US Navy opens blockchain security to private entities

The US Navy is seeking private partners to research and develop its proprietary blockchain-based security technology called PARANOID.

It is a solution to protect the software that manages the supply chain, and which uses blockchain to ensure the security of software development environments and to verify the finished software.

For now it is still only a prototype (TRL5), and consists of a Hyperledger-based blockchain infrastructure, a server application, a plugin for Visual Studio and Visual Studio Code, and an offline software testing application.

US Navy: Opening the Paranoid blockchain project to private individuals

According to Press release issued a few days ago, the Navy is looking to partner with private industry to develop this software which allows for traceability and provability in software development.

Software has now become an integral part of both military aircraft, vehicles and weapons systems, so a solution is needed to ensure a secure software supply chain. This is why Paranoid was developed.

Now the Navy’s goal would even be to commercialize this innovation, although Paranoid was originally developed exclusively to support the safe development, in particular of avionics software for the Naval Aviation Enterprise (NAE) aeronautical programs.

However, this solution is theoretically applicable to any organization or company that needs full traceability with certain provability for software development, in order to prevent attacks that could occur during the development itself.

Paranoid is available to private enterprise through TechLink, the Department of Defense’s national technology transfer partner, but the Navy also offers private developers a Cooperative Research and Development Agreement (CRADA) that allows collaboration between government entities and private companies.

TechLink senior technology manager Nida Shaikh said:

“An ideal CRADA partner would be a company interested in developing a solution to secure the software supply chain. This would include companies in the software development field that would be willing to install and test PARANOID for feedback and scalability.”

What is paranoid

This new technology was invented by NAWCAD, the Aircraft Division of the Naval Air Warfare Center in Lakehurst, New Jersey.

The problem to be solved was security verification at all stages of the software development process, from the creation and modification of the raw source code to its compilation, to the creation of a final application and its delivery to the end user.

The fact is that each of these steps theoretically contains countless opportunities to launch cyber attacks, both from the inside and the outside, such as secretly inserting malicious code or exchanging one file for another.

The PARANOID method solves the problem by guaranteeing the integrity of the software throughout its life cycle thanks to the blockchain.

The existing prototype, operating at the so-called Technology Readiness Level 5 (TRL5), integrates with existing open source development environments, such as Visual Studio and Visual Studio Code, and connects developer actions to blockchain transactions.

According to the inventors of PARANOID, this methodology on blockchain has proven to be a viable approach to support complete traceability and strong provability of development system integrity for mission-critical software.

The advantage is that the blockchain is an unalterable register that can be consulted by everyone, directly and without intermediaries. Any alteration of the blocks would be immediately detected.

All participating computers keep a copy of this ledger, so they can verify it without having to resort to intermediaries, and all transactions are verified and updated according to public protocol.

With PARANOID, every critical software development is a transaction on the blockchain, so any unexpected changes or other cyberattacks are detected immediately.

The goal is to effectively prevent unauthorized modifications of the source code, but also the unauthorized replacement or insertion of files, objects, executables and test packages.

Blockchain beyond cryptocurrencies

The first example of a public, decentralized blockchain appeared in January 2009 with the mining of the first block of Bitcoinby Satoshi Nakamoto.

Initially, this technology was used only in the field of cryptocurrenciesbut later it was realized that its characteristics also made it excellent for other types of use, including, for example, NFTs.

Specifically, a public and decentralized blockchain proves to be unassailable and unchangeable, because anyone can verify firsthand that all transactions are correct.

In the case of Paranoid, however, a public blockchain is not used, for obvious reasons, but an authorized DLT (Hyperledger) which however plays a very similar role.

In fact, anyone working on software managed with Paranoid will have direct access to the software transaction chain, thus being able to verify firsthand and without intermediaries that all transactions are correct.

It is conceivable that there will be different levels of access, and that data from different software will not be shared even between different development teams, and given that Paranoid is already in use in TRL5, it is conceivable that this technology actually works well.

We remind you that it is not necessary to register the code itself on the blockchain, but it is sufficient to register a validation hash of the code so that the code cannot be traced back to the hash in any way, but it can be used with absolute certainty to validate it, thus allowing to verify firsthand and without intermediaries that the software used corresponds exactly to what is certified on the blockchain.

Fuente