Blockchain: Cybersecurity Help or Hinderance?
Blockchain technology has wound its way around the world, it has seeped into every sphere of our lives from banking to healthcare and beyond.
Blockchain Technology is defined by Alex Tapscott (2016) as being; “An incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value”
If you haven’t heard of it, you’ve probably heard of its most well-known utilisation, Cryptocurrencies, the most universal of which is Bitcoin. Bitcoin is a digital currency and Blockchain algorithms enable Bitcoin transactions to be aggregated in ‘blocks’ which are added to a ‘chain’ of existing blocks using a cryptographic signature.
The blocks contain digital information and the chains are public databases. The blocks have three parts;
- Transaction information
- Information about the participants (i.e. sensitive information such as a person’s name is coded using a “digital signature” which is like a username)
- A “hash” which is a unique code which allows blocks to be told apart. As each block can store up to 1MB, it is likely to store information about many transactions. Once the transaction has been verified, it can be processed.
The reason why this technology has gained popularity is that you can put any digital asset or transaction into the blockchain, regardless of the industry. For example, blockchain technology can support; Identity management systems, supply chain solutions, public records such as property registers as well as other applications, especially those that require sharing verified data among multiple geographically distributed parties.
The Cybersecurity industry has been significantly impacted by this technology with a scope for more in the future. Blockchain Technology can be used to prevent any type of data breaches, identity thefts, cyber-attacks or foul play in transactions. In Alex Momot’s words, ‘By removing much of the human element from data storage, blockchains significantly mitigate the risk of human error, which is the largest cause of data breaches.’
So, will blockchain technology be a cybersecurity help or hindrance?
Blockchain and Cybersecurity
Blockchain technology may be able to help solve difficult cybersecurity problems that require reliable distributed data and records. Some potential applications include;
- Using blockchain technology to support trusted cybersecurity information sharing across widely unrelated organisations.
- Building distributed identity management registers.
However, these use cases and others are the subject of much debate as viable real-world applications have yet to become mainstream.
Blockchain Cyber Vulnerabilities
Identifying and managing known vulnerabilities is a core element of any basic cybersecurity program. It is important that organisations treat Blockchain environments like their other business critical resources and follow commonly accepted cybersecurity practices.
Platform Weaknesses - Blockchain applications usually run-on general-purpose operating systems and platforms that are vulnerable to known hardware and software flaws. Even special purpose blockchain platforms frequently depend on general purpose hardware and software.
The edge of any blockchain where users interact with the system is often the gateway for cyberattacks. End-user vulnerabilities may allow attackers to infiltrate and compromise private blockchains by impersonating authorized users. End-user vulnerabilities can include:
- Private key management - Blockchain network integrity depends on encryption algorithms, such as public-private key methods. Most reported cyberattacks relating to blockchain have succeeded by stealing end users’ keys, not attacking the blockchain itself. Individuals may lose or misplace their private keys, resulting in the loss of blockchain-stored assets because private keys are not reproducible by design. End users must understand and protect the private keys they hold on their systems or other media.
- Phishing, malware, impersonation and other end-user attacks - Cybercriminals can use general end-user attacks to gather user credentials or infiltrate blockchain applications.
Some have raised concerns about tensions between using blockchain technology and increasingly common data privacy and data protection obligations. The introduction of GDPR supports individuals’ rights to request data deletion under some circumstances.
Specific blockchain applications can address these concerns and other related data protection issues in various ways, such as limiting the use of personal data or storing it separately from the transaction register, supporting data processing agreements in private blockchains. Using enhanced encryption techniques, such as additional private keys for handling personal data. Organisations can easily destroy these keys if an individual requests deletion, making personal data unrecoverable.
Blockchain and the IoT
Blockchain technology has been widely hyped as being able to support a variety of innovative and potentially disruptive applications. One area that is commonly mentioned is the struggle to secure connected devices within the ever growing IoT.
Blockchain technology could potentially enhance the security of IoT devices and their associated networks, creating an internet of trusted things by using:
- Device authentication - Blockchain technology may offer a way for devices in an IoT network to authenticate each other, ensure that their communications with each other are valid and quickly detect and report rogue devices.
- Network resilience - Within the IoT there is typically a central authority that manages devices and the data they generate. Blockchain technology could enable individual devices, to be more independent. For example, IoT devices participating in a blockchain-enabled network could determine what is normal device behaviour, identify and quarantine devices engaging in unusual behaviour and be able to flag devices for review.
Help or Hindrance?
Cryptocurrencies and blockchain technologies are no longer a fad, they are here to stay. Over the past year both have gained significant attention from professionals across a range of industries.
Blockchain is undoubtedly a useful, innovative technology. Some financial institutions have already started embracing it for authentication, such as US bank Capital One who is working on a blockchain system that will receive, store and retrieve encrypted user authentication data.
However, there is still a long way to go and the market is still in the very early days of testing. Before Blockchain technology could be successfully adopted, trust needs to be established, only then will could this practise become mainstream.