In the previous posts in this series, we presented the basic cryptographic concepts and components of blockchain technologies, and also discussed the role blockchain plays in cryptocurrencies such as Bitcoin. While the allure of cryptocurrencies has brought fervent public fascination to blockchain, almost all related claims of fantastical use cases for products and applications of “Blockchain” are attempts to exploit the mystique manufactured from Bitcoin hype. Our posts provided concrete, specific, and detailed explanations supporting this assertion.
However, as also mentioned, blockchain itself is a very useful concept which predates cryptocurrency hype. When Cirrus created our data migration product, one of the important technologies we developed to support it was Smart Licensing, which was described here. Using public key (asymmetric) cryptography, we created a truly smart licensing scheme to assist all data migration operations. When using DMS, the customer is issued a smartcard (in form of a USB dongle) that is attached to the DMS appliance. Each smartcard has a unique ID. When users wish to use the product, they purchase migration capacity. A transaction is then initiated in which capacity is deposited in a “virtual vault” for the user’s specific account. From there the customer can withdraw the needed migration capacity by specifying the exact amount required for each migration operation. Behind the scenes, a package is created in the form of a digitally signed migration currency. The package is downloaded and then can only be imported to the smartcard with the correct ID. The cryptographic operation ensures a simple, smooth, and reliable transaction so customers can withdraw and deposit whenever they need.
The feature we call the crypto WORM was developed at the same time as the Smart Licensing, using the same concepts.
WORM (Write-Once-Read-Many) is a type of storage people have been trying to perfect for long time. Many applications require immutable data storage to ensure that once data is written, it cannot be changed. In the past people have used write-once media such as writable CD’s for this purpose, where the data is recorded/burned onto the surface of a reflective disc. These bits, once “burned,” cannot be “unburned,” and therefore the data cannot be changed. Elsewhere, Linux OS distributions using native filesystems (such as ext3, ext4, and btrfs) provide an immutable configuration option where the file system becomes write-once.
These techniques all sound good, until one begins to question what “immutable” really means.
The purpose of immutable storage is not merely to prevent data from being changed. More important is the ability to detect when the data is changed, since it’s nearly impossible to prevent data being changed overall, at least not in a manageable manner. A systems administrator may be able to set access control so users cannot change data, but how does one make sure the systems administrators themselves cannot change the data? This isn’t to infer that sysadmins aren’t trustworthy, but rather to point out that there’s generally no way to prove beyond any shadow of doubt that data has not been changed at any given time. In reality, whoever has access to the physical system can always change the data. Even if the data is written on a write-once CD, as described above, it can be changed by simply copying changed data onto a new CD.
What happens if a company wants to provide proof that it did not change a collection of data? How does it convince external parties that the CIO, CEO, and the Board of Directors cannot collude in altering financial data when the stakes are high?
This is where Crypto WORM provides a perfect and simple solution. With Crypto WORM, a single trust authority can be assigned. This is the entity that holds the key, in the form of a smartcard (USB dongle), allowing a single individual to have full control over the data trustworthiness. It’s a simple, effective, and complete system:
- One designated authority holds the root key that controls the trust over data veracity and integrity
- The root key can be locked away and never exposed
- Once the data is put into the Crypto WORM storage, its information is put into the blockchain and locked
- The data can be verified at any time by anyone, without requiring the root key
- Any tampering of the data will be detected
The Crypto WORM itself uses available means to prevent users from changing data after it is written to storage. Systems administrators can set access control parameters to further prevent accidental changes or erasure. However, no data can be changed without being detected – even by someone in possession of the physical system who has motive, means, and opportunity. The assigned trust authority always has complete, objective confidence of the veracity and integrity of the data, without having to rely on the trust of any individuals involved. Therefore the Crypto WORM provides incontrovertible proof that the data is not altered after it is deposited to the storage.
Here are a few more details on the architecture and components of the Crypto WORM from Cirrus Data:
- A simple system allows the root trust to be created by the assigned trusted authority in the form of a smartcard (USB dongle)
- Using the root smartcard, operational smartcards are created for systems administrators
- A software process scans all files and data objects and create digital signatures for the data using the operational smartcard (also USB dongle)
- The file and data object information along with the corresponding digital signatures are stored in a blockchain
- A software verifier is used to verify the files and data objects in the blockchain
In this system, every root key generated is unique. All operational keys created by a specific root key uniquely belong to the trust domain provided by that root key, and only that key. If you remember the discussion on the previous articles, what this specifically means is that the operational keys created by a specific root key have their public key certificates signed by the root private key. Therefore all digital signatures created by any one of these operational keys can be verified using the root public key, which is included in all the operational keys, and can be readily retrieved when verifying data. Every root key forms its little “kingdom of trust.” Whoever holds the root key is the king of the trust of that particular dominion.
With this product, if you are the Chairman of the Board and want to ensure some pool of company documents are protected, you can envision the following operational scenario:
- You generate the root key using the system
- You then use that root key to create one or more operational keys (also in the form of a USB dongle)
- You hold on to the root key, and give the operational keys to the CIO, and instruct them to be plugged into the Crypto WORM storage system, or systems
- The scan agent works with the operational key to scan and lock the data files to the blockchain
- The data in Crypto WORM can be verified at any time by anyone
If you need to prove to external parties the integrity of the data, simply have a public accounting or escrow firm generate and secure the root key after the operational keys are created. Without the root key, no one can possibly change any data without detection. That is the magic of asymmetric cryptography and the magic of blockchain, fully realized in the Crypto WORM.