Blockchain for Assured Combat ID at Internet-Scale
Blockchain-backed, open standard-based decentralized identity (aka self-sovereign identity) technologies can provide warfighters with combat identification (CID) of the networked digital forces that comprise the modern military’s multidomain sensor-to-shooter kill chains.
High confidence in the digital identity and capabilities of every networked kill-chain participant (i.e., digital CID) is required before military decision-makers will trust collapsing information stovepipes, automating high-value decision making and separating command from control to the degree needed to significantly accelerate the “sense, make sense and act” command and control (C2) functions needed to act inside an adversary’s decision cycle.
The problem: uncertainty in the identity and capabilities of each entity communicating from behind its networked Internet Protocol (IP) address hinders information sharing and automation in the “sense, make sense and act” C2 functions.
Per the March 2022 U.S. Department of Defense Summary of the Joint All-Domain Command and Control (JADC2) Strategy, warfighting is becoming more and more digitalized to “use increasing volumes of data, employ automation and AI [artificial intelligence], rely upon a secure and resilient infrastructure, and act inside an adversary’s decision cycle.” The JADC2 vision for joint warfighting is an Internet of Things connecting digitalized sensors-to-shooters “to sense, make sense, and act at all levels and phases of war, across all domains, and with partners, to deliver information advantage at the speed of relevance.” These digitalized sensors, shooters and their directing C2 work together in coordinated kill chains to put weapons on target with maximal effect and minimal collateral damage. Because the targeting information they originate and exchange results in literal life-or-death outcomes, every participant in the kill chain and their information must be trustworthy and reliable to a high degree of certainty.
Identification is the root of all trust because it provides accountability. Unidentified, misidentified or compromised digital forces participating in a kill chain jeopardize the trustworthiness of the targeting information and the reliability of execution. Online digital identification and authentication in the battlespace is a form of CID, which is generally recognized as the “process of attaining an accurate characterization of detected objects throughout the operational environment sufficient to support engagement decisions.” CID traditionally applies to positive identification of targets and nearby friendlies and neutrals to avoid fratricide and minimize total casualties. But in digitalized kill chains, positive identification and verification of the identity, capabilities and information provided by the digital participants are needed to prevent or detect inadvertent or purposeful targeting misinformation and execution mishandling that could result in unintended outcomes.
But trustworthy network digital identification has historically been difficult, especially at scale, because online entities communicate from behind nonidentifying IP addresses. And herein lies the problem for JADC2. Battlespace commanders, planners and operating forces communicating electronically with each other in a contested battlespace environment feel too uncertain in the digital identities and capabilities of in-area networked forces (people, organizations and things) to trust them with the degree of independent decision making, ad hoc information exchanges and artificial intelligence-based automation that would significantly shorten the kill chain.
They rightly question the trustworthiness of digital identities because networked devices and their hosted applications:
- Are not largely public key enabled at the application layer and instead rely on the encrypted transport layer for security.
- Rely heavily on third-party identity providers, directories and boundary security enforcement points outside the control of the device owner and its applications.
- Communicate with each other via complex network routes spanning multiple connection points and protocols. The application layer payloads exchanged are typically not encrypted end-to-end across all these route segments, thus making them vulnerable to man-in-the-middle attacks and manipulation.
- Exchange no cryptographically verifiable identifying and nonidentifying claims/credentials issued by trusted authorities that assert identifying attributes and capabilities.
Trustworthy CID of networked forces will only get harder as the number and type of digital forces explode due to the ongoing military digitalization of traditional forces and the growing deployment of autonomous vehicles and other types of attritable Internet of Things devices. These small, low-cost, attritable devices and other types of digital forces require a commensurately small, low-cost, assured identity solution that is open, standards-based, interoperable, de-centrally implemented and administered to affordably secure the internet-scale networked battlespace.
The blockchain-enabled CID solution
Distributed ledger technology (aka blockchain) solves the digital identity problem by providing a scalable, decentralized, low-cost, highly secure way to cryptographically bind an entity’s identifier to its private and public key pair while also distributing it widely and securely. In a blockchain-based digital identity solution, the immutable hash of the chained blocks of transactions stored on the ledger immutably binds a new kind of globally unique, unchanging digital identifier (W3C decentralized identifiers or DIDs) to its public key. The blockchain consensus mechanism ensures that each distributed ledger in the blockchain network independently writes the bound identifier/public keys on its ledger. Therefore, an entity’s DID and cryptographically bound public key are automatically and immutably distributed across all physically disparate and independently operated nodes of a distributed blockchain network. To verify an identity’s digital signature, a relying party looks up the subject’s DID on a local blockchain ledger node and retrieves the immutably bound public key.
After this seminal use-case for blockchain technology was recognized, several open-source organizations emerged to develop an overall Trust over IP architecture framework and the supporting open standards and implementations. The resultant highly secure digital identity solution became known as self-sovereign identity, decentralized identity and decentralized public key infrastructure.
In deployment, these standards and technologies take the form of small footprint software agents and secure digital wallets installed on each participating networked device. Software agents and secure digital wallets use standardized protocols and cryptography to automate assured CID. The agents of any communicating digital forces automatically establish a secure channel (exchange pair-wise public keys) and then use the encrypted channel to exchange cryptographically verifiable claims about their identities, capabilities and data via small, lightweight, machine-readable, schema-defined, digitally signed verifiable credentials. The verifiable credentials are issued to digital forces (representing people, organization and thing entities) by recognized authoritative trustworthy issuers registered on a blockchain ledger. Verifiers of a verifiable credential look up the issuer’s DID on the blockchain, retrieve the associated public key and confirm the issuer’s digital signature on the verifiable credential.
CID is performed by the agents when they validate the signatures of exchanged verifiable credentials and use the attributes to perform mutual identification, authentication and authorization. Once trusted CID is complete, the devices use the established trusted relationship to perform various use cases.
For example, a sensor device passes collected images to its controller over some complex multi-hop route. Because the sensor and its controller hold each other’s relationship-specific identifier bound to its public key, the sensor data and the controller’s acknowledgments are all digitally signed and encrypted end-to-end between the devices, independent of any transport-layer encryption. The receiving controller has high assurance that the image data came from the trusted sensor and hadn’t been tampered with. The sensor has high assurance that the trusted controller really received it.
The sensor could also hold in its wallet nonidentifying types of verifiable credentials asserting various claims about the sensor itself—the manufacturer-certified resolution of a camera, for example. In this way, the controller could make better decisions about how best to employ that sensor. For example, if the camera only took wide-angle images, the controller wouldn’t try to assign it a collection task requiring a zoom capability.
The value to you
Blockchain-backed decentralized identity open standards and technologies can provide military decision-makers with sufficiently trustworthy CID of digital forces to trust collapsing information stovepipes, automating high-value decision making and separating command from control to the extent needed to significantly shorten the kill chain.
Tim Olson is a principal client engineering solution architect for IBM. You can contact him on LinkedIn: https://www.linkedin.com/in/tim-olson-1a03492/.
The opinions expressed in this article are not to be construed as official or reflecting the views of AFCEA International.