Robin Gaal
Robin Gaal
June 20, 2016

Blockchain, the next authentication provider?

We all heard about the bitcoin, a cryptocurrency which enables people to anonymously perform secure payments. In the heart of the bitcoin is the blockchain; a decentralized database which records all transactions since the beginning of the bitcoin.

Scroll down

The integrity of it is continuously being verified by the entire network as opposed to a central entity such as a bank or government. This way, users don’t have to trust a central entity but security is guaranteed by the strength and computing power of the entire network participating in the blockchain.

Users who want to participate create a bitcoin wallet which allows them to send and receive money in the bitcoin network. This wallet is basically just a public – private key pair which we also might know as used in Transport Layer Security (TLS). In order to pay someone a certain amount of bitcoin you broadcast a transaction over the entire network and sign it with your private key. The network will validate the transaction and after that will start to add the transaction to the blockchain. When this transaction has been included in it you can (basically) regard it as completed.

This blockchain technology can be used for lots of other exciting things. Think about the elections for example. A vote can be seen as a transaction in which you give your vote to a recipient candidate. Voters can validate the blockchain themselves and see for themselves their vote has been counted and the results are not tampered with.

An interesting aspect is that the blockchain can be used as an authentication provider. Imagine you can authenticate yourself at government services, banks, airports and other services with only one identity using blockchain technology. Using their key-pair, users register their identity on the blockchain. This registered identity is a piece of information that contains hashes of several identity related attributes. For example their name, governance registration number, finger print or other biometric information. After that such a user can go to a recognized party, which verify the hashes earlier registered on the blockchain and let the recognizing party “sponsor” that piece of information as the truth on the blockchain. Other parties which trust the particular recognizing party can now trust the identity on the blockchain and use it as an authentication or identification mechanism. This scenario includes a challenge as it still requires a trust between different parties (the sponsors and parties that recognize them as a trusted sponsor) which still isn’t ideal. It is however a nice idea and a good start.

Another challenge in the concept above is that the blockchain requires lots of different (independent) participants in calculating the blockchain to make sure it is trustworthy and independent of controlling organizations. In the bitcoin case, participating in these calculations is rewarded by paying these participants a small amount of bitcoin for delivering the next block in the chain. How this can be motivated in a blockchain which solely exist for authentication services is still a topic to think about.

Last but not least there is the part where users could lose their identity. This can happen if for example they lose their phone, secure flash drive or other data carrier on which the private key portion of the identity is installed. Or even worse; got it stolen and with that the digital identity. In case of losing my credit card I can call the bank. In case of a decentralized authentication provider based on blockchain technology there is no central entity controlling the identities where I can request a new identity and have my old one marked as stolen or lost in the blockchain.

If previous mentioned challenges can be tackled the blockchain might be the next big thing in the world of access control. One digital identity which can be used by all services around the world trusting the power and strength of the blockchain.

About the authors
  • Robin Gaal

    Robin Gaal is senior consultant at Traxion, provider of Identity Centric Security Services. Swiss IT Security Group.

Confidental Infomation