What is Blockchain and Why is it Useful?

As the term ‘Blockchain’ appeared more and more frequently during my initial research, it seemed to be the logical next topic to explore, especially;

What is Blockchain?

 

To quote ‘s article on computerworld.com..

First and foremost, Blockchain is a public electronic ledger that can be openly shared among disparate users and that creates an unchangeable record of their transactions, each one time-stamped and linked to the previous one. Each digital record or transaction in the thread is called a block (hence the name), and it allows either an open or controlled set of users to participate in the electronic ledger. Each block is linked to a specific participant.

Why would it be useful?

Blockchain can only be updated by consensus between participants in the system, and when new data is entered, it can never be erased. The blockchain contains a true and verifiable record of each and every transaction ever made in the system.

This TED seminar entitled: How the blockchain will radically transform the economy, by Political Scientist, Entrepreneur and Activist, Bettina Warburg, served as a great introduction to the subject and the role it could in our modern lives.

Miss Warburg’s talk, explains why we stand to benefit from using Blockchain technology, however this and many other videos on the subject all focus on the financial / economic effects. This is evident in brief online searching, with the rise in popularity and media coverage of blockchain backed ‘cryptocurrencies’ such as Bitcoin, more viewers as switched onto and convinced of the potential financial gains to be made.

Jessi Baker’s startup company Provenance however seem to be exploring the benefits this technology could make to supply chains and product lifecycle applications.

As a platform, Blockchain can help aid data transparency along a supply chain, a trait which Miss Baker believes could be used to enhance retail experience, certifying a brand’s identify and core beliefs and give more power to consumers.

From my initial reading, I feel this technology and framework could be tailored to enhance the security in the digital manufacturing chain, when combined with the file integrity techniques currently championed by software companies like Identify3D.

Manufacturing organisations currently have plenty of options for securing and distributing their content to chosen vendors, but NDA’s and the threat of legal ramification are still relied on to ensure this data is not misused or shared without permission.

If a system existed, where encrypted digital manufacturing assets were distributed across a network, with access limited to select users and crucially the system would prevent unauthorised file use or modification, this could revolutionise the industry and simply thousands of workflows around the world.

Identify3D – Case Study and Initial Contact.

Further to my previous post regarding the TCT article posted by Laura Griffiths, I wanted to further explore the role which software provider Identify3D are playing in digital manufacturing security and what direction this sector is taking to maintain digital assets.

Their three stage ‘Protect, ‘Manage’ and ‘Enforce’ range of software, aims to capture, encrypt and license digital manufacturing data, from CAD/CAM data, licensing, commercial contracts & production information.

By securing this ‘digital thread’ which tracks a design, manufacturing and deployment, Identify3D can provide their customers with exact knowledge of how, where, when and by whom their parts were manufactured.

The company are expanding into a variety of sectors and already have SLM, Renishaw and EOS as partners.

 

I reached out to their Head of Business Development, Tim Rose, asking if he would be willing to answer a short questionnaire for my research purposes, which I’ve listed below;

 

– How did business start / what led to the company’s creation?

– Do you see a trend towards increased awareness of cyber-security and asset protection in the manufacturing sector, similar to those seen in IT, Finance, Utilities, Defence and similar sectors.

– Are manufacturing companies now actively seeking out services of companies like yours, or is it still on experts to convince them of this requirement?

– Do you believe there is any scope for updated and improved digital manufacturing file formats to aid with security?

– Where do you think the most innovative research into digital asset protection is currently being performed / Are there particular schools whose research you keep track of?

– One topic I’m hoping to explore further is the validation of files, checking if a 3D printed part matches the design intention and to check for any outside interference. Are there any particular tools or techniques that your staff would use for this sort of task?

– What are the biggest hurdles to the better protection of digital manufacturing property.

Finally, as most of my research and document access is based on European libraries, are there any ANSI standards that are particularly applicable for your business?

Using Blockchain Networking to Secure Digital Assets

This week, whilst reading further into manufacturing specific cyber-security concerns, I came across the following TCT magazine article, written by Laura Griffiths.

Maintaining the Digital Thread – From Augmented 3D printing to Blockchain

One chapter caught my attention in particular, where the article touches on using Blockchain networks to securely host and transfer manufacturing data from designers to 3D printing service bureaus, focusing on Link3D’s flagship product ‘Digital Factory’.

In theory, the process could be revolutionary for digital manufacturing, where secure records of data transfer and modification are stored across a network of peers. The technology is most widely known as realising the recent rise of cryptocurrencies, such as Bitcoin, but the core technology could have far wider reaches than just the financial sector.

I plan to explore this idea further, which could form the basis of my proposal for the submission for this module.

Purpose of Information Security

Purpose of IS

The reason to implement information security procedures can be crudely broken down into six major topics, three for the data itself and another three for the users accessing the data.

  • Confidentiality – Preventing data being accessed or copied without approval.
  • Integrity – If data is manipulated, corrupted or overridden without permission.
  • Availability – Ensuring data cannot be erased or become inaccessible without permission.
  • Authentication – Confirming a user is who they claim to be.
  • Authorization – Confirming the user has permission to access the data.
  • Nonrepudiation – Preventing a user denying the performed their actions later on.

