Strengthening the “critical chains” among nodes and persons within complex cyber-physical systems of Fintech and Insurtech industry
The Fintech and insurance industry (or Insurtechs) are evolving from cyber-only to cyber-physical as systems are evolving to the System-of-Systems, combining “things” with integrated computing facilities and data storage.
Besides their popular use for cryptocurrency transactions, Blockchains can be used in both the finance and insurance sector to increase the robustness and reliability of decentralised cyber-physical systems, including the financial transaction networks and online claim processing operations.
Given the critical nature and the vulnerabilities of cyber-physical systems, these must be continuously safeguarded against evolving cyber-attacks.
“The recent technology trends indicate the rising of trustworthy cyber-physical systems as nearly all stakeholders agree that the underlying technologies should be monitorable, verifiable, safe, secure, privacy-aware and accountable,” says Prof. Salih Ergün, CTO of ERARGE and the author of over 100 publications in leading scientific conferences.
IoT, Security and Blockchain in Insurance and Fintech Industry
The digital ecosystems have evolved to “system-of-systems” that are composed of many cyber-physical systems, sub-systems, modules, devices, and entities interacting with each other in complex IoT environments. The IoT for banking helps save time by dealing with data collection and huge data transit. Financial institutions improve customer experience and the entire banking security system where customers can conduct various types of transactions without visiting banks, through automated customer care services such as virtual assistants. IoT has the potential to radically change the insurance sector by enabling more effective and accurate situational awareness to determine and monitor risks precisely.
It has been reported by McKinsey[1] that four digital ecosystems are emerging where IoT can take place for IoT-enabled claim verification and risk prediction: i) Mobility and connected vehicles; ii) Connected Health; iii) Smart housing; iv) Commercial lines.
It is obvious that blockchain has already disrupted the finance world as the financial transactions are getting more international at a global scale. The integration of blockchain technology with fintech and Insurtech can provide traders and insurance stakeholders can support the financial services including claim verification and efficiency throughout the complete transaction processing lifecycle. When integrated with IoT-enabled monitoring, blockchain enables the tracking of each and every verified transaction and the recording all the actions taken by the associated people so that regulators can confirm the authenticity of the record (regulatory compliance). Blockchain enables more integral and decentralized auditing of transactions, and even crowdfunding, through transparent mechanisms. Blockchain enables transactions smart contract enabled transactions between trusted digital identities.
Holistic Cyber-Physical Security
Dealing with the abovementioned research and innovation pathways ERARGE has contributed to the development of a holistic cyber-physical security strategy in the Critical-Chains project. Secure Cyber-framework, Authentication-as-a-Service (AuthaaS), Hardware-Security-as-a-Service (HwSaaS), and Cryptography or Crypto-as-a-Service (CryptaaS) are the main components of the Critical-Chains main framework aiming to improve the cyber-resilience of finance and insurance infrastructures. Blockchain-as-a-Service (BCaaS) enables decentralized accountability and data integrity where distributed ledgers are used either for financial transactions or insurance claim verification. These cyber-physical services, i.e., X-as-a-Services, are combined for better security and privacy protection in finance and insurance transactions. In Critical-Chains, ERARGE has developed HwSaaS at the FPGA level as a Hardware Security Module (HSM) operating at the server-side. HwSaaS enables low-level cryptographic functions, such as symmetric and asymmetric encryption, hashing, and crypto-key generation. The underlying research has been finalised by prototyping either lower cost or higher throughput True Random Number Generator (TRNG) design alternatives, e.g. reconfigurable TRNG based on transient effects of ring oscillators and chaotic oscillators, respectively.
CryptaaS is provided by ERARGE as a high-level software service that enables basic cryptographic functions. CryptaaS enables the fast encryption of any financial transaction, data-at-transit, or data-on-storage. CryptaaS is based on a service-oriented architecture and on-demand ready service whenever needed or called by other XaaSs. CryptaaS jointly works with HwSaaS that enables prime number and crypto key generation, secure key storage and exchange, symmetric and asymmetric crypto-functions which are all compliant with Public Key Cryptographic Standards.
