Trust through blockchains: Transparently securing audit trails in critical events
Fujitsu / January 30, 2023
A functioning energy, water and food supply, an efficient transport system and a working healthcare or telecommunications system are vital to modern society. For this reason, they are part of the federal critical infrastructure.
Malfunctions, failures and accidents in these areas can have negative financial, economic and sometimes even macroeconomic consequences. They can impact people's trust in the government, authorities and individual companies, especially if the responsible parties blame each other after an incident.
Blockchain technology can help make critical infrastructure more secure, transparent and indisputable, an important step in creating a trusted society, as shown by a concrete use case from Fujitsu and Hexagon, who recently announced a global partnership. Reporting chains enable authorities, companies and individuals to show at any time that they have taken the right audit-proof measures in a timely fashion and in accordance with previously defined decisions, counter-measures and information chains. Deviations from these parameters can be tracked and identified. We had the opportunity to speak with Uwe Jasnoch, Director Government & Transportation at Hexagon, and Nikolaos Saklampanakis, Technical Team Lead for DLT/Blockchain at Fujitsu, about their collaboration and use case.
Verifiable audit trails, thanks to blockchains
- What is the first joint blockchain project between Hexagon and Fujitsu all about?
Uwe Jasnoch: Well, this project has some history. Hexagon had launched a new, highly advanced hybrid sensor. Since a number of cyberattacks on critical infrastructure occurred all over the world at the same time, and the topic of critical infrastructure security has therefore become more relevant, we got together with Johannes Schöniger, Strategic Account Director Geoinformation at Fujitsu, to brainstorm a safer and more reliable way to secure transportation operations and related sensor communications. One aspect we wanted to address was the challenge of an audit-proof chain of action. Critical infrastructure is usually monitored by sensors. An alarm is triggered in the event of anomalies (e. g., people illegally entering a tunnel), which is then shown on a dashboard in a control center. An operator must decide what to do, e. g. inform other actors, such as emergency services. Depending on the environment, the industry and the severity of the incident, the necessary chains of action pass through many individual instances, very often in parallel. With our joint solution, all the steps from the initial sensor alarm to the last actor, including all parameters such as time or duration of the incident, are logged in a blockchain and thus protected against subsequent manipulation. This means, for example, that during a subsequent audit no one can claim to not have known something at a certain point in time. Such a verifiable and tamper-proof audit trail is enormously important for questions of responsibility and liability, but also for process improvement and peace of mind on the part of the different actors.
Nikolaos Saklampanakis: Basically, it's about trust through verifiability, and we achieve that via blockchain technology. A blockchain works like a distribution machine: Every data change is verifiable for the relevant parties in real time. The data is also cryptographically secured and cannot be changed later on. Submitted data is signed by a cryptographic key from the submitter, while each data change is cryptographically linked in chronological order to the exact previous state and cannot be retrospectively manipulated. A chain of data-blocks – i.e., a “blockchain” – is thus formed. In addition, rules can be defined on how to store data and actions in the blockchain. Applications running on blockchains are known as smart contracts, which not only ensure the data itself, but the rules of the game are also transparent to everyone involved. Of course, this does not mean that all information is available to everyone, but only those who need to have access at the time to ensure maximum security in addition to the above-mentioned verifiability. In short: Technology provides us with the necessary tools to achieve “data access on a must-have basis,” without compromising data verifiability and transparency.
Uwe Jasnoch: In our first scenario in local public transport, everyone involved has access to the data on their respective instance levels and can see what is happening at other instances. That means that critical situations and subsequent decisions can be analyzed later on in order to optimize processes in the future and, if necessary, clarify liability issues. In this way, we achieve higher levels of security and transparency, leading to more trust in the system – in this example, in the transportation system.
Sensor technology as a key technology
- So, everything starts with the sensors. What types of sensors are used?
Uwe Jasnoch: In our smart monitoring ecosystem for IoT, which Hexagon is currently setting up and expanding together with our partner Fujitsu, a wide variety of sensors are used. It starts with a simple temperature sensor and ends with a multi-sensor device equipped with a camera, laser scanner and infrared sensor – like Hexagon’s BLK247 model. Together with Fujitsu, we have integrated blockchain technology directly into the BLK247 so that all relevant sensor data, such as that from alarms, is additionally stored directly in an audit-proof manner. Within the smart monitoring ecosystem, the data is then consolidated, evaluated and compared with that on the blockchain to document process steps. Of course, everything that happens on the monitoring platform is also logged via the blockchain.
