DINRG B. Yang Internet-Draft China Mobile Intended status: Informational June 30, 2018 Expires: January 1, 2019 Use cases of Blockchain: Application and Interworking draft-yang-usecase-din-01 Abstract The purpose of this document is to analyze several important use cases based on blockchain, including: blockchain based PKI for security device connection, blockchain as a service, interworking cross blockchain (exchange data and contracts cross different chains). Through case analysis, important scenarios and specific requirements are listed. Related solutions are also provided for easy understanding. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 1, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Yang Expires January 1, 2019 [Page 1] Internet-Draft Use cases of Blockchain June 2018 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 3. Terminology and Abbreviations . . . . . . . . . . . . . . . . 3 4. Use case 1: Secure connection management between devices using blockchain based PKI . . . . . . . . . . . . . . . . . 3 4.1. Centralized connected model . . . . . . . . . . . . . . . 3 4.2. Peer-to-peer connection model . . . . . . . . . . . . . . 5 4.3. Summary . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. Use case 2: Blockchain as a Service . . . . . . . . . . . . . 6 6. Use case 3: Blockchain Interworking . . . . . . . . . . . . . 6 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 8. Security Considerations . . . . . . . . . . . . . . . . . . . 7 9. Normative References . . . . . . . . . . . . . . . . . . . . 7 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction Blockchain helps to establish cross industry mutual trust and cooperation, and provides the transmission of value and trust on top of current information network (i.e., Internet). The following industries are studying the application of block chains: government, commerce, industry, finance, insurance, medical, education, communication, culture and art etc. Blockchain can play the following role in a company: o Promoting internal cooperation and optimizing the existing process, thus improves the production efficiency. Take an Internet service provider for example, the internal blockchain that involves product manager, develop team, QA team and service team, shall be able to trace each service features design, development and market feedback easily, thus accelerate the internal productivity. o Improving the cooperation of eco-system players, to enlarge the overall benefit. Take Internet service provider for example, by using blockchain, a service provide shall be able to cooperate with other other service providers to expand the overall business based on trust, such as, a social network service provider can coopertate with content (music, video, online game) providers. o Expanding business to the whole industry, the whole society and the world, to form new business models. For example, the social Yang Expires January 1, 2019 [Page 2] Internet-Draft Use cases of Blockchain June 2018 network providers shall be able to provide the capbility of user anthertication to vertical service providers (such as freight, supply chain, finance, rental). In this document, several important use cases based on blockchain are analyzed, including: blockchain based PKI system, blockchain as a service, interworking cross blockchain (exchange data and contracts cross chains). For easy understanding, related solutions are also provided. 2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 3. Terminology and Abbreviations The terminology and abbreviations used in this document are defined in this section. o H(e)NB: Home (e)NodeB, An eNodeB is an end device of a Radio Access Network,it performs the same functionality of an eNodeB, but is deployed for indoor premises or public hotspots, using the local Internet connection to access operators' network. o MNO: Mobile Network Operator o SeGW: Security Gateway, an edge device that is Deployment on the boundary of an Operator's network, to connect HeNB device remotely. 4. Use case 1: Secure connection management between devices using blockchain based PKI Digital certificates are widely used to negotiate secure channels between devices and to establish secure connections as defined in RFC 5280 [RFC5280]. Accoding to communication model, there are two typical sceniaros: multiple devices are connected to the same centralized node (such as H(e)NBs connected to a MNO's SeGW), peer to peer connection (such as IoT devices). 4.1. Centralized connected model Take the H(e)NB scenario for example, H(e)NB is a device that is installed in the office/home where the radio signal is weak or not covered by MNOs, to provide mobile network services (such as voice call, messaging). H(e)NB access MNO's network via local user's Yang Expires January 1, 2019 [Page 3] Internet-Draft Use cases of Blockchain June 2018 Internet access (LAN), thus, security solution is needed to authorize the H(e)NB device and to secure the connection between H(e)NB device and MNO network border (SeGW), as shown in Figure 1. +--------+ +--------+ +------+ +----------+ | | / \ | | / \ | | | | | || | | H(e)NB +---------+ Internet +------+ SeGW ++ Operator's | | | \ / | || Network | | | +--------+ | || | +--------+<===========================>+------+ \ / Secure Connection Via Cert +----------+ Cert Cert of CA1 of CA1 ^ ^ | | | +------------+ | +-------+ CA1 +---------+ +------------+ Figure 1 Because SeGWs belongs to different operation domain, it is not possible to have them use certificates issued by the same CA, H(e)NB needs to configure the certificate of the SeGW that it is connected to accordingly. Two important functions is provided by certificate, authentication of H(e)NB devices to make sure that it is not a fake one, and the establishment of secure end to end communication channels between H(e)NB and SeGW under an unsafe Internet network. For this reason, the manufacture can not preinstall any certificate for H(e)NB, the installiation of certificate is needed in the deploying stage. The workers manually install the certificate into the H(e)NB. In this way, the following problems occurs: first, the manually installiation is low efficiency and error-pronel; second, the certificate may be leaked out by the worker. Whats more, reconfiguration are needed each time when the certificate is expired or withdrawn. The solution is: o Establish a consortium blockchain, which SHALL be used to verify and store certificates. H(e)NB manufacturers and operator join the chain as nodes, which are responsible for certificate verification and storage. o A self-signed certificate for each H(e)NB device is generated by the manufacture when it is produced. Yang Expires January 1, 2019 [Page 4] Internet-Draft Use cases of Blockchain June 2018 o This certificate shall be sent to blockchain nodes to be verified. o The certificate is verified by the verification node. o The certificate is recorded into the blockchain if the consensus achieved. o At the time H(e)NB is installed and powered on, it's certificate will be used to establish connection to operator's SeGW. o The SeGW interacts with the operator's blockchain node to verify the certification. o If success, the secured connection between SeGW and H(e)NB shall be established automatically. o The certificate is also used to idenfity and antenticate the H(e)NB itself. Note: Although in this case we uses the operator's H(e)NB scenario, this solution applies to other similar connection models, such as home gateway. 4.2. Peer-to-peer connection model Take IoT scenario for example. Currently, IoT devices always talk to each other via the network server (such as IoT application server). For privacy and security consideration, we want IoT devices that produced by different venders to talk with each other directly in security. But we can not assume that all these devices be preinstalled with the certificates issued by the same CA. The regular solution is to introduce a centralized bridge-CA. The question is that, the bridge is lack efficiency and extensiblity. The blockchain provides a better solution: o Establish a consortium blockchain, which SHALL be used to verify and store certificates. CAs join the chain as nodes, which are responsible for certificate verification and storage. o When a CA issue certificate for a device, the certificate shall be sent to blockchain nodes to be verified. o The certificate is verified by the verification node. o The certificate is recorded into the blockchain if it achieves consensus. Yang Expires January 1, 2019 [Page 5] Internet-Draft Use cases of Blockchain June 2018 o At the time devices need direct connection, they will lookup their CA's node for centification verificaton. o If success, the secured connection between devices directly and automatically. 4.3. Summary The advantages of usging blockchain based PKI includes: o High reliability and performance: each node holds a copy of consistent certificate data, supports multiple duplicates and parallel queries, and better data consistency. o Low cost: automatic operation of block chain system, low maintenance cost; no payment needed for self signed certificate. 5. Use case 2: Blockchain as a Service The value of blockchain in building a system of trust and collaboration has been proved by the industry, enterprises and industries are applying the blockchain. However, not all enterprises are willing to establish and operate their own blockchain system because of costs. Therefore, providing blockchain-as-a-service solution contributes to the rapid popularization of blockchain. The main requirements for blockchain-as-a-service may include: o General proposed data format to support different applications, for storage/verification/resolvation. o Define flexible, extensible interfaces/APIs that is easy for programming. o Enhanced performance for future proof. 6. Use case 3: Blockchain Interworking According to the current situation of the vertical development of the blockchain infrastructures and applications, the cross-chain interworking shall be a very important demand in the future. Cross chain interoperability involves not only data, but also smart contracts, security and other aspects. Two OPTIONAL solutions for blockchain interworking: o API/Interface invocation based, using interworking gateway. Yang Expires January 1, 2019 [Page 6] Internet-Draft Use cases of Blockchain June 2018 o Build a "meta blockchain" to coordinate interworking blockchains 7. IANA Considerations This memo includes no request to IANA. 8. Security Considerations TBA 9. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, . Author's Address Yang Boyle China Mobile China Email: boyxd@hotmail.com Yang Expires January 1, 2019 [Page 7]