Cyber security and Blockchain technology. Does it have a role to play?
For the less initiated, a Blockchain, is a growing list of records, called blocks, which are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data. By design, it provides a resistance to modification of the data.
The question though is, can Blockchain technology be used as a security tool?
The answer appears to be an overwhelming, yes. Cyber security professionals are finding that the qualities Blockchain technology brings to a solution are effective in securing data, networks, identities, critical infrastructure, and more. Certainly the technology is being used in a number of security applications, ranging from record-keeping, to acting as part of the active data infrastructure, with more options on the horizon. However, whilst we can all become excited as Blockchain technology grows, it's important to keep this potential in perspective.
One of the frequent claims is that, it’s "un-hackable" technology. Whilst no intrusive hacks have been reported yet, it's wrong to suggest that Blockchain technology can't be hacked. Everything can be hacked but what should happen moving forward is that cyber security professionals should treat Blockchain technology as a useful tool. The important thing to remember though is not to expect this technology as the salvation for all our worries.
All this being said, Blockchain technology is being used as an effective security tool in a number of interesting ways not previously available to cyber security professionals.
Identity on the network comes in two ways. One is the identity of the user and the other is the identity of the device. In the case of the IoT, where there often is no user in the traditional sense, authenticating the identity of the device itself is critical, and a Blockchain technology has been introduced to establish and maintain those device identities.
Spreading the Storage
The “enemy” adores databases. Single entities that contain terabytes of information mean that a single successful intrusion can result in thousands, if not millions, of records being revealed. Using Blockchain technology, data can be stored on a wide variety of systems, with the integrity of each node, and therefore the database as a whole, guaranteed through the ledger calculations.
Accountability & Compliance
It’s sad to say, but there still appears to be a culture of lip service towards security requirements, however data owners and regulators want more. They want verifiable evidence that the right steps have been taken and Blockchain technology can be a valuable tool for providing that evidence.
Integrity of Data
The same qualities that make Blockchain technology valuable for regulatory compliance and accountability, also make it a worthwhile tool in protecting data integrity. Blockchain technology is a decentralized, tamper-proof mechanism. It holds all the information the systems need to operate but no one node has all the information required to make any change.
Infrastructure for example (i.e. utilities) needs protection and comes with its own unique security challenges. Blockchain technology provides specific advantages in infrastructure protection, coming from the dual qualities of change verification and transaction transparency. It becomes far more difficult to hide malicious activities on a network when there is a record of every change when the authority to make a change must be verified by a distributed system.
The most vulnerable part of an encryption system lies in the storage of its encryption keys. If the “enemy” is able to gain access to key storage, then they have access to all encrypted messages within the system. In turn, such a breach will provide security credentials users employ to be authenticated into the system at various privilege levels.
Rather than keeping key stores carefully secure in secret locations, the security concept is based upon the distributed nature of the Blockchain and the complexity of the hash algorithm to secure the information. In doing so, the Blockchain takes many of the attacker's tools out of play thereby making the entire process far more secure.
Sensitive Data Security
If the stored data is amongst the most sensitive of personal information because of the nature and quantity of data stored, cyber security professionals are looking at Blockchain technology as a way of securing these highly sensitive electronic records. In time, the technology will become widely used for safe storage of medical records as a specific example of what the technology can provide.
We are in the early days of using Blockchain technology as a cyber security measure. However, this technology will come of age because it offers new and expanding solutions that counter the threats cyber security professionals face in their efforts to deny access and disruption caused by data breaches.
I look forward to seeing Blockchain growth, but will this mean the end of cyber security? Alas not.
MIET, MBCS, Security & GDPR Specialist