- Nikolaos, can you give us an idea of how Fujitsu integrated BLK247 into the blockchain?
Nikolaos Saklampanakis: BLK247 is the next-gen monitoring device from Hexagon. It enables 3D-space monitoring with a laser scanner, it can collect data with multiple sensors on board such as a 360-degree camera system, and it can also perform thermal scanning. To cut a long story short, it is a very exciting piece of technology to use for innovation. Which is why it was the target device for our work. To integrate BLK247, we have implemented an application that is deployed and running on the device. This application communicates directly with the blockchain network and enables the device’s firmware to “speak” blockchain. An interesting outcome of this implementation is that each device has a cryptographically unique digital identity on board as well. This not only enables other interesting use cases, but also greatly enhances the security of the whole setup. The security enhancement by itself is a very interesting aspect as it supports approaches such as zero-trust architectures. This type of approach is being used more and more and is of particular interest for devices that are often deployed in high-risk environments – such as the BLK247. After all, these devices are a high-priority target of malicious actors.
- Does artificial intelligence also play a role in this setup?
Uwe Jasnoch: Yes, the ecosystem has AI functionality, for example, to identify underlying trends. Every modern sensor, such as the BLK247, already has a certain degree of basic AI capability. For example, the onboard AI can recognize whether an item at an airport has always been there or if it is a forgotten piece of luggage. In addition, automated alerts can also be initiated, supported and enhanced by AI.
- Are incidents raised from AI also traceable and audit-proof? Can we distinguish between AI and human involvement?
Nikolaos Saklampanakis: Ecosystem components that interact with the blockchain network have their own unique digital identity. In other words, if such a component is designed with AI capabilities, this is directly traceable as well. Making AI more transparent is also a very interesting topic from technical perspective, which is why Fujitsu has been developing “Explainable AI” methodologies. We are also considering an evaluation of their potential impact within the scope of this particular project.
Cooperation for a trusted society
- How is this technology partnership significant for society?
Uwe Jasnoch: With a sensor-based ecosystem, we can analyze how, when and why decisions are made at any time. The system generates and documents all the necessary data in real time. The blockchain meanwhile brings the required transparency and security to the system. It is a neutral single source of truth on which all parties involved can rely, therefore creating a higher level of trust. At the moment, we are already operating this ecosystem together with some of our joint customers.
Nikolaos Saklampanakis: We want to offer sustainable and future-proof technologies, because that's what the world needs. In the smart city of the future, for example, there will always be cybercriminals who want to manipulate data for their own purposes, which can and must be prevented by using state-of-the-art technological solutions. This applies to critical infrastructures and the security services supporting their operations. Other possible applications where a high level of trust is required include the processing industry and the transport of hazardous materials. There are numerous fields that we want to make more secure through technology. With the global partnership between Fujitsu and Hexagon, we have already taken an important step towards this goal. By integrating the sensors, the intermediary systems (including AI) and the user dashboards, we have created a highly secure, transparent and auditable decision support ecosystem. Consequently, trust in the process and the employed mechanisms is greatly enhanced.
- But doesn’t blockchain technology consume a great deal of energy?
Nikolaos Saklampanakis: That is a common perception, which originates from platforms such as Bitcoin, which requires a process called “mining.” Mining is part of the “proof-of-work” consensus mechanism of Bitcoin and other similar blockchains. It is a process that demands an enormous amount of computing power and therefore energy. Of course, energy efficiency is important, not only because of the current energy crisis, but also regarding environmental sustainability. People are right to be sensitive about it, and companies like Fujitsu and Hexagon are working hard to achieve their respective ESG benchmarks. But “mining” and “proof of work” are not the only consensus mechanisms for blockchain technologies. In short, we used blockchain technology that does not rely on the mining process and operates in a highly efficient manner.
- Thank you very much for the interview.
Find out more about the exciting project the two companies are working on in our joint white paper.
Set your sights on building a prosperous, sustainable society
Fujitsu introduced a key focus area called ‘Trusted Society’ as a part of its business brand, Fujitsu Uvance.
We aim to create an environment-first, resilient society in which people can live in peace and prosperity.
He has been working with blockchain technologies since 2016, in various projects for customers in both the private and public sectors. In December 2019, he joined Fujitsu as Technical Lead for DLT/Blockchain. His aim is to bring state-of-the art technologies together and drive innovation.