Blockchain explained

Blockchain as a cross-domain security solution

Share this post:

By design, a blockchain business network securely shares information between different organizations by distributing ledger transactions to peer nodes located throughout the business network, including nodes physically located within a competing organization’s security environment and domain. The same blockchain security design features that enable these secure cross-organizational information transfers are also ideally suited to ensure the safe, efficient and cost-effective transfer of information across different government and military network security domains — for example between classified and unclassified military networks.

The big idea

The security controls and assured sharing inherent to The Linux Foundation’s Hyperledger Fabric hosted on high assurance off-the-shelf hardware infrastructures, can provide secure, timely and consistent end-to-end sharing of information within and across disparate security domains. A blockchain-based cross-domain solution is likely to be less complex, more effective and less expensive than traditional, special-purpose cross-domain guards when mitigating the high stakes security risks of cross-domain information transfer.

Deploy the IBM Blockchain Platform across multiple environments

The security challenge

Public, private, government and military organizations classify, label and protect information commensurate with the security risk it poses if disclosed without authorization. For example, unclassified information poses no risk if disclosed while inadvertent disclosure of top secret information could be expected to cause exceptionally grave damage. The most rudimentary form of protection is segregating information of different security levels on completely separate IT infrastructures and communication networks. These separate networks, however, hinder day-to-day work because typically real-world work and business processes require accessing and exchanging information at varying classifications.

Traditionally, highly specialized IT systems known as cross-domain guards sit at the boundary of each security domain reading files from a designated source location in one security domain and applying a pre-approved filter for that specific source to each file. These filters and controls verify the integrity and contents of the file to satisfy security policies then write the file to a designated target location in the other security network. These cross-domain data flows are either low-to-high — lower security classifications to higher ones — or high-to-low.

The concern for low-to-high guards is preventing the introduction of dangerous computer files like viruses or malware, and preventing a reverse flow of data. The chief concern for high-to-low guards is preventing unauthorized leakage of higher classification data to the lower classification network. High-to-low data transfer rates and volume are typically much slower and smaller than low-to-high because the data must be manually verified as appropriately classified prior to sending to the lower classification network.

Traditional cross-domain solutions (CDS) are expensive due to lengthy and complex approval and implementation processes, and specialized equipment and skill sets. Any changes to a data flow also require extensive, expensive, and lengthy approval and implementation processes. These frictions inherent to traditional CDS’s hinder effective and timely information sharing.

The blockchain solution

In a blockchain network, the role of cross-domain guard would be performed by a blockchain network peer installed on a high assurance platform, referred to as a High Security Business Node (HSBN). Data movement within the distributed cross-domain blockchain business network takes the form of cryptographically secured transactional updates to a shared ledger held by each node in a specific members-only channel of the business network.

The other peer nodes of the blockchain business network reside in one or the other security domains, either high or low, receiving the protected blocks of endorsed ledger transactions. Endorsed ledger updates to peers located on the opposite security domain occur via the border HSBN to provide assurance that the Blockchain-provided security controls cannot be bypassed or overridden.

The value to you

A blockchain cross-domain solution reduces frictions to your information exchange process and improves accessibility, accountability and traceability of information exchange.  Specifically, it provides:

A single shared view of each asset throughout its life cycle regardless of the network domain.

In a standard cross-domain guard, there is no way to ensure the information residing on each side of the guard remains in sync over its lifecycle. The scope of the guard’s visibility and control is limited.

Auditable control and oversight of asset information throughout the life cycle.

The shared ledger provides a definitive, unalterable record of what was shared and by whom, even across network security domains. This eliminates trying to track and tie together the separate guard-only data flows.

Information sharing rather than merely moving data.

Data controls and sharing occur naturally and directly via the shared ledger as part of the normal blockchain business network. A traditional guard merely moves data.  Extending information sharing to other security domains is easily done by deploying additional HSBN-hosted nodes and channels.

Reduced cost with higher security.

The technology leverages commercially maintained open source blockchain rather than proprietary, one-off, special-purpose, limited market guard technologies. A larger user base translates to more demand, faster detection of shortcomings, and shorter innovation and repair cycle.

Explore more about how blockchain can be deployed as your cross-domain solution through the IBM Developer.

I look forward to more great conversations on the advantages of blockchain as a cross-domain solution.

Learn more about blockchain today

Certified Distinguished IT Architect, The Open Group

More stories

Helping artists sleep at night: Digital rights management with blockchain

Like many of you, my family and I have used the stay-safe-at-home months to re-bond with our TV, and the vast array of mini-series, movies, and other options for viewing in the evenings and on the weekends. We have also had to navigate content disappearing or moving from one content provider to another. A little […]

Continue reading

Blockchain tokenization in enterprises and beyond

Blockchain tokens are the digital representation of complete or shared ownership in anything of value. Blockchain tokens are commonly leveraged in payments and settlements between participants. The tokens also enable representation of multi-party ownership of an indivisible asset, such as a work of art, and ease the exchange of such ownership between parties in a […]

Continue reading

Looking past the industrial future with AI, IoT and blockchain

The industrial future lies ahead with rapid transformation through high-end technologies like AI, IoT, and blockchain. But what makes these technologies so distinct is their outstanding ability to automate the entire infrastructure. It becomes easier and smarter for you to supervise the industrial processes in detail. Also, with the rapid increase in globalization, product complexities, […]

Continue reading