US Flags Flying Beside the Battleship Missouri memorial

US Navy wants to make its ‘Paranoid’ blockchain software supply chain system available

The United States Navy is looking for participants from the private sector to help develop PARANOID, a blockchain-based system that was built for its own avionics software. The technology is designed to track software development and deployment at all steps in its supply chain and for the lifetime of the code.

Though designed for warplanes and other weapons systems, the Navy decided PARANOID has applications in any mission-critical software development environment (including embedded systems) requiring high levels of security/auditability. It’s now seeking partners to install and use PARANOID under a cooperative research and development agreement (CRADA) to help research and develop it further.

There’s no reason its principles can’t be applied to any kind of software development: military-grade, enterprise, or consumer, provided the base blockchain can scale to support large data throughput and affordable transaction fees. The military is likely to trust only a proprietary (i.e., closed) blockchain network, but a trustworthy open one like the BSV Blockchain could do the same job just as well.

What is PARANOID?

“PARANOID” is a catchy backronym for “Powerful Authentication Regime Applicable to Naval Operational Flight Program Integrated Development.” The method was first described in a 2021 research paper from the Naval Air Warfare Center’s Aircraft Division (NAWCAD) as “a vision for non-circumventable code signing and traceability for embedded avionics software.”

“A cyberattack on U.S. Naval avionics software systems and on the avionics software supply chain is disturbingly feasible,” it says. Targets for disruption or sabotage would include any vulnerabilities in Operational Flight Program (OFP) software itself, and also other elements in the supply chain and supporting systems.

Developers work within a secure development environment (SDE) modified to interact with a blockchain network. It works by generating a transaction for each critical software development function (compiling, linking, editing etc.) that is embedded with additional data, including who made the change, with what, and when. In other words, it works on similar principles to other more commonly used software version-control systems (e.g., Git) but with blockchain.

Befitting its name, PARANOID also has an enforced security policy. Every transaction includes information about the user, tools used, and whether (or how) those tools have been modified. According to the paper, one key original concept of the design is that it “treats assigned developer time as a transferable digital currency,” its native digital token represents time-limited authorization for developer actions.

The Navy wants to commercialize the PARANOID system and other innovations it has developed that may have applications in the private sector. TechLink is the Department of Defense’s national “technology transfer partner” established for this purpose. The idea is to help companies “establish a mutually beneficial relationship with the Navy,” by making technologies available to companies that apply for a license or CRADA.

A scalable, proof-of-work (PoW)-secured blockchain network would be equally capable of handling such a task, even a “public” network like BSV. After all, the blockchain is simply a secure, immutable timestamp server that can be used to record any information—public or encrypted/private.

The BSV blockchain is a base layer infrastructure that’s usable by anyone who wishes to develop an application that interacts with it, even government or enterprise-tier systems. Companies such as UNISOT have developed systems that track and record stages of a supply chain, and SmartLedger has created the CertiHash suite that monitors security logs and alerts to any unauthorized access or intrusion attempt.

Both apply the same principles, which are also the principles of systems like PARANOID, to log records and alterations, as well as those who made them and when. In fact, the distributed nature of open/public blockchains is likely more secure than proprietary ones. This option would be more likely to save clients’ money and without the need to enter into any agreement with the military.

Watch: Supply chain traceability powered by blockchain tech

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.