Will blockchain help optimize IAM solutions?

Blockchain technology, which is still in its early stages of development, is a decentralized database in which each participating system (or the so-called “node” node) stores an exact copy of all available data. Like links in one chain, each block of information is inextricably linked to the previous one, forming an ever-growing chain of blocks of information. These blocks of information always remain unchanged, making the blockchain technology ideal for archiving and storing information, acting as a distributed registry.



The technology of a decentralized database allows "parties that do not trust each other completely to come to an agreement on the existence, status and appearance of new facts that are known to all parties."

The fame of the blockchain is primarily due to it:

  • the ability to archive data without the ability to delete or modify it;
  • ability to support pseudo-anonymous transactions;
  • lack of dependence on the central organ, which is achieved thanks to the decentralized structure of the blockchain;
  • Applicability in a wide variety of industries, including financial services, healthcare, the public sector, and the consumer services industry - an example is the blockchain-based digital citizenship project in Estonia, the use of blockchain for real estate transactions in Dubai, or the use of blockchain Bank of Ireland.

Perhaps the most famous embodiment of blockchain technology at the moment is the cryptocurrency Bitcoin (Bitcoin). This is the first form of currency in the world, the issue of which is not carried out centrally, and which is not controlled by the government or the state. The term "cryptocurrency", used today in relation to such electronic currencies as bitcoin, got its name due to the fact that encryption is actively used in such currencies.

Can blockchain be seen as an answer to the rapidly growing number of digital accounts that we all have to deal with in our daily lives? To date, more than 20 companiesuse blockchain-based infrastructures for various Identity and Access Management (IAM) management functions.

Nevertheless, the prospects for such use remain in doubt, including for the following reasons:

  • This is a database, but not an access control mechanism.
    Distributed registries, such as the blockchain, are excellent for storing and archiving information with the guarantee that this information will always remain unchanged. The main idea here is that you have a reliable and secure repository of important information, such as cash transactions, medical records or real estate transactions. Access control and contextual real-time authorization control are usually not done by databases.
  • The right to forget provided for in the “General Data Protection Provisions”
    Since information blocks in the blockchain cannot be deleted or edited, this actually contradicts the “right to forget, which allows users to control how their personal data is stored. One of the possible solutions is to publish the various attributes of the identity account separately so that they cannot be associated with each other, for example: age, name, address. In addition, it was proposed to publish such attributes using encryption (cryptographically-valid) - so that only the party with which the transaction is able to read them could.
  • Fading hashes
    Given that blocks are encrypted using cryptographic hash functions, can anyone guarantee that after a few years these hash functions will not be hacked in order to gain access to information or hack data? It is enough to recall the hash algorithms MD5 or SHA-1, which some time ago were considered very cryptographic, but after some time were officially recognized as not so reliable. Again, in order to avoid risks, the idea of ​​sharing and anonymizing the individual attributes of identities can come in handy here.
  • Distributed data blocks
    All participants in a private or public blockchain system have a copy of all information blocks. And although the blocks of information are actually encrypted or encoded using a hash function, taking into account all of the above, can we assume that such protection will be enough? On the other hand, since PKI uses public and private key pairs for signing information and authentication blocks, storing keys in the form of PKI hardware tokens or in hardware security modules can provide an additional level of protection for private keys. Separate storage of credential attributes in the form of separate blocks also helps minimize such risks.
  • Verification and Verification of Identities
    Who will be responsible for verifying the validity of the attributes of the identity that you provide to the blockchain? For example, who will confirm the fact that you really are who you impersonate? In this context, state digital credentials can be very convenient, such as those provided for in the eIDAS regulation adopted by the European Union and issued by many EU states, and PKI public key infrastructure is also used in such systems to work with accounts. The addition of another factor, for example, taking into account behavior, biometrics, authentication based on knowledge or based on context, can increase the level of trust. You can also use other service providers, such as social networks, telecommunications providers or banks,

As you can see, the above concerns do not at all deny the possibility of using the blockchain in managing user identification and access, and this direction can be considered very promising with proper planning.

Also popular now: