« NIST NISTIR 8235 (Draft) Security Guidance for First Responder Mobile and Wearable Devices | Main | 経済産業省からサイバーセキュリティ経営ガイドラインVer2.0の付録として「サイバーセキュリティ体制構築・人材確保の手引き」が公開されていますね。。。 »

2020.09.30

NIST NISTIR 8301 (Draft) Blockchain Networks: Token Design and Management Overview

こんにちは、丸山満彦です。

NISTがブロックチェーンネットワークのトークン設計・管理の概要についての文書について意見募集をしていますね。10月30日が締め切りです。

● NIST -ITL

・2020.09.29 (publication) NISTIR 8301 (Draft) Blockchain Networks: Token Design and Management Overview

・[PDF] NISTIR 8301 (Draft)


Announcement

Traditional data and operations management across organizations and on the web can involve inefficient transaction reconciliation between siloed databases, password fatigue, and single points of failure. This often results in concerns over interoperability, security, and privacy of data that affect both users and businesses.

Blockchain technology has enabled a new software paradigm for managing digital ownership in partial or zero-trust environments. It uses tokens to conduct transactions, exchange verifiable data, and achieve coordination across organizations and on the web. Data models with varied capabilities and scopes have been defined to issue tokens. By allowing for the design of programmable digital assets that can represent different forms of ownership, these models enable users to store, move, and even create value on top of shared or public digital infrastructures.

NIST announces the release of Draft NISTIR 8301, Blockchain Networks: Token Design and Management Overview, which provides a high-level technical overview and conceptual framework of token designs and management methods. The document highlights the different types of tokens and how they are held in custody. It then examines transaction management under three fundamental aspects: validation, submission, and viewability. Infrastructure tools used to develop applications that integrate blockchain networks and second layer protocols are also reviewed. Finally, the paper presents deployment scenarios and use cases for tokens before concluding with potential breakthroughs in privacy-preserving verifiable data exchange. The terminology, concepts, properties, and architectures introduced in this work can facilitate understanding and communications among business owners, software developers, cybersecurity professionals within an organization, and individuals who are or will be using such systems.

...

Abstract

Blockchain technology has enabled a new software paradigm for managing digital ownership in partial- or zero-trust environments. It uses tokens to conduct transactions, exchange verifiable data, and achieve coordination across organizations and on the web. Fundamental to this representation is that users have the ability to directly control token custody in digital wallets through public-key cryptography and to interact with one another in a peer-to-peer manner. Blockchain networks provide secure transaction reconciliation, linkage, and storage in a master record-keeping distributed ledger—forming mutually operated virtual machines. Data models with varied capabilities and scopes have been defined to issue tokens, which additional protocols can help manage while allowing for separation of concerns. Security and recovery mechanisms make it possible for users to set up self-hosted, externally hosted, and hybrid account custody models. Token transfer and collateralization can underpin more advanced operations, such as non-custodial exchanges. Scaling schemes have been developed to accommodate transactions off-chain with deferred on-chain settlement, as well as transaction submission rules to fit in with different deployment scenarios and privacy-enhancing techniques to protect user confidentiality. Software design patterns and infrastructure tools make it easier to integrate blockchain networks, wallets, and external resources in user interfaces. This document provides a high-level technical overview and conceptual framework of token designs and management methods. It is built around five views: the token view, wallet view, transaction view, user interface view, and protocol view. The purpose is to lower the barrier to study, prototype, and integrate token standards and protocols by helping readers understand the building blocks involved both on-chain and off-chain.


 

Executive Summary

Traditional data and operations management across organizations and on the web can involve inefficient transaction reconciliation between siloed databases, password fatigue, and single points of failure. This can lead to massive data leaks and abusive data collection for users and businesses.

Blockchain technology has enabled a new software paradigm for managing digital ownership in partial- or zero-trust environments. It uses tokens to conduct transactions, exchange verifiable data, and achieve coordination across organizations and on the web. Fundamental to this representation is that users have the ability to directly control token custody in digital wallets through public-key cryptography and to interact with one another in a peer-to-peer manner. Blockchain networks provide secure transaction reconciliation, linkage, and storage in consolidated, integrity-protected distributed ledgers. They form mutually operated record-keeping execution environments or virtual machines that are either application-specific, offering limited instruction sets, or general purpose, allowing smart contract execution.

These programming environments make it possible to issue tokens that represent programmable digital assets, the ownership of which is cryptographically verifiable, and to develop services to help manage them. Tokens meant to act as interchangeable units represent digital coins. Those meant to act as uniquely identifiable objects represent nonfungible assets. Protocols primarily use fungible tokens (i.e., digital coins) to build incentive and governance models for permissionless peer-to-peer networks, represent existing fungible assets, or derive new ones based on them.

Tokens can also be self-contained and use blockchain-based storage for status updates. They enable authentication and authorization methods that can be used to provide additional features for blockchain-based tokens as well as to build identity and supply chain management systems.

Open standards for token data models have been developed that define operations at the protocol level for token creation and supply/lifecycle management and at the user level for individual token transfers. These models have different capabilities and scopes, which additional token management protocols can complement while allowing for separation of concerns.

Users can securely store the private keys associated with the accounts that hold their tokens in their own wallets or entrust key storage to third-party custodians that are independent from token issuers. Smart contract vaults can enable tailored account management models with additional security and recovery features while externally maintaining persistent blockchain addresses.

Operations modify the state of the ledger by way of transactions submitted to the blockchain, which provides reconciliation but requires making tradeoffs between decentralization, scalability, and security. Parallel transaction processing and off-chain scaling schemes have been developed to increase transaction throughput. State channels and sidechains allow transaction processing to be offloaded away from the root blockchain. By attaching agreed-upon and self-enforceable conditions to deposit contracts, tokens can be exchanged with one another while users remain in control of the private keys at all times. Blockchain bridging schemes allow for the portability of tokens and oracles across blockchains as well as hub-and-spoke architectures using different types of intermediary systems. Permissions and viewability restrictions may be put into place to help build narrowly defined environments, though the use of privacy-enhancing technologies and cryptographic primitives is still needed to protect the confidentiality of user data.

Additionally, software design patterns and infrastructure tools make it easier to integrate blockchain networks, wallets, and external resources (e.g., user account data, external data feeds) with user interfaces. The unbundling between user interfaces and application data and logic results in a user-centric system architecture and requires re-examining approaches to break down and evaluate the security risks entailed by individual configurations.

While token-based protocols can integrate and transform existing organizations and web services with efficiency and interoperability gains, the parties involved must establish common purposes and rules to form secure and sustainable governance models. More generally, blockchain networks face multi-dimensional challenges that range from scalability and privacy obstacles to educational and regulatory needs (e.g., understanding of cryptoeconomics and legal infrastructures) as well as standard- and product-related requirements (e.g., data format interoperability). The literature that has emerged on these challenges is rich, and substantial efforts are being made to address them publicly and across organizations.

In that way, blockchain-enabled tokens can be integrated into web and mobile applications to provide different types of embedded services, especially related to finance, identity, authentication, payments, and supply chains. A key driver is that tokens can act as tools with built-in usage and governance features to facilitate business-making online with increased efficiency and transparency, benefiting both users and businesses.


Table of Contents

Executive Summary

1 Introduction
1.1 Background
1.2 Purpose and Scope
1.3 Notes on Terms
1.4 Disclaimers and Clarifications
1.5 Document Structure

2 Token Categorization
2.1 Blockchain-Based Tokens
 2.1.1 Token Data Models
 2.1.2 Protocol Management
 2.1.3 User-Level Operations
2.2 Self-Contained Tokens

3 Wallet and Key Management
3.1 Self-Hosted Wallets
3.2 Custodial Wallets
3.3 Account Origination and Recovery
3.4 Smart Contract Vaults

4 Transaction Management
4.1 Transaction Validation
 4.1.1 Off-Chain Scaling
 4.1.2 Token Exchange
 4.1.3 Blockchain Bridging
4.2 Transaction Submission
 4.2.1 Meta Transactions
 4.2.2 Smart Contract-Based Access Control
 4.2.3 Blockchain Node Permissioning
4.3 Transaction Viewability
 4.3.1 Monitoring and Analysis Tools
 4.3.2 Privacy-Enhancing Techniques
 4.3.3 Computation on Encrypted Data

5 Infrastructure Management
5.1 Blockchain Networks Integration
 5.1.1 Base Layer
 5.1.2 Second Layer
 5.1.3 Open Connectors and Interfaces
5.2 Wallet Integration
5.3 User Account Data Integration
5.4 External Data Feeds Integration
5.5 Architectural Considerations

6 Deployment Scenarios and Use Cases
6.1 Decentralizing Protocol Governance
6.2 Tokenizing Money and Financial Products
 6.2.1 Stablecoins
 6.2.2 Lending and Borrowing
 6.2.3 Fundraising and Derivatives
6.3 Tokenizing Uniquely Identifiable Things and Supply Chains
6.4 Towards Privacy-Preserving Verifiable Data Exchange

7 Conclusion

References

List of Appendices
Appendix A— Base Layer Consensus and Compute
Appendix B— Acronyms
Appendix C— Glossary

List of Figures
Figure 1: Blockchain-Wallet Coupling
Figure 2: State-Dependent Storage Methods
Figure 3: Payment Channel Phases
Figure 4: Hashed Timelock Contract Transfer Flow
Figure 5: Hub-and-Spoke Architecture
Figure 6: Relay Blockchain
Figure 7: Private Transaction Execution
Figure 8: Blockchain Node Types
Figure 9: Smart Contract Multi-Sided Platforms
Figure 10: Verifiable Proof-Based Decision-Making

