustless applications, but with the security comes transparency that can limit utility.
  • Blockchain works well for data streams that do not change, e.g. time-based temperature and shock experience of a thing, but developers must remember that the robustness of the distributed ledger comes at the expense of flexibility. 
  • Proof-of-stake is more likely to be the right approach to managing a ledger for IoT due to the cost and complexity of proof-of-work used in cryptocurrencies.
  • Authentication and authorization are not part of blockchain and have to be added and curated to implement a blockchain-based application.  The promise of automated transactions from blockchain will only be realized with the addition of authentication and authorization techniques.

I believe there is still a lot of value to be realized in the application of blockchain.  I look forward to seeing developers leverage these values to improve both the security and robustness of IoT applications with this technology.

This article is published as part of the IDG Contributor Network. Want to Join?

Copyright © 2017 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Get the best of CIO ... delivered. Sign up for our FREE email newsletters!