Most breaches start with compromised identity and compromising identity is much easier with free-flowing Personally Identifiable Information (PII). So, could breaches supported by access to sensitive PII be reduced by foundational shift from monolithic database storage to an infrastructure leveraging blockchain (distributed ledgers) and verifiable claims? TechVision Research thinks this approach has great potential and want to share our thinking with you…as always feel free to join the conversation.
What We Know
The Equifax breach was caused by hackers exploiting a known flaw in web infrastructure software (apache struts) to gain control over servers within Equifax. Using that control, the criminals were able to gain privileged access to the database(s) containing the PII for about 143 million people through access to private encryption keys or direct access to the data as “open text” database records themselves. As of this writing, it has not been disclosed which path was used.
Basic Security Hygiene Not Followed
First, this breach never should have happened with or without blockchain. Good security hygiene suggests that patches to server software need to be implemented as close to zero day as possible. Good security hygiene suggests that data be encrypted at rest. Good security hygiene suggests that private keys are protected through layered key management techniques that segregate the data encrypting keys from the key encrypting keys and yet again from master keys. From what we can tell, much of this wasn’t consistently followed at Equifax even though they are stewards of the most critical consumer PII in the United States.
Even if the security team at Equifax is top-notch, things happen…priorities shift, vast server farms are hard to coordinate, patches are complex and require orchestration and threats come from every direction. The bottom line is that this kind of breach was bound to happen and will happen again until there are fundamental changes as to how data is collected, how much data is collected and how it is centrally stored and managed. We need to stop rearranging deck chairs on the Titanic and look for the icebergs.
Thinking differently; A New Distributed Data Sharing Model
What if instead of trying to solve the problem of protecting PII in centralized data stores from the millions of attack vectors, we try to solve a different problem; getting access to trusted verifiable information when we need it, and storing only what is necessary to function? That’s where blockchain and verifiable claims can be a game changer.
In this architectural construct, the blockchain acts as an index of identifiers and audit trail for the exchange of verifiable claims (attributes digitally signed by the issuer) between the holder of the claim and the inspector.
Blockchain can provide the identity anchor, allow for discovery and be the immutable unforgeable record to link an identifier to the holder of the claim. In other words, one’s identity chain contains identifiers for different persona, “pointers” to the location of encrypted and signed verifiable claims associated with those persona, unique key pairs that allow the exchange of those claims, and a limited set of zero-knowledge proofs that can be made without exchanging claims. It is also the audit trail of permissioned exchanges between the issuer of claims, the holder of claims, and the inspector of verifiable claims.
A verifiable claim is a qualification, achievement, quality, or piece of information about an entity’s background such as mother’s maiden name, social security number, legal name, government ID, payment provider, home address, or university degree that can be trusted as it is digitally signed by the issuer.
In this architecture, the information is no longer centralized, the encryption keys are distributed across many entities, and connections are individually permissioned.
Applying this model to the Equifax Breach
Let’s now apply this new model to the Equifax breach and see how we might achieve a better outcome. Equifax stored PII for individuals with credit histories because they served as common discovery keys to correlate the various feeds of information they receive from the thousands of companies that report credit activity. Let’s see how this might work in a blockchain / verifiable claims structure.
Equifax receives a feed of activity from a bank. This feed is an encrypted set of verifiable claims for all of the customers at the bank. Equifax queries the blockchain using the identifier received from the bank. Equifax can then “chase the chain” to find a corresponding identifier for the Equifax “claims” for the same person. Equifax can post its claim in its databases associated with that corresponding identifier. Decryption and verification is done on the claim from the bank based on a unique key pair. Encryption and signing is done on the Equifax claim based on a unique key pair. Equifax has the data it needs to run its business but no longer has any PII in any of its databases. No PII means less value to a hacker and while mitigating massive risk for Equifax or any enterprise collecting unnecessary PII. Encryption and digital signatures means the records are tamper-proof and non-repudiable.
TechVision Research has just completed our research report entitled “Identity is the New Perimeter” that expands upon these concepts of limiting PII, leveraging a distributed identity model and using this data to better secure resources and limit potential breaches. The report has been developed by a team of Principal Consulting Analysts led by Doug Simmons, with collaboration from Nick Nikols, Gary Zimmerman and me. A link to a detailed 10-page excerpt from our 40+ page client research report follows: https://techvisionresearch.com/project/identity-new-perimeter/