PIKOM CIO Chapter review event: Demystifying the blockchain with IBM
PIKOM’s CIO Chapter (PCC) held their first local event for the new year 2018, with a review of the blockchain technology, by IBM Malaysia.
PCC Chairman, Chia Nam Liang, kicked off the event attended by over 40 PCC members, with a quick recap of 2017 highlights: a closed door forum about the pitfalls of cloud and lessons learnt, as well as a study getaway to Penang, organised by the CIO Academy, among others.
All of these activities, as well as the more planned for 2018 like the IBM Blockchain Review, is in line with the PCC’s objective to make the chapter a vibrant and relevant community for its members.
In summary, blockchain is a very useful technology, because of its inherent qualities of immutability and transparency ie. the blockchain is very dificult to hack into, and have its data manipulated.
But so far, the only popular and oft-talked about application for blockchain is bitcoin, Ethereum, cryptocurrencies. All the intrigue about cryptocurrencies, has fuelled demand for it and a mushrooming of fake bitcoin platforms.
This is to the point that Facebook is now banning all ads that promote cryptocurrencies, whether they are legal or not.
The website, Recode, described this is because, “The cryptocurrency boom/bubble has led to scams and wild price fluctuations that have cost a lot of people — including unsophisticated investors — a lot of money. Scams are illegal, but gambling on investments you don’t understand is not.”
However, there is an endless number of other use cases for blockchain like cross border supply chain, customer onboarding, dispute resolution, electronic medical records, and a whole lot more, especially when technology concepts like smart contracts and permission blockchain, come into the picture.
To date, Taiwan is using blockchain to enable Taipei to be a smart city, China said it will use blockchain to collect taxes and issue invoices, Japan and Korea agreed to use blockchain so that 61 Japanese banks can achieve same-day international fund transfers with 30-percent cost reduction.
All in all, 2017 was the year there was a whole lot more experimentation with blockchain technology, but there is no one big successful use case yet, that can be replicated by other governments or private companies. There is a whole lot more about blockchain, that still needs to be demystified and studied.
The blockchain review, is only one in a series of more similar events being organised by the PIKOM CIO Chapter EXCO committee, to demystify and further understand, the many technologies and trends out there on the global technology landscape today.
IBM’s use case example for blockchain: medical insurance
IBM’s Blockchain advocate and technical sales lead, Peter DeMeo, demonstrated how blockchain technology can actually settle complex reconciliations with multi-party processes, across multiple organisations and siloes.
One example he gave to illustrate was the medical insurance claims industry in Singapore, which today involves a lot of manual processes using data scattered across separate parties.
Long story short, patients have to verify their ability to pay upfront; with a Letter of Guarantee (LOG) before they can be admitted into the hospital. What ensues is a long and arduous business process that involves many separate parties, a lot of bottlenecks, and an overall lack of visibility into the whole process which increases risk of fraud, delay of payment, and even non-recovery.
What if all these could be simplified? Blockchain technology, is often touted as suitable for these kinds of scenarios because of its inherent features that offer consensus and immutability.
If a hospital patient’s identity could be verified, and their insurance company, looped into the process, might it not speed up the medical insurance claims process?
Verifying you, as you
Another important component to make this all happen in a more automated manner, is a trusted identity service, that allows consumers to sign-on to digital services, and remain in control of their identity attributes.
Canadian-based federated identity provider, SecureKey Technologies, is working together with IBM, to enable a new digital identity and attribute sharing network based on IBM’s blockchain.
- Allowing consumers to sign-on to critical online service with a digital credential that can be trusted, because they are verified with trusted providers like telcos, banks, and governments
- Ensuring that information is only shared with explicit user consent.
In Canada, SecureKey together with IBM have built a network with which, consumers can easily verify they are who they are, for services like opening new bank accounts, or applying for utilities.
Canadian consumers would later, be able to opt-in to the new permission blockchain-based service using a mobile app.
Back to the Singapore healthcare example, DeMeo explained that a digital sovereign identity (DSI) is not needed, but it would make things easier.
