Energy Web
Published in

Energy Web

How staking EWT increases cybersecurity for energy grids and enterprises

According to security analysts, nearly 80% of cyberattacks are identity-based. In these attacks, bad actors steal administrators’ usernames and passwords or issue fake credentials to themselves. With credentials in hand, unauthorized parties can infiltrate enterprise information technology systems and go undetected for long periods of time.

Many of these attacks can be prevented via security architectures that embrace decentralized authentication and authorization of users and assets. These architectures, based on decentralized identifiers (DIDs) and verifiable credentials (VCs), can unlock value across many segments of the global economy. But the energy sector, in particular, stands to benefit greatly. The number of energy sector assets (e.g., electric vehicles, smart inverters, batteries) and actors interacting with them is growing exponentially. A centralized, “Web 2” approach to digitizing these assets and their users (creating a centralized data silo and a super administrator of the silo) is expensive, fragile, and creates lucrative honeypots for malicious actors to attack. At Energy Web, we believe a more effective solution is to embrace a decentralized architecture for user and asset authentication and authorization.

The role of verifiable credentials

A critical component of any security architecture is the process by which users’ credentials are verified in order to be assigned specific roles. As shown below, when a user with a verifiable credential presents it to a verification service, the service validates the VC and issues an access token. As shown in figure 1, this token can be used to unlock access to smart contracts on a blockchain or to perform certain roles using legacy information technology infrastructure.

Figure 1 | Security architecture process to verify credentials to specific roles

Conducting this verification process is not computationally intensive and has a binary outcome: whether the VC is valid (cryptographically signed by the authorized issuer) or not. There are several ways to conduct the verification process. It can be performed internally by an organization or via a third-party service provider. These traditional, centralized options create a single point of vulnerability since the verification service itself can be compromised, approve false VCs, and (inadvertently or not) whitelist attackers.

A decentralized verification service is a far better solution

As shown in figure 2, a decentralized verification service uses a diversity of nodes to perform the verification task independently and then reach a consensus about the outcome with other nodes on the same system. In this setting, validator nodes vote on whether or not a VC is valid. If consensus is reached, the user presenting the VC will be whitelisted or receive an access token.

Figure 2 |Decentralized verification service

With a decentralized verification service, each node is required to stake economic value in order to verify VC presentations and earn rewards

Only honest nodes receive rewards. Misbehaving nodes that vote against consensus are penalized by having their stake reduced or removed entirely (for an overview of staking and “slashing” mechanisms on different blockchain-based networks, check out this explainer). The most practical way to implement this mechanism is to use public blockchains, paired with cryptocurrency, for staking and distributing awards to nodes performing the verification work. By doing so, the execution of the verification mechanism is completely automated, immediate, and impartial. This is a far better solution than relying on an opaque, centralized entity and/or process to perform the same verification service.

Under the decentralized architecture described here, honest nodes can sound an alarm if they don’t agree with the consensus. They receive the stake from misbehaving nodes in case they can prove wrongdoing. Attackers in this setting need to either a) hack each node individually or b) bribe all nodes needed to reach the consensus. The cost of bribing the nodes is equal to N*S+N*N*S, where N= number of nodes and S = stake of one node. Bottom line = more economic value staked across more nodes, more security.

Figure 3 | Decentralized verification service

Furthermore, consensus requirements can change based on the value of the VC itself. For high-value transactions or important access rights, consensus may require several rounds of voting. For VCs with relatively lower values, only 10% of nodes, for example, may need to approve the VC.

In summary, decentralized VC authentication powered by public blockchain and cryptocurrency shown in figure 3 can produce significant business benefits for enterprises in comparison to Web 2-based approaches to authentication and authorization. Don’t take our word for it: multiple Energy Web member companies have recently confirmed that public blockchains present a superior way to securing energy infrastructure and internet-connected devices alongside the findings of many research papers on the subject such as:

  1. Blockchain: A game changer for securing IoT data
  2. Secure IoT Communication using Blockchain Technology
  3. Can Blockchain Strengthen the Internet of Things?
  4. Cloud-Based Secure Service Providing for IoTs Using Blockchain
  5. Securing Smart Cities Using Blockchain Technology

Cybersecurity through staking on Energy Web

Currently, Energy Web is working in partnership with Parity Technologies (the company behind Polkadot, Kusama, and Substrate) to design, build and launch the Energy Web Consortia Relay Chain, a public blockchain tailored to enterprises. The new blockchain is designed explicitly around the VC verification process described in this post. Our aim is to enable decentralized authentication and authorization for any energy company in any regulatory environment in a way that integrates with existing enterprise information technology systems.

Since identity management is a foundational component of this new blockchain, Validators on the new network who perform the decentralized VC verification service will be required to stake Energy Web Tokens (EWT) in order to secure the service and the network. In this way, all identity-related processes, together with other blockchain transactions, will be secured by the combined economic value of all EWT staked by Validators and their Patrons.

With this staking mechanism in hand, the Consortia Relay Chain will unlock security solutions that are impossible to achieve using a centralized, Web 2 paradigm. It will provide unparalleled cybersecurity alongside a robust, flexible DID infrastructure for identity and access management.

About Energy Web
Energy Web is a global non-profit accelerating the clean energy transition by developing open-source technology solutions for energy systems. Our enterprise-grade solutions improve coordination across complex energy markets, unlocking the full potential of clean, distributed energy resources for businesses, grid operators, and customers.

Our solutions for enterprise asset management, data exchange, and Green Proofs, our tool for registering and tracking low-carbon products, are underpinned by the Energy Web Chain, the world’s first public blockchain tailored to the energy sector. The Energy Web ecosystem comprises leading utilities, renewable energy developers, grid operators, corporate energy buyers, automotive, IoT, telecommunications leaders, and more.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Energy Web

Energy Web

2.2K Followers

EW is a global, member-driven nonprofit accelerating a low-carbon electricity system through open-source, decentralized, digital technologies.