Blockchain for Assured Combat ID at Internet Scale
Reliable CID for networked forces will only become more difficult as the number and type of digital forces explode due to the ongoing military digitization of traditional forces and the increasing deployment of autonomous vehicles and other types of nefarious Internet of Things devices. These small, low-cost devices and other types of digital forces require a relatively small, low-cost, secure identity solution that is open, standards-based, interoperable, decentralized implemented and managed to affordably secure the Internet scale. networked battle room.
The blockchain-enabled CID solution
Distributed ledger technology (aka blockchain) solves the digital identity problem by providing a scalable, decentralized, low-cost, highly secure way to cryptographically bind an entity’s identifier to its private and public key pair, while being widely and securely distributed. In a blockchain-based digital identity solution, the immutable hash of the linked blocks of transactions stored on the ledger immutably binds a new type of globally unique, immutable digital identifier (W3C Decentralized Identifiers or DIDs) to its public key. The blockchain consensus mechanism ensures that each distributed ledger in the blockchain network independently writes the bound identifier/public keys on its ledger. Therefore, an entity’s DID and cryptographically bound public key are automatically and immutably distributed across all physically distinct and independently operated nodes in a distributed blockchain network. To verify an identity’s digital signature, a relying party looks up the subject’s DID on a local blockchain ledger node and retrieves the immutably bound public key.
After this pioneering use case for blockchain technology was recognized, several open source organizations emerged to develop an overarching Trust over IP architecture framework and supporting open standards and implementations. The resulting highly secure digital identity solution became known as sovereign identity, decentralized identity, and decentralized public key infrastructure.
When deployed, these standards and technologies take the form of small-footprint software agents and secure digital wallets installed on each participating network device. Software agents and secure digital wallets use standardized protocols and cryptography to automate secure CID. The agents of all communicating digital forces automatically establish a secure channel (exchanging pairwise public keys) and then use the encrypted channel to exchange cryptographically verifiable claims about their identities, capabilities, and data via small, lightweight, machine-readable, schema-defined, digitally signed verifiable credentials. The verifiable credentials are issued to digital powers (representing people, organizations and entities) by recognized authoritative trusted issuers registered on a blockchain ledger. Verifiers of a verifiable credential look up the issuer’s DID on the blockchain, retrieve the associated public key, and verify the issuer’s digital signature on the verifiable credential.
CID is performed by the agents when they validate the signatures of exchanged verifiable credentials and use the attributes to perform mutual identification, authentication, and authorization. Once the trusted CID is complete, the devices use the established trusted relationship to perform various use cases.
For example, a sensor device sends collected images to its controller over a complex, multi-hop route. Because the sensor and controller keep each other’s relationship-specific identifier bound to its public key, the sensor data and the controller’s acknowledgments are all digitally signed and encrypted end-to-end between the devices, regardless of any transport layer encryption. The receiving controller has high confidence that the image data came from the trusted sensor and had not been tampered with. The sensor has high confidence that the trusted controller really received it.
The sensor may also carry in its wallet non-identifying types of verifiable credentials that make various claims about the sensor itself – for example, the manufacturer-certified resolution of a camera. In this way, the controller can make better decisions about how to use the best sensor. For example, if the camera only took wide-angle shots, the controller would not attempt to assign it a capture task that required zoom.
The value for you
Blockchain-backed, open standards and decentralized identity technologies can provide military decision makers with sufficiently reliable CID of digital forces to rely on collapsing information pipelines, automate high-value decision making, and separate command from control to the extent necessary to significantly shorten the kill chain.
Tim Olson is a lead client engineering solution architect for IBM. You can contact him on LinkedIn:
The opinions expressed in this article should not be construed as official or reflect the views of AFCEA International.