List of Tables
Table 1: Emerging Blockchain Computer Stack
Table 2: Token Representation Types
Table 3: Off-Chain Scaling Schemes Compare


1 Introduction.

Public safety first responders are the first at the scene of an emergency incident. Their day-to-day includes life-saving and sometimes life-threatening activities. As commercial and enterprise technology advance, first responders have the opportunity to take advantage of this technology to enhance their efficiency, safety, and capabilities during an incident. The nationwide public safety broadband network (NPSBN), is steadily deployed across the United States and operated by AT&T under the guidance of the First Responders FirstNet Authority (FirstNet)., per the Middle Class Tax Relief and Job Creation Act of 2012 [1]. Networks like those provided by FirstNet by AT&T and the NPSBN will allow first responders to use modern communication technology (smartphones/mobile devices) as well as other smart devices (smart wearables) to accomplish their public safety mission.

As with any new technology, there are security concerns, such as the vulnerabilities and threats to their users. In the case of public safety there are concerns that exploits of vulnerabilities may inhibit first responders from performing their duties and put their safety at risk. NISTIR 8196 Security Analysis of First Responder Mobile and Wearable Devices, is a document that was produced in a previous study to understand the specific security needs of smart devices for first responders [2]. The document captures the various use cases of public safety mobile and wearable devices, the known attacks on public safety mobile and wearable devices, and information received from interviews with actual public safety officials. Due to their unique roles, environments, and situations, the information in NISTIR 8196 is important to grasp the first responder perspective and analyze the security objectives necessary for all first responder devices.

Mass production of mobile and wearable smart devices makes it easy to find and buy any device that may meet one’s wants and needs. Technology is primarily produced for the general consumer or enterprise and not specifically designed with public safety in mind. This could lead to potential repercussions if the appropriate device is procured without consideration of the security and safety of first responders. When it comes to selecting mobile and wearable devices, there is little security guidance that focuses on the particular needs of public safety. During an emergency, a first responder should have some assurance that their devices are reliable and secure.

1.1 Purpose

The purpose of this document is to share a high-level overview of the current capabilities of public safety mobile and wearable devices. This will give insight of the security capabilities available within today’s devices. Additionally, this document provides guidance for procuring and designing secure mobile and wearable devices specifically for public safety. This document includes the following contributions:

  • A list of tests developed to analyze public safety mobile and wearable devices o Each test provides an overview of the outcome and the analysis derived from observation of that outcome
  • A collection of best practices and guidance for public safety mobile and wearable devices

 

1.2 Scope

This research effort focuses primarily on public safety mobile and wearable devices. Securing broadband networks, for instance, the management, and operation of cellular networks are out of scope. An entire class of devices exists under the IoT umbrella; however, this document solely focuses on wearable IoT devices that may be used by public safety. Additionally, mobile applications that ship with a public safety smartphone are considered in scope, as they are often required to perform typical public safety activities, such as voice communication. Backend services and the communication paths utilized by these mobile applications, to include data transmission from an application to supporting infrastructure, are in scope. Finally, public safety officials work in a variety of disciplines, this Interagency Report (IR) is focused on first responders (i.e., fire service, EMS, and law enforcement) and the public safety device administrators that provide devices to first responders. Testing scenarios, gaps, analysis and guidance beyond the scope of this document or the needs of first response, may consult supplementary resources such as the NIST Cybersecurity Framework, the NIST Mobile Security Framework, the Open Web Application Security Project (OWASP), and other device specific security hardening resources.

 

1.3 Document Structure

The document is organized into the following major sections:

  • Section 2 provides an overview of the technology analyzed,
  • Section 3 outlines the methodology used for analysis
  • Section 4 summarizes the test plan and findings
  • Section 5 suggests best practices and guidance for public safety mobile and wearable devices
  • Section 6 concludes the document with a review of the document, future considerations, and other related NIST work
  • Section 7 contains a list of references used in the development of this document

The document also contains appendices with supporting material:

  • Appendix A defines selected acronyms and abbreviations used in this publication, and
  • Appendix B provides a detailed description of each test, including, procedures, analysis, gaps, and guidance

|

« NIST NISTIR 8235 (Draft) Security Guidance for First Responder Mobile and Wearable Devices | Main | 経済産業省からサイバーセキュリティ経営ガイドラインVer2.0の付録として「サイバーセキュリティ体制構築・人材確保の手引き」が公開されていますね。。。 »

Comments

Post a comment



(Not displayed with comment.)


Comments are moderated, and will not appear on this weblog until the author has approved them.



« NIST NISTIR 8235 (Draft) Security Guidance for First Responder Mobile and Wearable Devices | Main | 経済産業省からサイバーセキュリティ経営ガイドラインVer2.0の付録として「サイバーセキュリティ体制構築・人材確保の手引き」が公開されていますね。。。 »