Distributed ledger technology brings risks with opportunities
It has taken little more than a decade for the concept of the distributed ledger to move from an intellectual curiosity to the underpinning for a broad range of applications. Though digital currencies such as Bitcoin have received most of the attention, distributed ledgers have demonstrated the potential to support a host of novel applications and overcome some of the highest barriers that prevent businesses from collaborating in profitable ways.
Distributed ledger technology provides the ability to distribute and process any form of data in a decentralized manner and ensure updates are made according to a consensus decision rather than having to appoint and rely on a central administrator. In a distributed ledger, all participants are peers of each other. The consensus mechanism is used to ensure no single party can take control of the information the ledger contains. In addition, data entries (blocks) are linked (chained) using cryptographic mechanisms that guarantee the immutability of the consensual data representation, what means users can rely on the relationship among the data the ledger contains. Resilience is a further benefit of a distributed ledger. There is no single point of failure because records are distributed across multiple sites.
A major benefit of distributed-ledger technology for application development is its support for smart contracts. These are programs running within the blockchain environment that make it possible for organizations to engage with others without the large administrative overhead associated with traditional “Ricardian” paper contracts. Users have so far barely scratched the surface of what is possible with smart contracts though they already enable applications such as the automated verification of service-level agreements, the tracking of digital and physical objects in supply chains and the management of digital identity attributes.
There are challenges to blockchain use, particularly for industrial and business use. One issue is the visibility of their transactions to anyone who chooses to access the ledger. A second challenge is the computational overhead that is associated with digital currencies such as Bitcoin. To try to avoid the danger of a single participant from exercising control over the blockchain a common technique is the use of a proof-of-work consensus algorithm. Bitcoin has achieved significant notoriety because of the way its algorithm has promoted the wasteful use of compute cycles. But even at lower levels of computational complexity, proof-of-work consensus mechanisms are incompatible with the needs of distributed ledgers that may involve interaction between low-power IoT devices.
Permissioned distributed ledger (PDL) technology can overcome these challenges. By only admitting users with the required credentials and permissions, PDL participants have much greater control over the privacy of transactions and information stored on the blockchain and they are able to take advantage of alternative, low-overhead consensus algorithms.
Although the use of permissioned access helps control access, there are numerous security and privacy issues to consider. PDLs are as susceptible to attack by cybercriminals and vandals as any other form of distributed ledger. Because they may be used to exchange information about high-value transactions, PDLs will doubtless make lucrative cybercrime targets. Implementors will need to design their solutions with care.
As with any other form of software, the logic and function of smart contracts need to be checked carefully for vulnerabilities that might be exploited by attackers who are able to gain access to the ledger or try to pollute its content. However, there are other aspects of design that are not normally encountered in software design. Immutability itself is a challenge as well as an enabler. It places severe restrictions on how remediation can be done if data placed on the blockchain causes issues not just at a functional level but at the legal level.
Legal conflicts can arise for many reasons. Copyrights, trademarks, privacy, antitrust or unfair competition are examples of where data stored on a blockchain might cause legal issues. This realization that blockchain applications would raise new and complex issues was a key driver for ETSI to form its PDL Industry Specification Group (ISG). The group has created a series of reports that identify the challenges that implementors face and the various solutions that may form part of the solution. Advice to employ tools such as privacy impact assessments to identify legal in addition to technical risks is among the recommendations.
Such risk assessments can identify data that should not be stored directly on the blockchain, such as design in mechanisms that can avoid potential legal conflicts as well as vulnerabilities. For example, instead of storing database records on the blockchain, the application may store just identifiers and hashes that can guarantee the integrity of the source data but which ensure disputes among members do not challenge the immutability requirement and that breaches do not reveal commercially sensitive information.
Another issue is the ability of a PDL implementation to handle disconnections from the system. IoT devices may be unable to maintain constant connections to the network and only be able to add data to the blockchain when they finally connect and invoke the consensus mechanism. For example, automated machinery such as robots or tractors may need to add sensor readings or records of them to the blockchain but will spend extensive periods of time out of range of a wireless network gateway. Because of the frequent disconnections, such systems are vulnerable to eavesdropping, replication and man-in-the-middle attacks. An attacker may pretend to be a legitimate device and send erroneous or incorrect data to the command centre. Suitably designed data conduits can identify systems when they connect and assess the provenance of data.
The ETSI ISG is going further, with plans to expand its current reports into normative specifications and demonstrations through proof-of-concept reports and interoperability assessments. This work is using feedback that is already coming from operational experience to ensure the principles and work items will map to new application environments. The ISG works in tight coordination with other groups in ETSI and elsewhere to ensure its initiatives and recommendations are relevant to industrial use-cases and needs. Organizations keen to adopt and exploit PDL technology can join ETSI’s efforts and help evolve it into the driving force it should be for industrial applications.
Diego Lopez
Chair of the ETSI Industry Specification Group Permissioned Distributed Ledgers (ISG PDL).
Dr Diego R. Lopez joined Telefonica I+D in 2011 as a Senior Technology Expert on network middleware and services. He is currently in charge of the Technology Exploration and Standadization activities within the GCTIO Unit of Telefónica I+D. Before joining Telefónica he spent some years in the academic sector, dedicated to research on network service abstractions and the development of APIs based on them. During this period he was appointed as member of the High Level Expert Group on Scientific Data Infrastructures by the European Commission.
Diego is currently focused on identifying and evaluating new opportunities in technologies applicable to network infrastructures, and the coordination of national and international applied research activities. His current interests are related to network virtualization, infrastructural services, network management, network architectures, and network security. Diego chairs the ETSI ISG Permisssioned Distributed Ledgers, and is a member of the European 5G PPP Technicla Board.
Apart from this, Diego is a more than acceptable Iberian ham carver, and extremely fond of seeking and enjoying comics and wines, especially sherries, ports and malagas.
