FinTech and security – a subject that will be of great concern to the world of finance in the future. And that is precisely why I attended the 10th ISSS 2018 conference in Zurich to find out how the cybersecurity sector needs to prepare for this. As a Blockchain expert, the subjects of Distributed Ledger Technology (DLT) and Blockchain were of course of particular interest to me. I already gave you an insight into some of the talks in part one of my review. Now let’s continue with part two – and many more extremely interesting trends and insights.
Providing secure authentication as a service
What happens when you conduct research and suddenly an idea springs up with momentous potential? In terms of security, and particularly in the case of Dr. Nikolaos Karapanos, CTO of Futurae Technologies AG, a new authentication mechanism emerged. Called SoundProof, this mechanism is not based on the possession of additional hardware tokens or biometric procedures. Ambient noise is used as the second factor. This verifies that the person to be authenticated is near the device that triggered the authentication. In his talk, Karapanos described the exciting journey from laboratory to the marketing of this innovative product and the challenges faced along the way.
Finally, he gave everyone attending the talk, whose core business was not security, some important advice: Cybersecurity-related matters should be delegated to security firms who only deal with security issues. After all, even companies that operate cybersecurity in house can never keep pace with the knowledge and know-how of experienced, specialist cybersecurity experts. And it is precisely this expertise that is the key to the successful cybersecurity of the future.
Cybersecurity in Crypto Valley
In addition to being Head of Cyber Security Services in the Data Protection and Technology Risk department of KPMG Switzerland, Matthias Bossardt is also Chair of the new Crypto Valley Association security working group. This new working group was founded in March 2018 to boost confidence in DLT and promote widespread acceptance. In his talk, Bossardt presented the group’s mission along with its members and individual objectives. The mission is clear: the Crypto Valley Association wants to develop the world’s best ecosystem for DLT-based businesses in Switzerland, thereby bringing together investors, technology companies, academies and legislators. The working group currently consists of 15 Blockchain and security experts who come from various sectors academically and professionally. These include Basis-ID, ChainSecurity, Lucerne University of Applied Sciences and Arts, IBM, ISSS, KeepCrypt, KPMG, Liquidity.Network, Luxsoft, SIX Group, Smart Valor, Validity Labs, WiseKey and us – InfoGuard.
Who does a bitcoin belong to?
The talk by Luzius Meisser, founder and board member of the Bitcoin Association Switzerland centred around answering this tricky question. This is not only necessary for many legal issues, it also has regulatory consequences for companies active within the sector. Meisser presented a solution that he has developed together with other experts within the regulatory working group. The key here was the definitions of the terms power to dispose and right of disposal, similar to ownership and possession ‒ only this time applied to cryptocurrencies.
My own personal highlight was not the answer to this question however. Meissner used an extremely interesting analogy to explain bitcoin and the underlying technology very simply to lay people. Cue Rai, also known as the stone money of Yap. Yap? I know, I wondered the same thing! Yap is the main island in the group of Yap Islands located in the western Pacific Ocean approximately 1300 km away from New Guinea. In the picture on the right, you will see huge pieces of stone which are used there for everyday transactions. Because of their weight, these stones are never moved however. Everyone on the island knows who the stone pieces belong to because word spreads about the transactions across the island.
Since the stones are never moved, they can be omitted completely – just like bitcoins. Everyone remembers what the others have. Similarly, the Blockchain ensures that everyone is aware of all transactions. What a brilliantly simple way to explain Blockchain!
Blockchain technology for secure data management and cybersecurity
Dr. Daniel Burgwinkel, Partner at the Competence Centre for Records Management GmbH, published one of the first German-language books on the subject of Blockchain. He is also a Blockchain lecturer at the FHNW University of Applied Sciences and Arts Northwestern Switzerland, Lucerne University of Applied Sciences and Arts and Kalaidos University of Applied Sciences. When he wrote a thesis on “Digital contracts = smart contracts” at the University of St. Gallen in 2003, barely anyone was interested in DLT/Blockchain yet. And that, even in spite of the fact that the fundamental components, such as hash trees, the chaining of timestamps and smart contracts had already existed for 30 years as illustrated below.
This technology’s potential thus lay dormant and was just waiting for its first major appearance, which happened in 2008 in its incarnation as Bitcoin. In the first part of his talk, Burgwinkel focussed on three practical examples of how DTL/Blockchain technology is being used effectively today. The first example showed how the Estonian government is using this technology to secure its eGovernment and eHealth systems. In the second example, DLT was being used as a tool to safeguard the supply chain for hardware, software and data within aviation. The world’s first Blockchain platform for insurance in sea transport, which was started by A.P. Moller-Maersk, was the last example.
Part two focussed on the model developed by Burgwinkel himself, the so-called 3-colour business model. The model is used as a guide to using DLT in in-house projects. While green represents optimising the existing business models, blue represents disruption and thus eliminating intermediaries, middlemen, exchanges, etc. Red, on the other hand, symbolises the love of creation and thus the creation of new products within the crypto world.
FinTech and security – what’s next?
Technologies come and go in our increasingly complex world. From personal experience I can confirm that people fall for one or other technology and lose sight of the bigger picture. People also like to look away and ignore or accept fatal weaknesses. DLT is a prime example of this. We, as security experts, see the problems and discuss these with one another as well. That is why it is of the utmost importance for us to not only do this together, but also to open up our security landscapes and talk about these issues across the industry. Again and again security is labelled an expensive show stopper. That is clearly the case when wishing to launch a new product on the market that very little thought has been given to security throughout the entire production life cycle. There is another solution though – keyword: Security by Design.
InfoGuard Distributed Ledger Technology / Blockchain Security Service
You will find: eventually it will be impossible for any company to get around it, regardless of whether Distributed Ledger Technology, the Internet of Things or tomorrow’s new technology X is adopted. Security is, and will remain, the basis of a sustainable and long-lasting business model. The benefits of the built-in features such as decentralisation, traceability, transparency and high cost effectiveness give DLT is "raison d’être". The result however is new security requirements that need to be faced. Are you ready to tackle them correctly?
We know how it works! My team and I will advise and support you in various areas.
You can find more detailed information along with some interesting blog posts about DLT/Blockchain here:
Picture 1: stone money of Yap (http://zinni-online.de/Mikronesien_2010/index.html)