blockchainsecurity for health data: promises, risks, and future developments · blockchainsecurity...
TRANSCRIPT
![Page 1: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/1.jpg)
@brynosaurus
Blockchain Security for Health Data:Promises, Risks, and Future DevelopmentsBryan Ford, Associate Professor of Computer & Communications Sciences, EPFL
![Page 2: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/2.jpg)
Where there’s data, there’s risk...
![Page 3: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/3.jpg)
Interconnection compounds risk
Business
Partner A
Shared
Access
Partner B
Partner C “All of us!”“All of us!”
Cloud-based
Services
“You can
trust us!”
![Page 4: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/4.jpg)
Data dependence compounds risk
OPM: 21.5 million sensitive
US government
personnel records
[Nextgov, 23-June-2015]
![Page 5: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/5.jpg)
Data dependence compounds risk
Repeated hospital ransomware attacks
[Nextgov, 23-June-2015]
[WannaCry ransomware, May 2017]
![Page 6: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/6.jpg)
RUAG Cyber-Espionage Case
RUAG: main weapon
manufacturer of Switzerland,
active notably in cyberdefense
(around 8,000 employees)
Case made public in May 2016
(infiltration started before Oct. 2014)
Total exfiltrated data: at least 23 GBytes
![Page 7: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/7.jpg)
May-July 2017: Equifax Breach
One of three credit rating agencies in the US
● Exposed sensitive personal information about
143 million people (44% of US population)
![Page 8: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/8.jpg)
The Fundamental Problem
In today’s IT systems, security is an afterthought
● Designs embody “weakest-link” security
Scaling to bigger systems → weaker security
● Greater chance of any “weak link” breaking
![Page 9: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/9.jpg)
The DEDIS lab at EPFL: Mission
Design, build, and deploy secure privacy-preserving
Decentralized and Distributed Systems (DEDIS)
• Distributed: spread widely across the Internet & world
• Decentralized: independent partcipants, no central authority,
no single points of failure or compromise
Overarching theme: building decentralized systems
that distribute trust widely with strongest-link security
Weakest-Link
Security
Strongest-Link
Security
![Page 10: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/10.jpg)
Turning Around the Security Game
Design IT systems so that making them bigger
makes their security increase instead of decrease
Weakest-link
security
Strongest-link
security
Scalable
Strongest-link
security
![Page 11: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/11.jpg)
Decentralized Security Principles
Computer science theory, algorithms, crypto has
long known principles of decentralized security…
● Threshold cryptography,
Byzantine consensus
● Tolerate any one
(or several)
arbitrary failures
or compromises
![Page 12: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/12.jpg)
Decentralized Security Principles
Computer science theory, algorithms, crypto has
long known principles of decentralized security…
● Threshold cryptography,
Byzantine consensus
● Tolerate any one
(or several)
arbitrary failures
or compromises
But never widely deployed, until…
![Page 13: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/13.jpg)
Bitcoin (2008)
First successful decentralized cryptocurrency
![Page 14: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/14.jpg)
Blockchain and eHealth: Outline
● What is a Blockchain?
● State-of-the-Art: Promise and Limitations
● Blockchain Research at EPFL
● Conclusion
![Page 15: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/15.jpg)
Today’s Hot Decentralized Technology
(credit: Tony Arcieri)
![Page 16: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/16.jpg)
How to track wealth
(or anything)?
Things
● Gold, beads, cash...
Ledgers
● Who owns what?
![Page 17: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/17.jpg)
Alice 5 BTC
Bob 2 BTC
Charlie 3 BTC
...
Distributed Ledgers
Problem: we don't want to trust any designated,
centralized authority to maintain the ledger
Solution: “everyone” keeps a copy of the ledger!
– Everyone checks everyone else's changes to it
Alice 5 BTC
Bob 2 BTC
Charlie 3 BTC
...
Alice's copy
Alice 5 BTC
Bob 2 BTC
Charlie 3 BTC
...
Bob's copy
Alice 5 BTC
Bob 2 BTC
Charlie 3 BTC
...
