For Invisible Border Control, Start with Old-School Security Protocols

Blockchain has been in the news for a novel reason lately: several countries are working to use this technology as a means of easier, invisible border control

Travelers and goods could cross borders faster, sometimes without even stopping, as blockchain-enabled security verifies their identities and loads.

It’s an innovative use of blockchain that could help solve a real-world issue, but this technology must not be touted as the panacea for all security ills. Instead, it should be the last step of a series of security controls in every business use-case.

It would be a mistake, and one that has been oft-repeated in history, to put excessive confidence in one specific technology to address complex security issues. While distributed ledger technology (DLT) does enable multiparty trust, digital signatures offered equivalent security 25 years ago when implemented appropriately and securely. However, that powerful technology remains sidelined today, despite the overwhelming and expensive adoption by banks, enterprises and government agencies in the mid-‘90s. Companies and governments would be well-advised to eliminate far more significant risks in their infrastructure before investing in DLT.

The 2016 Bangladesh Central Bank robbery clearly illustrates what happens when an organization fails to implement basic, well-known security standards. The

The Society for Worldwide Interbank Financial Telecommunication (SWIFT)

network did not use, or enforce, strong authentication – a security control mandating the use of public key cryptography combined with external authenticator devices, such as smartcards, with secure cryptographic hardware – for user logins for interbank transfers across countries, when public key infrastructure (PKI) has been around since 1996. Additionally, SWIFT neither required non-repudiable digital signature authorizations for international wire transfers, nor from at least two authorized users for transfers exceeding $1 million.

Another failure rests squarely in the lap of the Federal Reserve Bank at New York City, which failed in enforcing strong authentication and authorization controls for international wire-transfers on its depository accounts from SWIFT, and in not requiring

a verification transaction (based on a non-repudiable digital signature) from an authorized signatory at its customer for transactions exceeding a certain amount.

All this to say that even if these banks had been using blockchain, it would not have prevented this heist.

There are many benefits to creating better border controls, but countries that want to do so need to build a strong foundation of basic security controls before jumping into blockchain. To begin with, they should eliminate all forms of “shared secret” authentication for human users: passwords, one-time pins, short message service codes and knowledge-based authentication. These forms of authenticating a human through a secret shared by the human and the computer— a technology invented more than 50 years ago—represents the single largest vulnerability in systems today.

For two decades, the most advanced form of authentication has been the form based on public key cryptography. It is now resurging with simpler, stronger authentication through the FIDO Alliance, a non-profit standards group. FIDO is an acronym for “Fast Identity Online,” and the Alliance’s goal is to eliminate passwords from the internet through the use of cryptographic protocols. These protocols include Universal 2nd Factor, Universal Authentication Framework for mobile apps and FIDO2, which incorporates the Web Authentication application programming interface standardized by the World Wide Web Consortium. FIDO2 is capable of working on all types of platforms: desktops, laptops, mobile devices, etc.

As countries consider how to deploy invisible border control, they are considering using biometric data such as facial scans for “enhanced licenses” that would verify the identity of delivery drivers at border crossings. While biometrics certainly appear to make the user’s authentication experience easier, it doesn’t necessarily make it more secure. Without an appropriate implementation that preserves the user’s biometric information on local authentication devices (as opposed to network servers), the theft of such data is irreparable – not to mention that these might now violate multiple privacy laws in many nations. The use of biometric technology combined with a FIDO protocol for strong authentication, in which the biometric data remains on the user’s local device rather than being sent to the border patrol website, is a much more secure option that is designed to protect the user’s privacy.

To minimize the risk of data breaches, the application layer is the only layer of technology within a computer that should be permitted to encrypt and decrypt sensitive information. So then, a second main point for implementers of border control security is that they should encrypt sensitive data within the application to ensure confidentiality. The encryption should be supplemented by secure key-management techniques using dedicated cryptographic hardware such as the Trusted Platform Module – a low-cost, high-security chip designed over a decade ago. Lack of such basic security controls led to breaches at thousands of companies over the last 15 years, including the U.S. Office of Personnel Management, Uber and Marriott.

It would also be wise to add integrity controls to transactions through the use of digital signatures, given the fact that completely new systems are being created to support invisible boundaries. Not only are such transactions independently verifiable without the use of blockchain, but subtle, yet sophisticated attacks are possible when such security is not in place. Transactions may be modified before they get on a blockchain, leading the DLT to falsely assert the modified transaction as being true – thus reaffirming the age-old principle of computing: garbage in, garbage out.

These fundamental elements of security should be in operation before blockchain is considered. Blockchain’s main technical capability is in preserving an immutable record of transactions within a “ledger” of sequential transactions that can be viewed across ecosystems by many participants. As a consequence, the primary business benefit it delivers is “transaction transparency” and faster settlement of multiparty transactions. To confuse this benefit with the foundational security benefits of strong-authentication, data confidentiality and data integrity is to put the cart before the horse.

Blockchain holds promise for smoother travel between countries as well as a multitude of other use cases. However secure it may be in itself, it cannot stand alone. Nations and companies alike must have certain long-established but still-ignored security controls in place before implementing blockchain. Otherwise, they could end up with an expensive failure on their hands.

About the Author

Arshad Noor is the CTO of StrongKey, a Silicon Valley and Durham, NC based company focused on securing data through strong authentication, encryption, digital signatures and key management. He has 32 years of experience in the Information Technology sector, of which, more than 19 were devoted to designing and building key-management infrastructures for dozens of mission-critical environments around the world. He has been published in periodicals and journals, as well as authored XML-based protocols at OASIS and represents StrongKey at the FIDO Alliance. He is also a frequent speaker at forums such as RSA, ISACA, OWASP and the ISSE.