The global and independent platform for the SAP community.

Blockchain - the data protection problem

Blockchains cannot, in principle, be used for trustworthy processing of private data. It is true that "trustworthy" is one of the central blockchain attributes. But when it comes to the attribute "private," the technology must capitulate by definition.
Andreas Goebel, Camelot
22 February 2018
Blockchain - the data protection problem
avatar
This text has been automatically translated from German to English.

Data within a blockchain network is never private to begin with, but can be read by other participants in the network. Trusted computing appliances can be used to counter this substantial problem.

There are use cases where the trustworthy processing of private data is not possible with today's blockchains. This is particularly problematic if intellectual property is to be protected while at the same time accelerating existing manual processes accompanied by appraisers and notaries.

Examples of such processes are the communication of regulated food additives in the consumer goods industry or substance control in the context of drug approval. But why can't blockchains be used today for trustworthy processing of private data?

After all, "trustworthiness" is at the top of the list of advantages of this technology. The sticking point is the "private" nature of the data to be processed.

In the classic sense, data within a blockchain is never private, i.e. always readable by other participants in the network. If the data is encrypted before it is sent to the blockchain, it can no longer be processed using smart contracts.

Unless, of course, the smart contract were to decrypt them. However, the decoding key required for this would then again be visible to all participants.

Hyperledger technology attempts to solve the visibility of data through so-called channels, which certain participants in a blockchain network can share. However, depending on the complexity of the relationship networks, this approach quickly becomes confusing and uneconomical.

Also, especially in the manufacturing industry, there is very strongly protected intellectual property, which must never leave the company network - especially not in the direction of a decentralized system, over which the owner does not have complete control. One possible solution to provide more data protection is offered by Camelot ITLab with the Trusted Computing Appliances.

Graphic Camelot 1803
Camelot Trusted Computing Appliance: Trusted processing of private data in connection with a blockchain network.

Additional services Trusted Computing Appliances

The concept works as follows: The secret data is only stored locally by the owner, but registered on the blockchain by hash value. This rules out the possibility of the owner manipulating the data in his favor at any time.

All parties agree on an algorithm (program) that is allowed to process the private data, for example, a simple matching of two lists and the return of the intersection (intersection).

Optimally, the distribution of the program to the involved parties is also done via blockchain mechanisms. After execution of the program, the return value (the intersection) may be distributed to the relevant counterparties via the blockchain.

Now, this approach poses the following danger: Since the program runs on the infrastructure - the PC or server - of the data owner, the latter could manipulate the program itself and thus falsify the return value that reaches the blockchain in his favor.

This is where trusted computing comes into play: it prevents the manipulation of local programs as well as the influencing of running processes of these programs by measures firmly anchored in the processor.

Thus, the trusted computing appliance enables the operation of "off-chain smart contracts" because they run locally, but still in a trusted environment. The previously mentioned programs that all participants in the network agree on are called "trustlets" at Camelot, and the trusted environment in the current service version is Intel SGX (Software Guard Extension).

The biggest challenge in developing the trusted computing service was to secure the insecure area between the blockchain and the trustlets. This was achieved with the help of a coherent concept that describes onboarding mechanisms that work by means of voting machines and data integrity through digital signatures.

The blockchain to be used is in principle freely selectable. Camelot's reference implementation uses Hyperledger Fabric within the SAP Blockchain as a Service offering.

In addition to processing protected data, the technical use cases include, for example, so-called inter-blockchain data exchange, i.e., the secure transfer of transactions from one blockchain technology to another, as well as the insertion of data from secure data sources into a blockchain network.

The trustlets are exclusively code compiled at Camelot. However, script language interpreters are also planned for the next version of Trusted Computing in order to be able to distribute the algorithms in real time.

This shows that this environment still holds a high potential for optimization and further development, which meets a great demand in the market.

https://e3magpmp.greatsolution.dev/partners/camelot-itlab-gmbh/

avatar
Andreas Goebel, Camelot

Andreas Göbel is Head of Center of Digital Innovation at Camelot ITLab.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
KurfĂĽrstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.