Blockchain for Internet-scale Assured Combat ID

Reliable CID of networked forces will only become more difficult as the number and type of digital forces explode due to continued military digitization of traditional forces and the growing deployment of autonomous vehicles and other types of Internet of Things devices. These small, low-cost, attractive devices and other types of digital forces require a secure, relatively small, low-cost, open, standards-based, interoperable, decentrally implemented and administered secure identity solution to cost-effectively secure scale of the Internet battle space in the network.

The blockchain-enabled CID solution

Distributed ledger technology (aka blockchain) solves the digital identity problem by providing a scalable, decentralized, low-cost, and highly secure way to cryptographically associate an entity’s identifier with its private and public key pair, while also distributing it widely and securely. In a blockchain-based digital identity solution, the immutable hash of the chained blocks of transactions stored on the ledger immutably binds a new type of globally unique and immutable digital identifier (W3C Decentralized Identifiers or DIDs) to its public key. The consensus mechanism of the blockchain ensures that each ledger deployed in the blockchain network independently writes the associated identifier/public keys to its ledger. Thus, an entity’s DID and cryptographically constrained public key are automatically and immutably distributed across all physically disparate and independently managed nodes of a distributed blockchain network. To verify an identity’s digital signature, a relying party looks up the subject’s DID on a local blockchain ledger node and retrieves the immutably linked public key.

After this critical use case for blockchain technology was recognized, several open source organizations emerged to develop a global Trust over IP architecture framework and the open standards and supporting implementations. The resulting highly secure digital identity solution became known as self-sovereign identity, decentralized identity, and decentralized public key infrastructure.

In deployment, these standards and technologies take the form of small software agents and secure digital wallets installed on each participating network device. Software agents and secure digital wallets use standardized protocols and encryption to automate secured CIDs. Agents of any communicating digital force automatically establish a secure channel (exchange of public keys in pairs) and then use the encrypted channel to exchange cryptographically verifiable claims about their identities, capabilities, and data via small, lightweight, machine-readable, schema-defined digitally signed, verifiable credentials. Verifiable credentials are issued to digital forces (representing people, organizations and thing entities) by recognized trusted and authoritative issuers registered on a blockchain ledger. Verifiers of a verifiable credential look up the issuer’s DID on the blockchain, retrieve the associated public key, and confirm the issuer’s digital signature on the verifiable credential.

The CID is performed by agents when they validate the signatures of exchanged verifiable credentials and use the attributes to perform mutual identification, authentication, and authorization. Once the trusted CID is completed, devices use the established trust relationship to perform various use cases.

For example, a sensor device passes collected images to its controller over a complex multi-hop path. Because the sensor and its controller maintain each other’s relationship-specific identifier tied to its public key, sensor data and controller acknowledgments are all digitally signed and end-to-end encrypted between devices, regardless of any encryption at the transport level. The receiving controller has full assurance that the image data comes from the trusted sensor and has not been tampered with. The sensor has a high guarantee that the trusted controller actually received it.

The sensor may also contain in its wallet non-identifying types of verifiable credentials stating various claims about the sensor itself, such as the resolution certified by a camera manufacturer. That way, the controller could make better decisions about how best to use that sensor. For example, if the camera only shot wide-angle images, the controller wouldn’t try to give it a collection task that requires a zoom capability.

The value for you

Blockchain-backed decentralized identity open technologies and standards can provide military decision-makers with a digital forces CID reliable enough to trust collapsing information stovepipes, automating high-value decision-making and separating command from control to the extent necessary to significantly shorten the kill chain.

Tim Olson is a leading client engineering solutions architect for IBM. You can contact him on LinkedIn:

The views expressed in this article should not be construed as official or reflect the views of AFCEA International.