            (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-12r1.pdf)

Information Security – Basics

Resource: Fundamentals of Information Security Systems: David Kim and Michael Solomom

What is Information Security? 

A collection of activities to protect IT systems and the data it.

 

Definitions:

  • Internet: Over 2 billion users worldwide, connected via the world wide web.
  • Cybersecurity: Role of a government to ensure national security.
  • Data / Information Security: Role of an organisation or individual to protect their data / assets.

 

Risks, Threats and Vulnerabilities:

  • Risk: Likelihood of something bad occurring & affecting a system or asset (Examples: Loosing data, Non-Compliance with laws, Loosing business).
  • Threat: Any action which could damage an asset, both synthetic and natural (Ie malicious exploits, flood damage, etc) Organisations should have a business continuity plan (BCP) and disaster recovery plan (DRP) in place in the event of a threat taking hold.
  • Vulnerabilities: A weakness in a system, allowing a threat to be realised. Often vulnerabilities result in legal action, hence software developers covering themselves with end-user agreements (EULA’s).

 

What is being protected?

  • Privacy Data of Individuals, (i.e. DoB, Address, Banking Details, Social Security, Utilities)
  • Corporate Intellectual Property (Trade secrets, product development, copyright/patents, reputation)
  • Online Transactions
  • Government (Security, Trade, Military Strategy)

 

What forms a ‘Network’?

  • Cabling
  • Physical Networks
  • Operating Systems
  • Specific Applications
  • Users / Staff

Cybersecurity in Digital Manufacturing – Initial Research

My second module explores the impact of cybersecurity in digital manufacturing chains. Finance, IT, Utilities and Defence sectors have all placed high priority and resources into protecting their digital assets for some time now, but it seems that only recently the manufacturing sector are taking appropriate action.

So where to start? Initially my research will explore cybersecurity in general, why it’s important, how it is implemented and the consequences of poor execution.

Next I intend to look into digital security concerns which are specific to the manufacturing sector, from protecting and tracing IP, motivations to ‘attack’ a manufacturing system and how these organisations should better protect themselves.

This will address current methodologies used as well as future innovations and software changes. I aim to speak with industry experts first hand to understand how seriously the industry and taking the threat of cyber-based attacks.

Following from this, I will look more specifically to additive manufacturing processes, the file formats and techniques currently used and to identify any weaknesses or possible ‘attack vectors’ in the AM workflow. All being well, I will carry out some first hand tests to investigate how a simple desktop 3D print system could be exploited.

 

Meeting Minutes – 11/05/2018

Date of Meeting: 11/05/2018

Present at Meeting: Ben Freeman, Dr Covill

General Comments:
Initial learning goal meeting to discuss the module outline, early ideas and relevant university staff to contact.

Introduced to Dan and Oli in the UoB 3D Printing studio, dialog with them regarding physical testing to begin soon.

 

Module plan as follows:

  • Review existing literature on information security and digital manufacturing software.
  • Review current and future manufacturing equipment.
  • Specific research into security in 3D printing.
  • Review relevant standards.
  • Review current approaches to digital manufacturing security.
  • Perform test case experiment.
  • Write up proposal based on test results.

 

Progress of Previous Action Points:
To update development blog with reflective statements from LG1.

Future Action Points:

  • BF – To start researching specific material on manufacturing information security and test examples.
  • BF – To contact various university staff in the field.
  • DC- To send over links to relevant material for early review.

Topics for Discussion at Next Meeting:

Existing material review,

Date of Next Meeting: 2 weeks time.

LG1 Reflective Statement – Practical Work

A decision early on in planning my work for this module was to include where possible some hands-on experience using some 3D printing equipment, which was implemented during my case study for OSET Bikes Ltd. This was an enjoyable task and was good to take a break from writing about these techniques and actually apply them in person. It was useful to apply these practical skills to the submission, despite my lack of formal training and limited experience with the equipment. I feel this will provide a good benchmark and will be interesting to compare to 3D printed practical work later on in the course, to show some skills progression.

LG1 Reflective Statement – Report Writing

A mistake I quickly fell into when writing the submission for the LG1 module, was ‘regurgitating’ facts, without analysing or being critical or them. On reflection, I believe this stemmed from a lack of clarity on my part, of the intended audience of this report. My intention was to create a visual report suitable for a newcomer to the topic, but with some general engineering and/or design experience. It was later clarified that my audience is predominantly those who are assessing it and therefore the content should be tailored for a greater level of engineering education. This was a mistake on my part and I believe a simple fix for future submissions, by clarifying the finer details of a submission with course staff at the start of a module, before producing a first draft.

LG1 Reflective Statement – Research Sources

Upon beginning my research, I was immediately struck by the lack of books or documentation available in the universities library on the subject, which is perhaps to be expected considering the relatively short time that AM has been considered in academic purposes. That being said, access to the majority of scientific and engineering journals through the academic licenses proved to be a useful resource. 

Much of my research came from publicly available articles and publications, a very useful example was the UK advisory group AMUK. The organisation have released many publications, full of useful insights, quotes and further reading references.