This document describes a new authentication, authorization, and access (AAA) solution called “DIBS” (Decentralization, Identity, and Blockchain Service) that incorporates the blockchain and smart contracts as its fundamental architectural components. The DIBS framework takes advantage of the strong cryptographic relationship users have with the blockchain, to prove ownership of cryptocurrencies or to prove the identity of parties in transactions. The system borrows from the well-known security system “Kerberos.” However, while Kerberos is a “federated” or “centralized” security system, the use of the blockchain allows similar security relationships to be established in the “decentralized” environment of blockchain related computing. “DIBS” is a pun, and is intended to symbolize ownership: “DIBS, it’s mine” is an assertion of ownership on the playground. Here it is done silently instead with ownership verified and established by the Blockchain.
Kerberos creates credentials called “tickets” that eliminate many of the vulnerabilities that exist around other systems that use static “key exchanges” for security. Kerberos uses a central key distribution server to distribute credentials and private keys to users and services within an enterprise environment. However, the AAA framework for the virtual private network (VPN) uses blockchain and its known security associations to build the tickets. With the DIBS framework, tickets are designed to specifically support dynamic configuration, and the configuration of network applications with smart contract capabilities on the blockchain.
By using the blockchain, the DIBS solution creates a general framework for providing network security for decentralized applications (Apps). Once the identity of the requestor is linked to a previously approved authentication process with credentials loaded on the blockchain, access to requested services may be granted. When users are authenticated in this way, client access to the hosts and services on the blockchain nodes is equally secure as transactions on the ledger.
The above methodology is used by DIBS to create a framework for hosting DApps that use the blockchain. DIBS creates “nodes,” which host clients and services on top of a fully secure peer-to-peer (P2P) network. On this P2P network, clients using the framework can communicate privately and securely. Each node is provisioned with a wallet and private key whose public key is registered in the blockchain. Nodes are added to the P2P network as they become active.
1.1 Blockchain, decentralized applications, and software as a service
1.2 How HTTPS and VPN will be incorporated
1.3 Blockchain and Remote Authentication
1.4 The Authentication, Authorization, and Access (AAA) Framework
1.5 Software Development Kits
1.6 The DIBS full life cycle applied to applications
2.1 Blockchain Ledgers and P2P
2.2 The P2P Network and Application Access
2.3 Nodes in the DIBS decentralized network solution
3.1 Block Chain and Blockchain Nodes
3.2 Authentication, Authorization, and Access through Blockchain
3.3 DIBS through Blockchain processes
3.4 The P2P network with VMPLS
3.5 Peer-to-Peer Network for Enterprise
3.6 DIBS Virtual Private Network (VPN) Support
3.7 VPNs built on top of P2P connection
5.1 Four Modules of DIBS-enabled VPN network built on QLC Chain Node
5.2 P2P Layer
5.3 VPN Module
5.4 Blockchain ledger
5.5 Universal DIBS VPN Controller
6.1 DIBS for private network and traffic management
6.2 Additional layer for network identity management
6.3 Cloudless P2P communication and Virtual Data Storage
6.4 Security using NETWORK DIBS via smart contracts
6.5 Replace Google login, with a new universal login for users
6.6 Telecom industry
The NETWORK DIBS framework provides a solution of authentication and access to the blockchain community. The hope is that the technology will be widely deployed and replace many of the proxy usages that rely on opaque security and privacy protections of popular social media sites (i.e. Facebook, and Google). The NETWORK DIBS framework provides identity verification with the same cryptographic strength as the records on the blockchains. It’s a decentralized authentication, authorization, and access that is protocol agnostic, and can be used in any blockchain.