Biometrically secured storage networks
Lately the idea of biometrically secured decentralized storage networks has been boggling my mind. Wanted to share some thoughts and hear your opinions on the matter.
So imagine a decentralized storage network like IPFS or BitTorrent protocol but where the storage nodes are bioauthorized by real unique human beings. Originally this idea arose from the question: “What if I wanted to have a cloud for my personal data but which I could entrust only to a specific group of individuals?”. It’s quite a common question these days.The logic might be as follows: I don’t really like storing my stuff in a centralized storage but at the same time I don’t want to store my personal sensitive information in a Sybiled decentralized storage on random servers and I don’t want to hassle with setting up the server for my cloud as it’s either technical or time-consuming. What I need is to be able to choose the exact people who'd be authorized to store my data with customizable types of storage, authority and responsibility.
Here we can imagine a decentralized storage protocol that allows the deployment of a server only through a two-factor authentication consisting of a key and biometric verification or some kind of deterministic way of biometric authentication. But for the ease of the thought experiment let’s just go with the deterministic version where the biometric modality (a body part used for scanning) is the key. Or in other words a biosign, when something is signed with a key deterministically derived from one’s biometrics. For the same sake let’s assume that the modality used is facial recognition via computer vision.
The simplest example is personal storage. I would like to trust my closest relatives, friends or popular individuals (pseudonymous or public) with my private stuff: birth certificates, passports, internal docs, certificates of ownership, banking docs etc. It is not that I run a server locally or in the cloud and just give them access. They run their biometrically authorized nodes either locally or on a cloud server in a decentralized network and I compensate them in some form (crypto, fiat, services, etc) for doing so. Thus as a user I don’t meddle with running and keeping the security of the server but at the same time I am in control of whom to trust and whom I hold responsible for my stuff.
I could also be combining various types of people to trust. For example I want to create a decentralized cloud that stores my data across the servers bioauthorized by my wife, uncle Bob, Snoop Dog, some 10 random pseudonymous identities, an anon from 4chan and a top manager from Walmart. This combination allows me to hedge the risks of something happening to my data to various types of identities: private, public, popular, anonymous, professional etc. but most importantly like in a centralized storage it transfers the responsibility away from me to the people who are willing to take it.
Another example might be storage for organizations. Instead of a centralized storage with various authorization levels and a sysadmin overlord, we can imagine an infrastructure with servers that are biosigned by partners or directors. They can have the data equally distributed among them or there can be cases where some data is to be stored in a precise location that is biosigned by an authorized person. This way there is a detailed control of responsibilities and causality of access data.
The initial interaction between a user and a bioauthorized storage holder can be done in such a way that mitigates MITM (Man In The Middle) attack. During the initial signature session both parties are present and the storage holder goes through the biometric scanning while the user is present to verify that indeed this person went through the scanning. You can compare it to the solution handled by Telegram during calls where the users can see images that are just derivations of hashes received by both parties. If they are similar then there is nobody on the other side trying to emulate the voice of your counterpart. The same goes for the initial biometric session where parties got to mutually identify each other and carry out biometric scanning with both parties present. In other words, you can check the bioauthorization yourself.
To delve a little bit deeper into it we got to understand the pros brought by the biometric aspect of authentication.
What facts does it give us?
The most important one would be that a living unique human’s biometric modality was present in front of the sensors at a certain point of time and space during the session (logically at the beginning of it). Let’s also assume that the video feed received by the sensor is not injected.
If there is a proper facial recognition protocol, a biometric search and matching algorithm able to tell that the facial features belong to the same person in two different bioauthorized sessions and a precise liveness detection then we can assume with high probability that the same person was present both times. If according to the network’s security a party is not able to access the node without biometric verification and there were no sessions authorized by some other forms of keys then it means that the state of the storage was not tempered with unless a person responsible was present in front of the sensors at some point during the session.
If we combine this type of storage with a blockchain running smart-contracts then we get a biometrically secured storage network where users can set up multi-level relationships with each other, outline responsibilities, compensate each other and solve disputes without the help of a third-party. If such a system would run alongside Humanode then we could have two per-human distributed layers working together to ensure that both computation and storage are legitimately decentralized. Human nodes would be able to run nodes in the cloud which is distributed. Add a decentralized mesh network into the fold and we’ll be getting even closer to proper decentralization. At least we’ll be getting closer to actually counting how decentralized we are but this is a theme for a separate write-up.
Interesting thing is that if a deterministic key derived from one’s biometrics exists then we could hypothetically incorporate it into the hash generation in merkle trees on IPFS forever binding a person’s biology to an addressable file in a decentralized storage network. We could add biosigns from both sides to strengthen the causality of data potentially leading to creation of biosigned Merkle trees allowing very specific discovery and fetching of data.
Now what are the cons of this approach?
Indeed a person's biometric modality might be present during the bioathorization but we can’t guarantee that the entity interacting with the accessed environment is the same person. Actually we can probably ask to biosign every operation but that would be a really frustrating experience. Bioauthorization in this case opens up a window of interaction that stays open throughout the whole duration of the session that is usually limited depending on the requirements of the security. Commonly there are several critical alterations of the state where a network would require you to sign something for additional security.
The majority of people tend to trust centralized companies as they are “too big to fail”, have somewhat secure infrastructure security and most of the time can professionally and publicly be held responsible for their actions. Why would you trust somebody without being able to hold him responsible? Unless somebody can be held accountable in real life and can have justice served to him by authorities, trusting someone with your precious data is a hard sell.
When some malicious actors want to steal your data virtually or physically then they would just need to get their hands on the key or if you felt threatened you could just give it away. If we’re talking about biometrics then it, of course, changes the rules of the game, potentially making harder to get through the defenses but at the same time if the potential prize is too big then it poses a real life danger as the perpetrator might try to get to your biometric modality and you won’t be able to easily give it away as it is, for example, your face.
With that being said there are a lot of unsettled questions about bioauthorization deployment of nodes. A lot of failsafes must be put in place to deliver a robust and flexible system that is able to deliver the same level of security and integrity as centralized systems but if such a network would exist then it would potentially make storage more secure and distributed. Looking forward to hearing your thoughts on this.