Finally, AuthaaS enables both person and node authentication towards more trusted IoT and blockchain-enabled applications. An authentication token, called SecureStick, has been developed which applies 3-factor authentication including something the user knows (password), something the user has (token itself) and a biometric signature e.g., facial biometrics. Biometric match-on-device has been implemented to ensure GDPR-compliant operation. For node authentication, ERARGE and IMEC-NL joined forces to adapt the chip-level secure distance bounding with BLE that has been integrated with SecureStick. This approach paves the way towards portable solutions such as wearable authentication tokens s can be implemented in this case.
A novel use-case where Critical-Chains innovations meet: Critical-Chains User-in-Range Presence Verification – Application in Pandemic Restrictions Compliance Related Insurance Claims Settlement
The COVID-19 crisis has affected the world in an unprecedented way. In addition to the public health effects of the disease, measures to contain the spread of COVID-19 have pose significant risks to food and nutrition İndustry through disruptions to food production, distribution, and access. The rate of economic growth has significantly decreased, many labourers have lost their work and many farmers have stopped their production. For instance, a reduction in labour availability due to COVID-19 is estimated to have reduced U.S. agricultural output by about $309 million in the period March 2020 to 2021. Major problems that have been exacerbated due to the side-effects of COVID are related to labour supply, market access, lack of technology for inclusivity and resilience, and food security[2].
To cope with the business interruptions and discontinuity in production processes, insurance companies can compensate the economic losses to some extent. Many disruptions have arisen due to lockdowns, travel restrictions, supply chain and logistic problems. In many countries, if someone is infected with Coronavirus, a quarantine procedure is applied for a certain period. In case of wider spreads of COVID, farmers and labourers can be quarantined in their homes for weeks. Insurance companies are working on loss calculation and mitigation cost estimation in such cases. They are presenting new claim policies. Whatever the policy, insurance companies need to ascertain if the affected farmers or farm personnel are COVID-positive, and, the extent of their actual compliance with the quarantine rules, so that real consequent losses can be determined reliably.
Thus, there is a strong need to develop quantifiable and trusted measures for farmers’ proximal location presence verification.
The solution is based on the effective use of the Critical-Chains main framework and its underlying services aiming to verify that the farmer stays at home during his/her quarantine period. The main framework is responsible for managing the insurance claim verification process by linking the insurance company’s services with the end-user, farmer in our case, guaranteeing a trusted end-to-end secure channel. The Secure cyber framework at the backend improves the resilience of the main framework against cyber-attacks.
AuthaaS enables both person and node authentication. Here, node authentication is realised for proximal location presence verification of the farmers. For instance, the technology can be applied as a wearable IoT device or a portable device that can be carried by the farmer/patient. Person authentication is realised by the SecureStick, which is an authentication token strengthened with secure distance bounding technology.
HwSaaS and CryptaaS are complementary services of the Critical-Chains main framework as these two solutions secure the insurance claim data, including the instantly monitored location data, and other personal data to be protected for both security and privacy requirements.
Finally, BCaaS works at the backend to enable data integrity and accountability which has been addressed in new-generation decentralised insurance services based on distributed ledgers and smart contracts.
Conclusion
Cyber-physical systems are pushing the boundaries and capturing new markets for Fintech and insurance companies and reshaping the way they run. The entire System of Systems needs to be resilient against cyber-physical attacks and the vulnerable chains within the entire set of operating nodes and services. “We see the same demand in emerging areas where blockchain-enabled technologies are positioned. There is an increasing demand for trusted, easy-to-use and easy-to-verify cyber-physical systems in both finance and insurance as these sectors are horizontal and touch all other sectors. We are glad to see that the Critical-Chains vision is applicable for other sectors, as we have found invaluable opportunities to collaborate with the distinguished partners in this project and applied our innovations in transportation (toll collection use case) and healthcare (pandemic use case) demonstrators. I’m sure we will have more opportunities to carry the gathered experience to further areas of implementation.”, says Prof Ergün.
Authored by Alper Kanak, PHD. Research and Innovation Director @ ERARGE
[1] https://www.mckinsey.com/industries/financial-services/our-insights/digital-ecosystems-for-insurers-opportunities-through-the-internet-of-things
[2] Lusk, Jayson L., and Ranveer Chandra. “Farmer and farm worker illnesses and deaths from COVID-19 and impacts on agricultural output.” Plos one 16.4 (2021): e0250621.