Story image

How government can safeguard identity on the blockchain

30 Oct 2017

Australian governments are undergoing an inevitable evolution into complex information brokers, and with it becoming a more attractive target for cyber criminals.

The implications of such enormous data holdings were felt by the public when Medicare recently suffered an infringement on their data. Hundreds of Australian citizens’ card numbers were found listed (with intent to sell) on the darknet. While the leaked data was insufficient on its own in accessing health records, illegal possession of the numbers could have been highly dangerous had the perpetrators found access to the victim’s other personal details.

The breach was addressed in the Australian Government’s Independent Review of Health Providers' Access to Medicare Card Numbers released earlier this month, which requested the government migrate to a more secure platform, in order to tighten the security controls around card information and other personally identifiable elements.

With health, welfare, education and the pension services requiring reams of information on identity, social needs, eligibility, and entitlement, how can we trust that sensitive citizen data is in safe hands? Those within government concerned with data security (and rightly so) are turning to blockchain as a potential saviour.

How can blockchain protect our data?

In the real world, we are defined by tangible elements – belongings, relationships and surrounding environments. But out in the cyber universe, we exist simply as data. Our identities, assets and intellectual property are intangible, but for the code that lies beneath. Storing, tracing and protecting our place in the digital universe has proven more complex than security protocol and software can keep up with – until now.

Blockchain, a technology instigated by cryptocurrencies, is a publicly available, decentralised ledger of validated and irreversible transactions boasting full transparency and ultimate permanency. Unimaginable computational processing power is needed to override the network. There are no singular points of vulnerability and the corruption of any one bit of data results in its network-wide corruption, making unauthorised actions impossible. Consequently, blockchain is almost entirely secure in the face of human-led threats.

The innovation is helping to digitise, validate and automate entire processes and interactions, making paper trails redundant and exponentially decreasing human error. And it’s revolutionising the concept of data protection. Blockchain’s application in the public sector is multifaceted – encompassing everything from claims assessment to certificates of qualification.

One area that particularly excites us is identity management. Here are three significant ways we see Blockchain playing a role in our citizen’s data protection:

1. Hello digitisation, goodbye human error

Humans inherently make mistakes. Employees will give out confidential details (whether because of ignorance or for financial gain). Documents will get lost. And it’s important to remember that cybercriminals are humans too. Perhaps taking an element of human involvement out of the transaction equation is an evolutionary step forward in securing our data. One way to do this is to digitise all documents and data in the blockchain ledger, where they are held securely and irreversibly and won’t be compromised, as in the Medicare breach.

Here’s a real-world example: a patient’s medical history is crucial when recommending treatments in emergencies. But the process of obtaining this medical history at a new hospital or clinic is time-consuming and paper-based documents can be lost. Blockchain enables patients to control access and securely share the data with other doctors, welfare services, insurances or other services. Medical practitioners can then easily access data and recommend treatments based on the history of the patient, providing effective services and saving lives. And none of it lands on the wrong desk or in the wrong hands.

2. Safety with Secure Hash Algorithm (SHA)

Enterprises need to control access to data to prevent IP theft and leakage of corporate data. On the blockchain, identity and other personal information is stored in a 256-key encrypted Secure Hash Algorithm (SHA) format, which is almost immune from infringement. To further prevent data tampering, employees must go through stringent authentication to get access to facilities, resources and internal networks, using blockchain to verify their credentials with biometrics, passwords and system configurations. This encryption data would only be available to accredited organizations and to whom access has been granted.

3. The proof in the permanency

Identity data on the network cannot be lost and is available to be accessed and updated at any time. Verified transactions are permanently recorded, traceable and updated across the entire network every 10 minutes. And thanks to the stringent authentication and consensus protocol, unverified transactions are impossible.

Essentially, nothing can be faked, everything can be traced and all transactions and data can be used as legal proof in the aftermath of a breach, should it occur.

Fighting cybercrime is tricky business for public sector organisations. We cannot rally the troops or send officers in to mediate crime scenes like the Medicare breach. We must rely on technology and innovation to prevent attacks and mistakes from occurring in the future – a level of trust no software or protocol has yet truly provided. But thanks to its ultimate permanency, verification and digitisation, we can be certain of the influence blockchain will have over our government’s data security.

Article by Allen Koehn, Assoc. VP and general manager - Public Sector at Infosys.

Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.