The Security of Distributed Ledger Technologies Under Scrutiny
2018-10-09 Andreas Schaad
On the 20th and 21st of September, the new "Secure Distributed Ledger and Contracts" Research Center was inaugurated by Prof. Sadeghi at the University of Darmstadt, Germany.
In his role as external research advisor to WIBU-SYSTEMS AG, Prof. Dr. Andreas Schaad represented Wibu-Systems among the 190 participants at this invitation only event.
With over 60% industry participation, this event targeted the core question about current business models using distributed ledger technologies (DLTs) as well as how to improve on the security of DLTs.
After the opening of the event by the Hessian state secretary Burghardt, talks were given by representatives from the German Federal Reserve Bank, the German BSI and Daimler Trucks on the current readiness level of DLTs. Overall, the perception was that there is still a long way to go. The German BSI pointed out that DLTs may violate current EU Data Regulation Policies by publicly storing data in an immutable fashion.
Prof. Asokan (Aalto University), Prof. Capkun (ETH Zurich) and Michael Steiner (Intel Labs) provided talks on hardware-assisted trust (Trusted Execution Environments - TEEs) to enhance DLTs. For example, SGX could be used to replace the current proof-of-work solving hash puzzles with a proof-of-elapsed time. Another practical example would be to use a TEE to address the problem of compromised wallets.
Representatives from Commerzbank and Bosch provided examples of current proof of concepts. Not surprisingly, these are still dominated by supporting scenarios from the banking domain (e.g. a real trading system based on the CORDA framework) as well as how to share identity management data between participants (e.g. based on Sovrin Technology, Verimi or Hyperledger Indy). In particular, Bosch addressed the economy of things (initially coined by IBM) and how DLTs could address the problem of platform monopolies by means of competition. One presented project was how CERTIFICAR uses Blockchain technology to store mileage data as well as other projects in the autonomous vehicle R&D space. However, overall there is a feeling that current DLTs are not ready yet to be used to build systems that have to remain stable for a an extended period.
The European Space Agency investigates using DTLs for securing the procurement and supply chain process as well as document management. More importantly, the question addresses how science data gathered from space crafts can be distributed in a controlled, transparent and ultimately public process. On a more futuristic scale, ESA is investigating with TU Darmstadt on using DTLs for advanced satellite communication protocols (e.g. to verify identities) - still keeping in mind the current practical limitations (i.e. CPU and memory consumption).
Another highlight was the talk by Michele Mosca (University of Waterloo / evolutionQ Inc.) on quantum attacks on blockchains - essentially pointing out that we need a next generation of quantum-safe algorithms as soon as possible as we may see the first real practical quantum computers to attack standard RSA as soon as 10 years (with a 1 in 6 chance of this prediction).
Stefan Teis from Brainbot Technologies AG talked about how to practically implement Blockchain technology and integrate it with the physical world (e.g. by means of collateralized tokens). A specific focus was put on Hyperledger Fabric as a private / consortium Blockchain as well as comparison with other frameworks such as Ethereum.
Final talks were provided by speakers from the Stuttgart Stock exchange and European Central Bank, who, for example, pointed out that with DLTs a stock exchange could focus again on its core expertise: that of an exchange. Banks in the future could act as quality gates, but overall this implies that the current players change their business models.
What should these talks, opinions and observations imply for the adoption of DLTs at Wibu-Systems? Overall, with its proven and trusted CodeMeter technology, Wibu-Systems could provide the missing link between interaction of DLTs with the physical world. This is a problem for which, so far, no adequate solution appears to be available:
How are events and data from a distributed ledger pushed to and reliably executed by a physical actor (machine)?
How is physically observed data pushed into a distributed ledger while maintaining its integrity?
These are some of the questions being addressed by Wibu-Systems and Prof. Schaad in a joint R&D engagement.
Professor of IT Security and Corporate Technology Member at Wibu-Systems
Andreas Schaad is a Professor of IT Security at the University of Applied Sciences Offenburg. Before that he worked at Wibu-Systems AG Corporate Technology, as well as in various technical and managerial IT Security roles for Ernst & Young, SAP Research Security & Trust and HUAWEI Security Research. He holds 13 international patents and authored over 50 publications in the domain of IT Security.