Charlie's copy
![Page 18: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/18.jpg)
Proof-of-Work in Public Blockchains
Public blockchains such as Bitcoin, Ethereum use
consensus by crypto-lottery
1) Miners print their own “lottery tickets”
by solving crypto-puzzle (proof-of-work)
2) Winner gets to add one block to blockchain;
typically gets reward: e.g., print new money
3) All miners gravitate to longest chain. Repeat.
![Page 19: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/19.jpg)
Blockchain and eHealth: Outline
● What is a Blockchain?
● State-of-the-Art: Promise and Limitations
● Blockchain Research at EPFL
● Conclusion
![Page 20: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/20.jpg)
Applications of Distributed Ledgers
Can represent a distributed electronic record of:
● Who owns how much currency? (Bitcoin)
● Who owns a name or a digital work of art?
● What are the terms of a contract? (Ethereum)
● When was a document written? (notaries)
But practical limitations currently constrain uses
● Slow, energy-inefficient, can’t keep secrets…
![Page 21: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/21.jpg)
Broad Promise & Global Interest
![Page 22: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/22.jpg)
Limitations of Today’s Blockchains
Public/permissionless (e.g., Bitcoin, Ethereum)
● Slow, weak consistency, low total throughput
● Limited privacy: leaky, can’t keep secrets
● User devices must be online, well-connected
● Mining is inefficient, insecure, re-centralizing
Private/permissioned (e.g., HyperLedger, R3, …)
● Weak security – single points of compromise
![Page 23: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/23.jpg)
Dimensions of Information Security
We usually want three orthogonal properties:
1.Integrity: the system computes honestly,
remembers and results correctly
2.Availability: it’s there when you need it,
provides answers in reasonable amount of time
3.Privacy: it doesn’t leak confidential information
to anyone who isn’t supposed to have it
In general, blockchains tend to be
GOOD at #1, SO-SO at #2, and BAD at #3
![Page 24: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/24.jpg)
The Blockchain Privacy Challenge
Blockchains protect the integrity of data by
giving everyone a copy for independent checking
● This works against privacy & confidentiality
● Current privacy provisions are leaky
● Solvable with proper use of encryption
– When combined, important to remember:
it’s the encryption, not the blockchain,
that protects privacy.
![Page 25: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/25.jpg)
Drawbacks of Nakamoto Consensus
● Transaction delay
– Any transaction takes ~10 mins minimum in Bitcoin
● Weak consistency:
– You’re not really certain your
transaction is committed until
you wait ~1 hour or more
● Low throughput:
– Bitcoin: ~7 transactions/second
● Proof-of-work mining:
– Wastes huge amount of energy
![Page 26: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/26.jpg)
Who Participates in Consensus?
Permissionless blockchains (Bitcoin, Ethereum):
“anyone” who invests in solving crypto-puzzles.
● Now practical only with ASICs and cheap power
● Re-centralization undermines trustworthiness
![Page 27: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/27.jpg)
Environmental Costs
Proof-of-work = “scorched-earth” blockchains
● Tremendous energy waste,
now comparable to all of Ireland
●
![Page 28: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/28.jpg)
Smart Contracts (e.g., Ethereum)
Insert arbitrary software into a blockchain
● Can programmatically supervise cryptocurrency
– e.g., automatically settle an insurance payment
(see AXA “fizzy” flight delay insurance)
Extremely powerful (and interesting), but risky
● One software bug → spectacular hacks
– DAO: $70M USD of
$150M USD contract
stolen in hours
(June 2016)
![Page 29: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/29.jpg)
The “Universal Bug Bounty”
First successful hacker can steal a lot of money
![Page 30: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/30.jpg)
Blockchain and eHealth: Outline
● What is a Blockchain?
● State-of-the-Art: Promise and Limitations
● Blockchain Research at EPFL
● Conclusion
![Page 31: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/31.jpg)
DEDIS Blockchain Goals
Working to make tomorrow’s blockchains:
● Fast: responsive in seconds, not minutes/hours
● Scalable: support high transaction volumes
● Private: keeping confidential data secure
● Available: blockchain records usable offline
● Powerful: private analysis of encrypted data
DEDIS next-generation blockchain infrastructure
already available, in use by multiple partners
![Page 32: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/32.jpg)
ByzCoin: Fast, Scalable Blockchains
DEDIS lab project presented in [USENIX Security ‘16]
● Permanent transacton commitment in seconds
● 700+ TPS demonstrated (100x Bitcoin, ~PayPal)
● Low-power verifcaton on light mobile devices
1 2 3
1 2 3 4 5
...
