The Defense Advanced Research Projects Agency (DARPA)
is looking into an implementation of the blockchain
that could fundamentally alter how sensitive military systems are secured.
06 DEC 2018
DARPA is known for seeing futures first, and then making them real. The Pentagon’s blue sky projects agency laid the groundwork for everything from the internet to driverless cars, and continues to explore the edges of technologies such as battlefield autonomy and paradigm-shifting cheap space launches. All of which makes a recent DARPA request for information on blockchain almost an indictment of the technology itself. If DARPA can’t figure out a responsible, value-generating use for blockchain, who can?
People or organizations with ideas about how the national security community can use blockchain (or, as DARPA puts it, “permissionless distributed consensus protocols”) are invited to respond to the request until Dec. 20, and if selected, may present their ideas at a workshop in February.
So what, exactly, is DARPA looking for? The most common use case for a blockchain is in cryptocurrency, like bitcoin. The cryptographic protocol creates a ledger, which tracks the full record of transactions and makes it extremely difficult to falsify improperly generated inputs. (I find this explainer in comic form helpful). In the coin iteration, these units are then exchanged as a kind of currency, though the variability of price at a moment makes it something more like an unstable commodity than a reliable store of value.
But DARPA is steering clear of currency-like uses. Currency has been a natural outgrowth of blockchain technologies because it provides the clearest incentive for many people to maintain a distributed ledger: keep running the computers doing the math to track cryptocurrency exchanges, and the exchange will periodically reward one ledger maintainer with new units of currency. (Commonly, this is what “mining for bitcoin” means, and it uses enough computing power to have its own trackable environmental impact).
Stay with me.
Rather than wade into the world of cyrptocoins, DARPA is side-stepping it, which means one of the big challenges for any blockchain application they might find value in is encouraging people to use it. The request specifies that “ all means of rewarding participants (e.g., giving them access to computing resources) also constitute a transfer of value; such transfers are within scope of this topic as long as rewards do not consist of money.” So one possible way to distribute the ledger may literally be distributing the ledger, giving people computers to use and maintain on the condition that they keep the ledger program running.
The second topic for DARPA’s blockchain workshop is no less ambitious than the first. DARPA’s looking for methods that can combine economic notions of utility with the computer science world’s understanding of protocol participants as “honest” or “malicious.” If someone has an idea about how people seeking to maximize their benefit from the use of an open ledger can be kept from acting maliciously in that space, DARPA is all ears.
Finally, DARPA is also looking for analysis of the way that distributed protocols tend to centralize, and the vulnerabilities that this centralization can bring. In the case of existing blockchain cryptocurrencies, for example, it is third-party services that manage the cryptocoins of others through password-gated systems that are often hacked and stolen from. Ways to anticipate centralization and mitigate the risks could help keep a blockchain system as secure as the individual pieces in it.
With so much uncertainty, vulnerability, and weirdness baked into the concept, it’s hard to imagine the exact utility DARPA wants to get from blockchain. And that’s partly the purpose of the workshop. Acknowledging that this technology has undergone real refinement and development thanks to blockchains and cryptocurrency, the agency is keeping an open mind about what, if any, function the military can glean from this work.
“These technologies have dramatic implications for the security and resilience of critical data storage and computation tasks, including for the Department of Defense ” read the request. “At the same time, the concrete applications and security of these technologies for the DoD is unclear.”
Even the US military is looking at blockchain technology—to secure nuclear weapons
Blockchain technology has been slow to gain adoption in non-financial contexts, but it could turn out to have invaluable military applications. DARPA, the storied research unit of the US Department of Defense, is currently funding efforts to find out if blockchains could help secure highly sensitive data, with potential applications for everything from nuclear weapons to military satellites.
The case for using a blockchain boils down to a concept in computer security known as “information integrity.” That’s basically being able to track when a system or piece of data has been viewed or modified. DARPA’s program manager behind the blockchain effort, Timothy Booher, offers this analogy: Instead of trying to make the walls of a castle as tall as possible to prevent an intruder from getting in, it’s more important to know if anyone has been inside the castle, and what they’re doing there.
