Tuesday, March 7, 2017

Applying blockchain to healthcare - part 10 (wallets)

In prior blog posts, we explored how cryptographic key pairs are used by ethereum.  You may recall that a private key is a random number, the public key is derived from the private key and the ethereum address is derived from the public key.  The derivations are one way - you cannot take an address and compute the public key and you cannot take the public key and compute the private key.

An ethereum account is generally referred to by its address, but also includes the corresponding private key and public key as those are needed to digitally sign and encrypt.  Here is an example of a private key and the corresponding ethereum address that is used in my private ethereum network:

private key: 0xf059416a2f6bb05d0770bbacb24a6430757aa7db5c15959838ed142b486df5b8

ethereum address: 
0x5DFE021F45f00Ae83B0aA963bE44A1310a782fCC

The private key, public key and address are all arrays of bytes with a hexadecimal string form.  As described in prior blog posts, ethereum's use of cryptographic key pairs changes the way identity and trust are handled.  While this approach brings many benefits, there are some drawbacks:

The private key is too long to memorize  

This is different from username/password authentication where users are able to remember the username and password for an account.  To address this issue, the private key needs to be stored digitally rather than remembered.

The private key cannot be recovered if lost

If you lose your private key, it is lost forever.  You cannot get the private key from the public key or the address as those are not reversible.  This is different than username/password authentication which has the ability to reset your password if you forget it or contact an administrator to reset your password.  To address this issue, users must take appropriate precautions to backup the private key.

The private key cannot be changed  

If someone obtains your private key, they have full control over it and it cannot be revoked.  This is different that username/password authentication where you can change your password if someone obtains it.  A private key must therefore be kept secret.  

Protecting private keys with wallets

To address the issues above a "wallet" is used to manage private keys.  A wallet is responsible for storing your private key in a safe manner while still providing services to digital sign and decrypt with it.  There are two main kinds of wallets - software wallets and hardware wallets.  

A software wallet is a software application you run on your computer which will store your private key encrypted with a user selected password in a file.  To use the private key, the user must unlock the private key by entering user selected password.  Once the account is unlocked, it can be used to digitally sign a message (e.g. an ethereum transaction).  This approach keeps the private key secret within the wallet.  Encrypting the private key with a user selected password adds an additional layer of security to the private key.  If an attacker is able to obtain the file with the encrypted private key, they will need to also know the password to obtain the private key.  The two software wallets I recommend are metamask and myetherwallet.

A hardware wallet is a physical device stores your private key and provides a way to create digital signatures and decryption with the private keys.  This is typically done with what is called a "secure element" - a chip which is considered unhackable - even by the NSA.  A hardware wallet provides an interface to the user to confirm use of the private key - for example a physical button the user has to push to confirm its use.  A hardware wallet is also protected by a password or PIN requiring the user to first "unlock" it before it can be used.  I personally have a ledger nano s and ledger blue.  There are also apps you can get for your mobile device such as the Ethers Wallet iOS App or uPort.  One nice thing about using mobile devices to manage private keys is that almost everyone has one and some have biometric authentication (e.g. fingerprint).


Ledger Nano S hardware wallet


What do wallets mean for healthcare?

Adopting blockchain in healthcare requires educating end users (patients, physicians, staff) about how to use and manage their private keys.  This is perhaps the biggest barrier to blockchain adoption as end user's paradigm for authentication is currently username/password based.  End users will naturally assume a private key can be handled in the same way a password can. They might think that they can share it with someone they trust and change it later if that trust changes.  They might think they can get someone else to change the private key for them if they happen to lose it or forget it.  I have already seen many users lose their ether because they didn't understand the importance of their private key and handle it in a safe way.

Even with proper education, private key management is too unforgiving to be used as the only way to protect medical records.  Fortunately ethereum smart contracts can be used as an identity in place of the private key and include workarounds for these unforgiving scenarios.  This will be explored in the next blog post.

9 comments:

  1. Interesting Post. It is really helpful to know about blockchain in health sector. Can you please share more about Private blockchains integration
    ?

    ReplyDelete
  2. A blockchain, unlike traditional server architecture, does not go down if a single node is compromised or goes offline. The user data is private and apps remain decentralized, working just the way Internet was supposed to do.
    neo web wallet

    ReplyDelete
  3. Bitcoin Miner service enables customers to avoid the physical hassles usually encountered when mining bitcoins such as electricity, hosting issues, heat, installation or upkeep trouble.

    ReplyDelete

  4. Heyy, Awesome Post .. Keep It Up!

    Want to invest in Crypto Currency, Invest in STECH coin Now, one of the best cryptocurrency to invest. Our reliable and robust social network allows the seamless transfer of cryptocoins within no time! Easy to use, purchase and trade. Grow your investment upto 200%. To check click or visit: https://www.stechcoin.com/

    Stech coin contact | Cryptocurrency Exchange | Stech coin Distribution | Digital Cash Cryptocurrency

    ReplyDelete
  5. thanks for sharing the blog, i read many blogs on blockchain but no one put such deep theory on blockchain in healthcare industry. in past i came across a wonderful blog which i share with you so refer it for your future references. https://bit.ly/2xRPvci

    ReplyDelete
  6. How Blockchain is Impacting Ecommerce Referred to as the "engine of the international economic climate," Blockchain Applications and Services is well on its method of ending up being the de facto technology for monetary deals worldwide. With the global shopping market poised to get to $135 billion by 2023, the adoption of 1WGlobalPay Blockchain Wallet for e-commerce is not only needed, however it is additionally unavoidable.

    ReplyDelete
  7. Thank you for sharing such a great post and giving us the reality and application of block chain technology. Maybe some information about solve care will be interesting for you.

    ReplyDelete
  8. Discover expert guides, news, and articles on Blockchain wallets and cryptocurrency, offering valuable insights and step-by-step tutorials. Why can't Withdraw Fund from Blockchain Wallet, How to Transfer Money from Blockchain to Binance? visit us

    ReplyDelete
  9. money getting stuck in DeFi Wallet often occurs due to network congestion, insufficient gas fees, or incorrect transaction details. Double-check the recipient address, ensure adequate gas fees are set, and verify network status. Use blockchain explorers to track pending transactions. If unresolved, consult your wallet’s support team or community forums for assistance to recover your funds efficiently.

    ReplyDelete