The global and independent platform for the SAP community.
Cover story 18-03, MAG 18-03

Blockchain - the data protection problem

Blockchains cannot, in principle, be used for trustworthy processing of private data. It is true that "trustworthy" is one of the central blockchain attributes. But when it comes to the attribute "private," the technology must capitulate by definition.
Andreas Goebel, Camelot
22 February 2018
Content:
Blockchain - the data protection problem
avatar
This text has been automatically translated from German to English.

Data within a blockchain network is never private to begin with, but can be read by other participants in the network. Trusted computing appliances can be used to counter this substantial problem.

There are use cases where the trustworthy processing of private data is not possible with today's blockchains. This is particularly problematic if intellectual property is to be protected while at the same time accelerating existing manual processes accompanied by appraisers and notaries.

Examples of such processes are the communication of regulated food additives in the consumer goods industry or substance control in the context of drug approval. But why can't blockchains be used today for trustworthy processing of private data?

After all, "trustworthiness" is at the top of the list of advantages of this technology. The sticking point is the "private" nature of the data to be processed.

In the classic sense, data within a blockchain is never private, i.e. always readable by other participants in the network. If the data is encrypted before it is sent to the blockchain, it can no longer be processed using smart contracts.

Unless, of course, the smart contract were to decrypt them. However, the decoding key required for this would then again be visible to all participants.

Hyperledger technology attempts to solve the visibility of data through so-called channels, which certain participants in a blockchain network can share. However, depending on the complexity of the relationship networks, this approach quickly becomes confusing and uneconomical.

Also, especially in the manufacturing industry, there is very strongly protected intellectual property, which must never leave the company network - especially not in the direction of a decentralized system, over which the owner does not have complete control. One possible solution to provide more data protection is offered by Camelot ITLab with the Trusted Computing Appliances.

Graphic Camelot 1803
Camelot Trusted Computing Appliance: Trusted processing of private data in connection with a blockchain network.

Additional services Trusted Computing Appliances

The concept works as follows: The secret data is only stored locally by the owner, but registered on the blockchain by hash value. This rules out the possibility of the owner manipulating the data in his favor at any time.

All parties agree on an algorithm (program) that is allowed to process the private data, for example, a simple matching of two lists and the return of the intersection (intersection).

Optimally, the distribution of the program to the involved parties is also done via blockchain mechanisms. After execution of the program, the return value (the intersection) may be distributed to the relevant counterparties via the blockchain.

Now, this approach poses the following danger: Since the program runs on the infrastructure - the PC or server - of the data owner, the latter could manipulate the program itself and thus falsify the return value that reaches the blockchain in his favor.

This is where trusted computing comes into play: it prevents the manipulation of local programs as well as the influencing of running processes of these programs by measures firmly anchored in the processor.

Thus, the trusted computing appliance enables the operation of "off-chain smart contracts" because they run locally, but still in a trusted environment. The previously mentioned programs that all participants in the network agree on are called "trustlets" at Camelot, and the trusted environment in the current service version is Intel SGX (Software Guard Extension).

The biggest challenge in developing the trusted computing service was to secure the insecure area between the blockchain and the trustlets. This was achieved with the help of a coherent concept that describes onboarding mechanisms that work by means of voting machines and data integrity through digital signatures.

The blockchain to be used is in principle freely selectable. Camelot's reference implementation uses Hyperledger Fabric within the SAP Blockchain as a Service offering.

In addition to processing protected data, the technical use cases include, for example, so-called inter-blockchain data exchange, i.e., the secure transfer of transactions from one blockchain technology to another, as well as the insertion of data from secure data sources into a blockchain network.

The trustlets are exclusively code compiled at Camelot. However, script language interpreters are also planned for the next version of Trusted Computing in order to be able to distribute the algorithms in real time.

This shows that this environment still holds a high potential for optimization and further development, which meets a great demand in the market.

https://e3magpmp.greatsolution.dev/partners/camelot-itlab-gmbh/

Download as PDF only for members. Please create an account Here

avatar
Andreas Goebel, Camelot

Andreas Göbel is Head of Center of Digital Innovation at Camelot ITLab.


All articles of the author

Write a comment

Aleph Alpha and the Innovation Park Artificial Intelligence (Ipai) Conduct Cutting-edge AI Research

Precisely Extends AWS Solution with Support for IBM

SAP Man in Davos

Work on SAP Basis is crucial for successful S/4 conversion. This gives the so-called Competence Center strategic importance among SAP's existing customers. Regardless of the operating model of an S/4 Hana, topics such as automation, monitoring, security, application lifecycle management, and data management are the basis for the operative S/4 operation. For the second time already, E3 Magazine is hosting a summit in Salzburg for the SAP community to get comprehensive information on all aspects of S/4 Hana groundwork. With an exhibition, expert presentations, and plenty to talk about, we again expect numerous existing customers, partners, and experts in Salzburg. E3 Magazine invites you to Salzburg for learning and exchange of ideas on June 5 and 6, 2024.

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Tickets

Early Bird Ticket - Available until 29.03.2024
EUR 440 excl. VAT
Regular ticket
EUR 590 excl. VAT

Secure your Early Bird ticket now!

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.