On Monday, March 20, 2017, Novetta presented a pair of tech talks at the Jailbreak Brewing Company in Laurel, Maryland. Their topics were the blockchain, Ethereum and graph databases. The security use cases of these technologies are likely to be of broad interest. (Of narrower interest at the event itself was Novetta's use of the blockchain to run its raffle for several door prizes, which was a pleasant and interesting way to demonstrate the technology.
Blockchain's security potential: a new trust model
Corey Petty (a blockchain developer at Novetta) delivered the first presentation. Blockchain, in his view, offers a new trust model. "The traditional trust model requires you to trust the people from the business you're interacting with," he noted. "The legacy model is fast and cheap, but it requires third-party mediation with a central point of failure."
By way of contrast, Petty explained, blockchain offers several advantages: peer-to-peer transactions, built-in evidence of tampering, built-in transfer value, and a central source of truth. On the con side, blockchain technology is relatively slow and expensive. On its way to wider adoption, the technology still needs to surmount knowledge gaps and overcome difficulties with interoperability.
The blockchain is a permanent public record of all transaction data in a distributed public ledger. It offers digital ownership, verifiable records (mathematically backed), built-in authenticity, and auditing. While the blockchain application most people have become familiar with is Bitcoin, after his introductory remarks Petty moved to a discussion of Ethereum, which he characterized as the next iteration of the blockchain.
Unlike Bitcoin, Ethereum has application outside of funds—it can be used to secure software, applications. Essentially a system of smart contracts (not legally binding contracts, but contracts that enable developers and users to take advantage of the immutability and transparency of the blockchain's new trust model), Ethereum can be thought of as a robot with a certain defined functionality.
Applications can now use the blockchain as a backend instead of relying on a traditional infrastructure. "Every app on a blockchain network like Ethereum speaks the same language as every other app," Petty explained.
We're seeing a spectrum of blockchain trust models emerge, he noted. These run from public, through consortium, to private blockchains. The atomic unit of any blockchain is the transaction. Because you have to pay to change a state, Ethereum's smart contracts contain only imperative information.
The blockchain space is nascent, but it's growing rapidly, Petty said. He expects it to be here for the long haul, "to stick around." Its use cases include issuance of state identification cards, behavioral auditing, and chained authentication. Some of the notable apps its currently being used in include the completely anonymous authenticated transactions of zCash and Monero. Petty sees other important use cases in identity management, digital asset registration, supply chain management, and securing the Internet-of-things. The IoT can be thought of as a chain-of-things: we can track "lots of little things," the networked, computationally impoverished devices that make up the IoT, without requiring human intervention for controlling them.
Graph databases as an analytical tool
If Ethereum offers an alternative to the legacy trust model, graph databases offer an alternative to the SQL database. Novetta's Chris Andreason worked through several interesting use cases in which graph databases exhibit interesting relationships and correlations among the entities captured by their data.
Graph databases, Andreason argued, offer significant advantages over familiar tabular databases in terms of performance, flexibility, and simplicity to query. They're particularly attractive as applied to social networks, route planning, dependency graphing, and recommendation engines. They also have some very interesting application to analytical tasks, mapping communication networks, transaction networks, and computer networks and network activity. He closed with an interesting discussion of graph databases' promise in automating various forms of complex manual correlation.