Blockchain making waves in nextgen cybersecurity
The blockchain has become synonymous with bitcoins, especially in recent months with heightened awareness after massive increases in the price of cryptocurrency. However, the technology, which also facilities smart contracts, is about much more than currency. As a technology it offers a number of key features that can be used in systems from identity to trading to cybersecurity.
It acts as an immutable database of transactions. Today, more than any period in history, we transact our personal data across multiple channels to perform tasks, like online banking and shopping. Our personal data has essentially become a commodity in its own right, used to transact.
Cybercriminals take advantage of this ‘personalized commodity’ too, evidenced by the massive data breaches like Equifax and Uber. The world of cybersecurity, in an effort to protect these data, is turning to the blockchain.
Cutting Through The Blockchain Hype
The schema for the blockchain was originally published as the underlying architecture for the bitcoin system back in 2009. As we have already stated, the technology is based on a database of transactions, originally transactions based on bitcoin entries. However, this database does not store information as such; you can’t store your address on the chain. Instead, it stores a hash of the transaction of these data.
The resultant entry is tamper-proof, anonymous, and immutable. Every time a block is added it has to be verified by multiple parties – i.e., that the hash of the transaction is correct. And, to show a change in a property you need to update the chain by adding a new transaction.
There are three basic types:
- Public: Transactions are publicly accessible, and the system is fully decentralized.
- Private: Controlled by a single organization who also controls the right to register and to the chain entries. This version can potentially deviates from the ethos of the original design in that is removes decentralization. However, if implemented across multiple sites and datacenter it retains the dimension of decentralization.
- Permissioned: This is a hybrid between the public and private versions of the blockchain. It can be thought of a consortium managed system, with no single organization handling the control. In doing so, it offers partial decentralization.
Three Ways That Blockchain Is Used In Cyber Security
The technology is being explored as a potential mechanism to improve security and privacy operations across a number of areas, including:
1- Identity Fraud and personal data privacy – Using distributed ledger technology for digital identity-based transactions is taking off. The decentralized structure is creating more user-centric and controlled identity use cases. There are a number of ways that the technology can be applied to identity transactions, these include:
- Minimal disclosure is an important aspect of privacy. Different blockchain identity systems use different mechanisms to build secure and privacy-enhanced transactions. Initiatives like The Sovrin Foundation are working on a decentralized, self-sovereign identity network controlled by users. Systems may use zero-knowledge transactions which can be processor intensive. However, new systems offer less intensive, but still highly secure, methods of retaining privacy, such as minimal disclosure.
- Blockchain transactions can be part of a wider chain of trust. This would incorporate identity and verification services. An identity, once verified, could be registered to a chain as an assured identity. Coupled with minimal disclosure mechanisms, this identity could be used in formal KYC checks to ensure that fraud is minimized, whilst privacy is enhanced.
- Privacy driven regulatory frameworks, like the EU’s GDPR are based on the ethos of consent. Distributed ledger technology, being transaction-based, is an ideal platform for consent management – consent being a form of a transaction. Consent receipts on the blockchain could be used to demonstrate GDPR compliance around consent.
- Pseudonymization. The blockchain is based on hashing, which is a one-way process. Working Group 29 has defined hashing as pseudonymous but not anonymous. Regulations may be somewhat relaxed, but blockchain registered personal data would not be exempt from GDPR
2- Protecting the Internet of Things (IoT) is becoming an urgent issue. The Mirai Botnet of October 2016 is an example of how massive an IoT attack can and will become. The blockchain holds the key to IoT security in the decentralized nature of the chain and the way that the blockchain handles transactions. The University of Portsmouth by Fremantle and Aziz recently published a research paper on how to use the technology in IoT security. The system they propose is based on a trusted intermediary. This intermediary, audits the device based on device identity, device ownership, and consents. In doing so, it allows a cross-check based system to be built which enforces privacy and security.
3- Decentralization of information is one of the key features of the blockchain that make it a good technology to base critical infrastructures upon. Having no centralized point of failure or trust makes hacking more difficult to instigate. As an example, a blockchain could be used to store DNS records and so remove the central point of failure on DDoS attacks. This type of system has been described by Philip Saunders in a paper ‘Nebulis’.
Blockchain? A Revolution Or Evolution In Cyber Security?
Blockchain technology gives us a powerful tool in our arsenal to help prevent certain types of cybercrime. The decentralized aspect of the technology is the key to enabling security and privacy, from securing data transactions to minimizing information sharing as well as protecting individual IoT device usage.
Creating blockchain based systems for identity, the Internet of Things, and critical infrastructures can resolve some of the biggest issues we face in cybercrime today.