Cryptocurrency & Blockchain Business
Babar Mahmood

Deploying Blockchain and Smart Contract based Solutions

Share on facebook
Share on twitter
Share on linkedin
Share on telegram
Share on whatsapp
Share on pocket
Share on vk
Share on reddit

As discussed before, the blockchain-based solution is built to provide strong integrity and independent verifiability. An exception to the independent verifiability is private blockchain solutions. In this part, we discuss both of these technological dimensions and detail their applicability and limitations.

Public distributed blockchain provides the most robust integrity assurance and independent verifiability feature. Deploying a service on a public distributed blockchain has to take into consideration:

  1. The benefit the deployed service would like to gain from the blockchain (smart contract) technology.
  2. What information the deployed service would push onto the blockchain. There is a limitat of how much information can be contained in a single block. So, considering blockchain as a repository will not be an excellent design solution.
  3. Information pushed on to blockchain should go through privacy-preservation analysis. Any information put on the public distributed blockchain will be openly accessible.
  4. Cost of blockchain usage. Putting information on the blockchain has an associated cost. This cost is incurred by the charges that the block miner requires. In some instances, it is referred to as the GAS charges.
  5. There is a delay between the data being pushed to the blockchain, and it is becoming part of the chain. This delay is the time that it takes a miner to mine the block and append it to the blockchain. The actual duration is dependent on which blockchain network the organisation is using and how much it is willing to pay for mining individual blocks.

For any organisation considering blockchain technology, a thorough consideration of what competitive benefit it will give has to be clear. For example, in healthcare services, putting patient data onto the blockchain is impractical but also violates privacy requirements. Therefore, a potential architecture might use blockchains for integrity protection. Now the challenge comes whether healthcare organizations would like to push each and every event in their system to the blockchain or build an overall database integrity value and push that to the blockchain. In specific deployments, the Merkel trees are being used to generate internal integrity values of the database, and the root of the Merkel trees are then pushed to the blockchain.

Now the primary question is what benefit the integrity value pushed on the blockchain will provide to an organization, In case of the healthcare provider for their internal organisation, they might get the benefit of data integrity assurance. It is difficult to see how individual consumers will benefit from this unless the healthcare service provides a portal for individual users to see what information the organisation holds about them and the associated integrity proof on the blockchain. Such services are technologically possible but do not have the necessary traction in the industry yet.

The enforcement of the General Data Protection Regulation (GDPR) in May of 2018 might bring some innovative and unique technological services where consumers get more features to view what data an organization holds about them and how they use it in near real-time. In such a service, if even deployed, blockchain has to provide a firm assurance to the consumer that their stated information is accurate. How blockchain technology improves data management and consumer privacy is an open question, and there is no easy answer to this other than speculations.

One group of services where blockchain might provide strong technical support is the liability assertion between organzsations. For example, company A gains some services from company B. In this arrangement, company B assures company A that all necessary technological precautions will be carried out to provide the services that might include security, data privacy and quality of services assurances. Let’s assume that at some later time, company B is compromised due to unforeseeable conditions that impacted the service provided to company A. In this scenario, company B can give the log files with blockchain integrity to show/prove that it has taken all necessary precautions whether required by the auditors, courts under GDPR or company A.

Coming to the second deployment option, the private blockchain is helpful for an organization’s internal auditing. However, this blockchain has limited usefulness as an independently verifiable piece of information. Why? Merely the deploying organization can re-generate the blockchain whenever they desire. However, the positive of such a solution is:

  1. Organizations can put as much information as they require on the blocks as these can be designed to the organisation’s requirement.
  2. There is no GAS usage; efficient blocks can be generated by the organization itself without relying on miners or mining restrictions.
  3. Blocks can be appended to the chain without any discernible delays.

What type of blockchain as an organization one should deploy is depended on multiple aspects that might include:

  1. What benefit an organization is actually looking to gain from blockchain technology
  2. What technological or business problem or competitive advantage they desire
  3. What goals deployment of blockchain will help them achieve

Based on the answer to the above aspects might make it clear whether an organization should look for public or private blockchains. One thing has to be clearly understood: blockchain does not solve all of the issues primarily related to security and privacy. It is a robust integrity mechanism, and if your organization is looking for a solution that requires integrity proofs, blockchain might be a potential option.

In this next part, we will look into what are the limitation of the current blockchain technology is and how they might impact any potential service deployments.

If you enjoyed this article please share it for others to read

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on reddit
Reddit
Share on telegram
Telegram
Share on whatsapp
WhatsApp
Share on pocket
Pocket
Share on email
Email
Share on vk
VK
Babar Mahmood

Babar Mahmood

Babar is Cyber Security Consultant at Tripwire, serving clients globally through his company. Babar has more than 15 years of experience in different Information Security domains, especially in risk management, compliance, auditing and privacy. He has a M.Sc. in Information Security as well as CISSP, CISA, CISM, and other security and professional certifications. Babar’s primary focus is on management and technology issues in industry focusing on risk and security. Babar is a writer, speaker, and enjoys spending his time educating people on different aspects of security.

Leave a Reply

 

 

 

News by Month
Scroll to top