Introduction to Guardtime and KSI Blockchain Randy D Bishop Randy D Bishop General Manager General Manager Electric Infrastructure
Guardtime KSI at a Glance • Systems engineering company, inventors of Keyless Signature Infrastructure (KSI) blockchain technology • Founded in 2007 • 30+ patents Technological Advantage: • PERMISSIONED Blockchain • Scales rapidly independent of the number of transactions. Use Cases Digital and Physical Supply Chain SLA Attestation and Transparency Transactive energy Cross platform transactions, monitoring and verification Digital contracts Competitive Advantage: A battle-hardened blockchain stack, in production since 2008 with governments and enterprises relying on the platform today . • NIST Crypto Algorithm Validation Program • Common Criteria or NIAP Accreditation • USAF/Lockheed ATO on classified/sensitive networks and F-35 JSF
3 Guardtime Infrastructure
The Challenge DATA SIGNATURE Based on the lessons learned from the 2007 state sponsored cyber-attacks, our scientists were given a challenge: re-think information governance by designing and building a massive scale signature system for electronic data which could prove the time, integrity and identity (human or machine) without reliance on centralized trust authorities. 4
Information Security Model: C.I.A. The root cause for ineffective cybersecurity is the lack of integrity of systems, networks, processes and data. CONFIDEN- TIALITY For the last 40 years security has come to mean confidentiality of data in motion. SECURITY MODEL Today with the opening of networks, IOT, A V A I L A B I - L I T Y INTEGRITY and Cloud the integrity of systems becomes paramount. The Absence of Compromise 5 KSI Blockchain Introduction
Why Does Integrity Matter? Integrity Breach Confidentiality Breach Your car Your braking system stops working Your braking patterns are exposed Your plane’s instruments report that you are Your flight plan is posted on Internet (note: it Your flight 1,000 feet lower than you actually are already is) Critical systems compromised leading to Your local power station Your electricity bill is published online shutdown and catastrophic failure Your pacemaker Shutdown and death Your heartbeat becomes public knowledge Your security system is remotely disabled The contents of your fridge are ‘leaked’. You Your home Your smart TV is watching you… drink how much beer?
Solution to the Integrity Problem: Register Digital Assets (Metadata) in the Blockchain KSI signatures, linked to the blockchain, enable the properties of data to be verified without the need for trusted third parties, keys or credentials that can be compromised. • Signing time Upon verification, KSI • Signing entity Signature proves: • Data integrity 7 Keyless Signature Infrastructure
The Facts of KSI
Case Study: World’s Largest Smart Grid Platform Assurance Background : • Elering is a Estonian electricity infrastructure provider that runs the biggest smart grid installation in the world – over 500,000 smart meters installed. • Elering’s smart grid data exchange platform provides open API-s for various service providers to build their services based on gathered data. • Challenge: How to establish the chain-of- custody for personal user data moving through multiple service providers? 9 Presentation title (Insert > Header & Footer)
Case Study: World’s Largest Smart Grid Data Platform 24 service providers 500K Big Data Platform smart meters 10
Case Study: World’s Largest Smart Grid Data Platform Service provider API Identity Big data storage & analytics management API Smart metering infrastructure Residential / commercial customer 11
Case Study: World’s Largest Smart Grid Platform Assurance Service Provider Liability Regulatory Compliance Data Integrity Management • Collects, stores and processes • Real-time guarantee of the veracity sensitive personal information • End-to-end forensic audit trail for all status of the data collected, stored data and actions • Natively able to independently prove and processed in their data to the regulators how the PII was • Pinpointing who did what when in exchange platform. handled case of a dispute arising from data usage is quick, irrefutable and final. • Simplifies compliance with regulatory requirements considerably. • Does not only provide reactive means for liability allocation, but also shapes Service Provider behavior prior to any incidents. 12 Presentation title (Insert > Header & Footer)
Case Study: Industrial Infrastructure Assurance Zero-day Malware Mitigation in SCADA Problems › Malware detection systems depend on known › The monitoring systems of infected industrial vulnerabilities and can’t protect against zero- infrastructure can convey a tampered feedback solved: day attacks, digital certificates that may or that shouldn't be trusted. may not be authentic. Integrty Malware Forged Zero-day Industrial instrumented source certificate vulnerability assets are OK control system Integrity instrumented Data Centric Security monitoring
Case Study: DoD Identity and Access Management - IdAM Current Environment: • Identities are created and distributed across many physical locations at different organizations, departments or agencies • Identities are created and distributed across many disconnected or independent environments such as cloud or managed services infrastructures • Disparate identity and access control identity data between facilities and segregated network or enterprise enclaves • Identity and Credential Data can be distributed in a ”water fall” manner, allowing more accidental or malicious change • Identity Data types and amount will grow as multifactor authentication schemes are enabled • Data is not cryptographically immutable such as public / private keys • Policy and Access Control Mechanisms suffer increased cyber threats and are becoming easier targets that centralized identity providers
Case Study: DoD Identity and Access Management - IdAM The Challenge: • Create Tamper Proof evidence of key access control data such as biometric, attribute, and policy data upon creation • Provide KSI Signatures as distributable and highly available trust verification • Identity Data Provenance, from vetting, proofing, distribution and maintenance can be cryptographically bound to any type of identity data • Continuous verification of identity data across multiple storage zone or enclaves requires a single signature to independently verify • No explicit trust required to verify stored or distributed identity data • Full accountability and auditability of data using KSI Signatures • System configuration, logs, policies, and other access control components can be signed as well, providing a fully trusted platform the identities will flow through
Case Study: DoD Identity and Access Management - IdAM MFA leverages a combination of the following factors: • Something You Know – password or PIN • Something You Have – token or smart card (two-factor authentication) • Something You Are – biometrics, such as a fingerprint , facial construct, voice, or heartbeat (three-factor authentication) Guardtime Blockchain and KSI provide independent evidence that the platform Secure IdAM platforms need a new factor: components and identity data have integrity and • Something You Trust – independent proof of can be independently verified with various methods trust and real-time tamper detection for the IdAM that support both connected and disconnected platform providing the MFA services systems 16
Case Study: DoD Identity and Access Management - IdAM Characteristic Guardtime Solution Support multiple server and host-based operating systems YES Be immediately available and proven in a commercial environment YES Demonstrate means for operation within latent or disconnected network YES environments Demonstrated in an operational environment integrated with industry YES standard network domain management such as Microsoft’s Active Directory Domain Services The Guardtime solution guarantees a scalable, interoperable authentication solution to reduce reliance on passwords and smart card-based authentication across myriad systems and applications 17
Keyless Infrastructure Security Solution (KISS) The Problem: • EDS operating at the grid’s edge require unprecedented levels of security and trustworthiness to verify integrity of data and manage complex transactive and DER exchanges. • Grid edge devices lack visibility, control and security to conduct real time energy transactions at the required speed and scale. The Solution: • Atomically verifiable cryptographic signed distributed ledger to increase the trustworthiness, integrity and resilience of energy delivery systems at the edge • Verifies time, user, and transaction data protected with immutable crypto signed ledger • Autonomous detection of data anomalies and reduces burden with normalized evidence across a unified timeline for incident analysis • Real time response to unauthorized attempts to change critical EDS data, configurations, applications, and network appliance and sensor infrastructure 18 SWIFT
Recommend
More recommend