A blockchain is a decentralized, immutable ledger. Blockchains can permanently log modifications to a network or database, preventing intruders from covering their tracks. In DARPA’s case, blockchain tech could offer crucial intelligence on whether a hacker has modified something in a database, or whether they’re surveilling a particular military system.
“Whenever weapons are employed … it tends to be a place where data integrity in general is incredibly important,” Booher says. “So nuclear command and control, satellite command and control, command and control in general, [information integrity] is very important.”
This September, DARPA, which stands for Defense Advanced Research Projects Agency (the agency helped create the internet, among other things), awarded a $1.8 million contract to a computer security firm called Galois. The firm’s assignment is to formally verify—a sort of computer-code audit, using mathematics—a particular type of blockchain tech supplied by a company called Guardtime. Formal verification is one way to build nearly unhackable code, and it’s a big part of DARPA’s approach to security.
If the verification goes well, it would inch DARPA closer to using some form of blockchain technology for the military, Booher says. “We’re certainly thinking through a lot of applications,” he says. “As Galois does its verification work and we understand at a deep level the security properties of this [technology] then I would start to set up a series of meetings [with the rest of the agency] to start that dialog.”
The prospect of the US military using a blockchain to secure critical data could spark a boom in uses of the technology outside finance. Investors poured $134 million into blockchain startups in the first quarter of 2016, according to research by trade publication CoinDesk. These firms have focused overwhelmingly on financial applications to date. But information security represents a huge new market for blockchain tech vendors, accounting for $75 billion in spending last year, and projected to hit $108 billion in 2019, according to forecasts by market research firm Gartner.
In an age of mega-hacks on corporations and political organizations, an indelible record that detects tampering has its attractions. “We want to provide an extremely high level of trust … what this work is after is the highest level possible,” Booher says, “If someone is driving a combat vehicle, flying an aircraft, commanding a satellite, we want to make sure their focus is 100% on that mission.”
DARPA may borrow blockchain tech from Bitcoin to secure military networks
You’ve probably heard about blockchain technology most often in the context of digital cryptocurrencies like Bitcoin, but the blockchain can be much more than that. In fact, the Defense Advanced Research Projects Agency (DARPA) is looking into an implementation of the blockchain that could fundamentally alter how sensitive military systems are secured. Blockchain technology could even help keep nuclear weapons safe and sound.
With Bitcoin, the blockchain is the universal record of all the transactions that take place. Although there are some ways to game the system in Bitcoin’s case, the blockchain is supposed to make sure bitcoins sent from one wallet to another are tracked and accounted for. That’s really all a blockchain is — a decentralized timeline of activity. Because of its distributed nature, it’s exceedingly difficult to modify data to hide activity, and that’s what makes blockchains so interesting in security. A centralized or distributed ledger is easier to hack.
Timothy Booher, who leads the DARPA blockchain efforts, describes the use of blockchains with the analogy of defending a castle. You can build walls higher and higher (i.e. network security measures), but people might still be able to find a way in no matter how well you think you sealed up all the cracks. It’s actually more important to know who has been inside the castle and what they did while inside the walls. A blockchain could log that sort of information, making it considerably harder to steal or modify files in a system.
In September 2016, DARPA awarded a $1.8 million contract to a computer security firm to perform testing on a blockchain implementation provided by another contractor. This process is called “formal verification,” which means using mathematical processes to ensure code operates only in the intended fashion. It’s the closest thing to unhackable code, basically.
If the verification process goes well, DARPA could move to implement blockchain information integrity monitoring in high-security military systems, like those that control surveillance satellites or even nuclear weapons. This immutable record would be able to show if any files are changed or accessed with none of the guesswork that goes on now. Agencies and companies are often not even aware they’ve been hacked until their private data shows up for sale online.
Bitcoin and other cryptocurrencies have had their problems over the years, and none of the implementations are simple enough for average consumers to use in place of regular money. It’s still mostly used in illegal transactions and niche online purchases. So, maybe Bitcoin itself isn’t going to change the world, but the blockchain technology behind it could make it a lot safer.