Leveraging Blockchain for Identity and Authentication in IoT is good for Security

Presented at AppSec USA 2017, Sept. 21, 2017, 1:30 p.m. (45 minutes)

Leveraging Blockchain for Identity and Authentication in IoT is good for Security Since the beginning of the internet, attempts have been made to solve the problem of privacy and security. Every effort has had challenges of inconvenience, cost and insecurity. How do we prove our identity? Blockchain technology and its mutual distributed ledgers (MDL) cannot be altered and allow people and companies to record, validate and track transactions throughout a network of decentralized computer systems. These MDLs are databases with a time stamped audit trail.   By leveraging this technology, an app on our device will hash our identifying information and insert this into the public Blockchain. Anytime you need to authenticate to another service or user, you share the information which is then sent through the algorithm and checked against the Blockchain. Once authenticated, your information for identification is not needed again. If the hashed information is decentralized and provides interoperability. Personal information never leaves the device and is not stored on a centralized server. Taking the personal data, hashing it and then discarding everything but the hashes of our personal data allows the network to accept the information in the same manner as our ID cards.   These Blockchains open the door to innovation and enables more interoperability connecting various distributed services.   There can be 2 unique MDLs; one to hold the encrypted documents and a separate ledger that will hold encryption key access which are folders encompassing our identity, health or other qualifying records. Driver's license bureaus can provide us a digitally signed copy of our driver's license that we control. We then offer controlled usage to entities that need to inspect the documents, the information recorded on the MDL. This use of immutable ledger can become the accepted modality of the future.

Presenters:

• Donald Malloy - Chairman - OATH
  Donald Malloy is the Chairman of OATH, The Initiative for Open Authentication. OATH is an industry alliance that has opened the authentication market from proprietary systems to an open source standard based architecture promoting ubiquitous strong authentication.Malloy has more than 20 years' experience in the Security and Payment industry and is currently an technology consultant assisting companies with the development of their security business. Don was responsible for developing the online authentication product line while at NagraID Security, now Oberthur and prior to that he was Business Development and Marketing Manager for Secure Smart Card ICs for both Phillips Semiconductors (NXP) and Infineon Technologies. Don originally comes from Boston where he was educated and has degrees in Organic Chemistry and M.B.A. in Marketing. He currently resides in Orange County California and is married with 3 daughters, in his spare time he enjoys hiking, biking, kayaking and traveling around this beautiful world.

Links:

• https://appsecusa2017.sched.com/event/BN2C/leveraging-blockchain-for-identity-and-authentication-in-iot-is-good-for-security
• https://infocon.org/cons/OWASP/AppSecUSA 2017/Leveraging Blockchain for Identity and Authentication in IoT is good for Security.mp4
• https://www.youtube.com/watch?v=utd5X--gTUQ

Similar Presentations:

• Black Hat Asia 2015 / Decentralized Malware on the Blockchain
• Kiwicon 2038AD: The Dystopic Future is Now (2018) / Digital identity: decentralised and self-sovereign
• DEF CON 30 (2022) / FROM ZERO TO HERO IN A BLOCKCHAIN SECURITY Workshop