“This is suitable for an ecosystem. It’s a closed permission network that certain parties will have access to. And all information is decentralised, as opposed to an electronic LOG system which is centralised.”
According to him also, the Singapore example involves all insurers having all hospitals on the blockchain network, and sharing LOG documents of what services which patients are eligible for.
“There is no need to pay upfront to receive treatment, because it is established on a verifiable ledger (that I will do so),“ he said.
Overall, there is less risk of late payment or non-payment, and fraud is not possible because claims are submitted automatically, with no chance of a duplicate submission happening, if it were manual.
DeMeo added that SecureKey, will be coming to Asia from Canada, soon.
Say again, why blockchain?
“(With this solution), I have ability to say I am who I am, and I only authorise information about myself to those who need it. I control what data is on the blockchain, that sits behind the application.”
In other words, parties will only see data of a transaction, that they need to see and not more.
Other use cases
DeMeo shared other use cases for blockchain – cross border supply chain, customer onboarding, dispute resolution and electronic medical records.
Other things to think about
Notably, DeMeo had pointed out, when an organisation implements blockchain into their supply chain environment, their suppliers will likely need to be included in that chain of trust, and would likely need to implement blockchain-type technologies as well.
Another thing to note, ledgers on the blockchain are extremely hard to hack and be compromised.
But it doesn’t mean the assets (one popular example being cryptocurrencies) linked to the ledgers are as secure as that ledger.
MORE QUESTIONS ABOUT SECURITY OF BLOCKCHAIN?
When DeMeo shared that information in the blockchain would be decentralised, some pertinent questions arose, as to how secure that might be. Especially when he shared that data would be synched and replicated (on all the nodes).
Gathering responses from the floor, Enterprise IT News, posed this question to IBM:
QUESTION ONE: In a blockchain, copies of data are located at different nodes. Can you describe how are the nodes and the data; residing in different locations; securely protected in a blockchain?
DeMeo’s response is as follows:
IBM uses the Hyperledger Fabric blockchain protocol for private, permissioned, blockchain applications and business networks. The IBM Blockchain Platform focuses on security, scalability, and validation protocols through services such as Identity and Access Management, Certificate and Key Management, Log Management, and security network monitoring (i.e. policy violations, breaches, and denial of service attacks).
We work with financial, telecommunications, insurance, healthcare, and government agencies that place strict data protection requirements. There is more to security than just making sure that the data is the same across blockchain nodes.
Our clients value private, encrypted transactions whereby only transacting parties (working in private channels) have access, whereas the other members of the network do not. This means not all the data is held by all of the nodes.
The second important aspect is data pedigree, IBM Blockchain prohibits transactions from self-signed digital certificates — they must come from a certified authority. The IBM blockchain platform controls member access to transactions and which members see the data and which can invoke smart contracts.
We go even further.
A lot of attacks into Linux applications (and blockchain is a Linux application) is because root user credentials have been compromised. Once you become a root user in Linux you can do anything, and you could look at any data.
The vast majority of blockchain applications are hosted on Intel systems that are not secure as we have recently learned about with Meltdown and Spectre exploits. In a heterogeneous environment, the security of the network can be compromised by the most insecure node and is difficult to control.
To prevent those types of attacks we have built controls into the IBM LinuxONE system that even if your root user credentials have been compromised, root users still cannot see blockchain data, they cannot see the blockchain stack, they cannot change it.
QUESTION TWO: Each time a member of a blockchain network extracts or calls up a file stored in the blockchain for verification or cross checking or viewing, can it be amended? If changes are made to the original, how will be it re-entered into the blockchain and secured again?
Cryptography is used to ensure that network participants see only the parts of the ledger that are relevant to them. Central to cryptographically secure transactions is hashing where each transaction and each block has a digital alphanumeric fingerprint created by a one-way only algorithm. Hash functions take any input and produce a single output but there is no way to determine the input from the output. These hash functions are critical to the way a blockchain works
The “amended” transaction must be validated by endorsing nodes according to endorsement policy and will be added to the blockchain when consensus is achieved by committing nodes for the block containing that transaction (note: endorsing nodes in Hyperledger Fabric are a subset of committing nodes).”