5-10 sec
BitcoinCothority
Miner
Witnesses
Key-Block
Micro-Block
depends on
6
Co-Signature
![Page 33: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/33.jpg)
Horizontal “Scale-Out” Blockchains
OmniLedger: A Secure Scale-Out Ledger [preprint]
● Break large collective into smaller subgroups
● Builds on scalable bias-resistant randomness protocol
(IEEE S&P 2017)
● 6000 transactions/second: competitive with VISA
Transactions
Shard 1Shard 2
Shard 3
![Page 34: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/34.jpg)
The Privacy Problem in Blockchains
In current blockchains, secrets (keys, passwords)
must be held “off-chain” by private parties
● Just a hash on-chain → document might be lost
● Encrypted on-chain → encrypted to whom?
– Decided at encryption, cannot be changed/revoked
Current blockchains
can’t manage secrets,
because they would
leak to all participants
● Weakest-link security again
![Page 35: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/35.jpg)
DEDIS “Chain-Managed Secrets”
Allow blockchain to hold and manage secretsvia verifiable, transparent, dynamic access policies
– Example: decryption keys, access lists for documents
– Example: login credentials for access to services
● On-chain policies can determine how and when
secrets used, who should have access when
– Any access change immediately, atomically applied
– Tamper-proof log of all uses or attempted uses
● Can enforce data retention/deletion policies
![Page 36: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/36.jpg)
Secure Digital Documents?
Significant interest in digital
degrees, awards, land titles, …
● Blockchain can provide a
hard-to-forge timestamp
But how do you verifya digital document?
● Current blockchains:
you must be online
● Doesn’t work if network down, too slow, costly
![Page 37: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/37.jpg)
SkipChain: Traversable Blockchain
DEDIS work appearing in [USENIX Security ‘17]
● Enables offline or peer-to-peer cryptographic
verification and “time-travel” through all history
Time
Backward hash links, embedded in blocks at commit time
Collectively signed forward links, added later once target exists
B3
B2
B1
F1
F2
F3
Level
![Page 38: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/38.jpg)
Chaniac: Secure Device Updates
(including Medical/IoT)
Medical devices increasingly networked, “IoT”
● Keeping their software up-to-date is critical
– Otherwise vulnerable to old threats: e.g., WannaCry
DEDIS “Chainiac” provides end-to-end secure
blockchain-based software distribution & update
![Page 39: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/39.jpg)
UnLynx: Privacy-Conscious, Blockchain-Secured Medical Data Sharing
Functionality:• Allow queriers to query a set of
distributed databases
Requirements:• Data Providers data confidentiality• No single point of failure• Computation correctness• Privacy of data providers (DP) and
individuals storing their data in DPs
Threat model:• Queriers, servers may be compromised• Data providers honest-but-curious
SELECT AVG(cholesterol_rate)
FROM DP1, …, DPn
WHERE age in [40:50] AND ethnicity = Caucasian
GROUP BY gender
![Page 40: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/40.jpg)
UnLynx: Security guarantees
Data are encrypted
during the whole
process.
Data are shufed to
break the link btw. DP
and data.
Oblivious noise additon on
query results ensures
diferental privacy.
Correctness of every
computaton can be
verifed with Zero-
Knowledge Proofs
(proof that the
computaton is correct
without disclosing the
secret values).
Entty misbehaving can
be identfed and
excluded.
As long as one of the
servers is honest, all
the other propertes
are guaranteed.
53
![Page 41: BlockchainSecurity for Health Data: Promises, Risks, and Future Developments · BlockchainSecurity for Health Data: Promises, Risks, and Future Developments Bryan Ford, Associate](https://reader036.vdocuments.net/reader036/viewer/2022071005/5fc21ddcbea0592a342f58e4/html5/thumbnails/41.jpg)
Blockchain and eHealth: Conclusion
● Blockchain technology holds great promise
– But current systems immature, many weaknesses
● EPFL is building next-generation blockchains
– Enhance performance, scalability, privacy,
availability, and powerful analysis capabilities
– Already applied to medical data applications