Trusted Blockchain Secure Blockchain Technology through Third-Party Certification
Motivation and Objectives
Distributed Ledger Technology (DLT) have received growing attention in recent years as an innovative method of storing and updating data within and between organizations. Blockchain technology is one of the most well-known uses of DLT, in which the ledger (i.e., a computer file used for recording and tracking transactions) comprises ‘blocks’ of transactions, and it is the technology that underlies the cryptocurrency Bitcoin. Although the technology is at a relatively early stage of adoption and significant challenges remain, it is becoming apparent that Blockchain holds the potential for major opportunities and innovative business models across several sectors, including finance, education, health, the creative industries, and the agriculture and food industries. As the opportunities for the use of Blockchain technologies in the market grow, issues related to an immaturity of the technology, ensuring security and privacy, interoperability of emerging platforms and an understanding of best practices in the development and use of Blockchain will become more pressing, ultimately hampering the full adoption and use of Blockchain technology by public and private organizations. For example, the decentralized nature of Blockchain technology and the distributed access and management rights across multiple nodes in the network could present a serious security risk, with malicious entities potentially having multiple back doors through which to attack the system. Establishing standards and certifying adherence to these standards to address prevalent concerns related to Blockchain technologies gains high importance as it helps to ensure security and resilience of the Blockchain technology and to facilitate trust, thereby increasing technology diffusion. Therefore, the objective of the proposed research project is to resolve the challenges that currently prohibit large scale deployment of Blockchain technology by developing a standard for Blockchain technology and a corresponding certification approach that verifies adherence to the standard through a third-party-attestation. In particular, we answer two research questions:
- RQ1: Which requirements have Blockchain technologies to fulfill?
- RQ2: How can a third-party attestation be designed to verify adherence to these requirements?
The research results will be useful to guide the design and operation of Blockchain technologies. More importantly, research findings will provide the basis for setting up a certification for Blockchain technology that will increase transparency about and trust in deployed technology to foster Blockchain diffusion and user acceptance.
State of the Art and Own Preliminary Work
A blockchain is a replicated, shared, and synchronized distributed database, where a continuously updated copy of a ledger is available to all nodes in a peer-to-peer network. Extant research on block- chains focuses predominantly on technical aspects, such as the mining process, anonymity, or double- spending, and is strongly concentrated on the financial sector, especially, the Bitcoin blockchain. More importantly, researchers and practitioners are raising concerns regarding the use of Blockchain technology. First, given the distributed nature of ledgers and their function as an immutable record, setting out clear rules for the governance will be a key challenge. Second, to realize the full benefits of Block- chain technology, it will be critical for ledgers to be able to exchange information with other ledgers and with legacy IT systems, hence, ensuring interoperability of Blockchain technology gains high importance. Finally, organizations will need to think carefully about maintaining the confidentiality and security of data stored on a ledger – and of the data relating to the transaction and ledger activity itself. For example, organizations will need to ensure that data can be accessed only by those with appropriate permissions – and that any access is in line with prevailing data protection legislation. To cope with these issues, standardization efforts related to Blockchain technologies have recently gathered momentum, for example, the International Organization for Standardization aims to support interoperability and data interchange among users, applications and systems related to Blockchain technology. The proposed research project will expand extant knowledge on application of Blockchain technology, and on what requirements the technologies have to fulfill to dissolve aforementioned concerns. Our preliminary work on certifications in the context of cloud computing, the comparison and development of cloud service standards, deviation of automated certification processes, and the user acceptance of new technologies serves as valuable foundation to ensure the success of this research project.
The work plan is organized in four work packages (WP). The goal of WP 1 is the successful project management. Core tasks are the coordination of project activities, progress management, and quality management. Deliverables of WP 1 are two interim project reports and the final project report. The goal of WP 2 is to develop a standard that contains and classify requirements that Blockchain technologies has to fulfill to ensure security and privacy of shared data. To develop the standard, we will apply a taxonomy development approach which has been successfully applied in our previous research. Therefore, we will first analyze existing Blockchain and related standards to derive certification requirements (deductive phase). Then, we will conduct interviews with Blockchain technology operators, developers and managers to extend our deductive findings, and to ensure validity and reliability (inductive phase). Results of each phase will be merged to derive a taxonomy of certification requirements. The goal of WP 3 is to specify a certification approach to validate adherence to certification requirements, and a business model for certifying Blockchain technologies to ensure practical applicability of project findings. In WP 4, project outcomes will be disseminated in appropriate outlets addressing the practical (taking into account the broad variety of stakeholders covering customers, technology providers, certification authorities, and representatives from public bodies) as well as the scientific community (papers will be submitted to the most relevant journals and conferences in this field). Figure 1 gives an overview of the work packages, person months, and milestones.
Blockchain technologies are a promising disruption of today’s information infrastructures. While, Blockchain technologies are characterized by immense potential for innovation and value creation, they also exhibit high technical complexity as well as security and privacy risks. This research proposal has two salient unique contributions. First, we harness extant knowledge on Blockchain technology to derive requirements and develop a standard, and thereby provide practitioners and researchers with means to design and evaluate Blockchain technologies. Second, we develop certification approaches and business models that are applicable in the context of Blockchain technology. Therefrom, certification authorities can start to certify technologies and award certification seals that increase consumers trust and transparency about Blockchain technologies that are used. Rigor and relevance is ensured through employment of established research methods and incorporation of relevant stakeholders into the research process. We believe that independent third-party certification of Blockchain technologies can reduce prevalent concerns of organizations and will enhance Blockchain diffusion.