Blockchain’s Brilliant Approach To Cybersecurity

Hackers can shut down entire networks, tamper with data, lure unwary users into cyber-traps, steal and spoof identities, and carry out other devious attacks by leveraging centralized repositories and single points of failure.

The Blockchain’s alternative approach to storing and sharing information provides a way out of this security mess. The same technology that has enabled secure transactions with cryptocurrencies such as Bitcoin and Ethereum could now serve as a tool to prevent cyberattacks and security incidents.

Blockchains can increase security on three fronts: blocking identity theft, preventing data tampering, and stopping Denial of Service (DDoS) attacks.

1. Protecting Identities

Public Key Infrastructure (PKI) is a popular form of public key cryptography that secures emails, messaging apps, websites, and other forms of communication. However, because most implementations of PKI rely on centralized, trusted third party Certificate Authorities (CA) to issue, revoke, and store key pairs for every participant, hackers can compromise them to spoof user identities and crack encrypted communications.

For instance, controversy recently broke over the key renegotiation process of WhatsApp, which could possibly be exploited to push false keys and perform man-in-the-middle attacks on one of the most popular and secure messaging apps in the world. Publishing keys on a blockchain instead would eliminate the risk of false key propagation and enable applications to verify the identity of the people you are communicating with.

CertCoin is one of the first implementations of blockchain-based PKI. The project, developed at MIT, removes central authorities altogether and uses the blockchain as a distributed ledger of domains and their associated public keys. CertCoin provides a public and auditable PKI that also doesn’t have a single point of failure.

More recently, tech research company Pomcor published a blueprint for a blockchain-based PKI that doesn’t remove central authorities but uses Blockchains to store hashes of issued and revoked certificates. This approach gives users a means to verify the authenticity of certificates with a decentralized and transparent source. It also has the side benefit of optimizing network access by performing key and signature verification on local copies of the blockchain.

Another interesting study of identification based on distributed ledgers is the IOTA, a project that applies Tangle (a blockless type of distributed ledger that is lightweight and scalable) to provide the backbone for millions of IoT devices to interact and identify each other in a peer-to-peer manner and without the need for a third-party authority.

“By referencing hashes that match identity attributes of an individual tied to the ledger one can start to reconstruct the entire identity management system. The fact that you can tie these attributes of person to a tamper-proof hash makes it impossible for someone to forge your identity,” says IOTA cofounder David Sønstebø.

2. Protecting data integrity

We sign documents and files with private keys so that recipients and users can verify the source of the data they’re handling. And then we go to great lengths to prove that those keys haven’t been tampered with, which is difficult when the key is meant to be secret in the first place.

The blockchain alternative to document signing replaces secrets with transparency, distributing evidence across many blockchain nodes and making it practically impossible to manipulate data without being caught. How do you prove that the San Antonio Spurs were the champions of the 2014 NBA Playoffs? You don’t need to because it’s general knowledge. The same applies to data on a blockchain distributed ledger.

Keyless Signature Structure (KSI), a blockchain project led by data security startup GuardTime, is one group that aims to replace key-based data authentication. KSI stores hashes of original data and files on the blockchain and verifies other copies by running hashing algorithms and comparing the results with what is stored on the blockchain. Any manipulation of the data will be quickly discovered because the original hash exists on millions of nodes.

As GuardTime CTO Matthew Johnson told me, the blockchain approach to data authentication offers “mathematical certainty over the provenance and integrity” of information. The U.S. Department of Defense’s DARPA agency is considering KSI as a potential fit to protect sensitive military data.

And on the health care front, blockchain company Gem is using blockchain to provide data transparency, change-auditing, and fine-grained access control of health records. This is especially important as healthcare providers handle reams of sensitive data and have been victims of huge data breaches.

“Data controlling critical business processes, patient health, and clinical trials are all attack surfaces in healthcare industry,” said Gem VP of Engineering Siva Kannan. “Blockchain technology would help in verifying the integrity of patient data shared across different organizations, create immutable audit trails for data governing health care business processes, and maintain the integrity of data collected in clinical health trials.”

3. Protecting Critical Infrastructure

A massive October DDoS attack taught us all a painful lesson about how easy it has become for hackers to target critical services. By bringing down the single service that provided Domain Name Services (DNS) for major websites, the attackers were able to cut off access to Twitter, Netflix, PayPal, and other services for several hours, yet another manifestation of the failure of centralized infrastructures.

A blockchain approach to storing DNS entries could, according to Coin Center’s Peter Van Valkenburgh, improve security by removing the single target that hackers can attack to compromise the entire system.

Nebulis is a project that is exploring the concept of a distributed DNS system that will never fail under an excess of requests. Nebulis uses the Ethereum blockchain and the Interplanetary Filesystem (IPFS), a distributed alternative to HTTP, to register and resolve domain names.

“The killer weakness of the current DNS system is its overreliance on caching,” Nebulis founder Philip Saunders said. “Caching makes it possible to stage DDoS attacks against DNS servers and allows oppressive regimes to censor social networks and manipulate DNS registries.”

Blockchain will also remove the network fees associated with DNS reads and will only impose costs on updates and new entries. “This has great potential for lifting a great deal of pressure from the physical backbone of the Internet,” Saunders said. “It also means we can do away with many of the redundancies of the traditional DNS and come up with something much better.

A transparent, distributed DNS where domain records are under their owners’ control will also make it virtually impossible for any single entity, including governments, to manipulate entries at their whim.

New and unexpected cybersecurity threats will continue to emerge while old threats linger. Blockchains won’t be a silver bullet to fix everything that’s wrong with the Internet, but they will be a powerful tool experts and engineers can leverage to harden their systems against the multitude of threats that surround us, especially where centralized weaknesses and single points of failure are concerned.

Venturebeat:       What Happened To The Blockchain Revolution?:      Could Bitcoin’s Blockchain Run An Entire City?:

 

« Only In Texas: Ransomware Steals Data From Police
Suspect Monitoring & Surveillance Technology »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Quttera

Quttera

Quttera provides Website Security Solutions for Small & Medium Businesses, Enterprises and Organizations.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

Appdome

Appdome

Appdome is the industry's first mobile integration as a service company, providing solutions for enterprise mobility and mobile application security.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

Malleum

Malleum

MALLEUM are specialists in penetration testing and security assessments. We think like hackers – and act like them – to disclose discreet dangers to your organization.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

Exire Technologies

Exire Technologies

Exire Technologies is comprised of a team of professionals who are specialised in cybersecurity and a value added reseller and integrator of ICT security systems.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

KnectIQ

KnectIQ

Building Trust Environments in a Zero-Trust World. KnectIQ offers KIQAssure, an Ultra High Security Solution for Data in Flight.

YorCyberSec

YorCyberSec

YorCyberSec act as a trusted Cyber and Information Security broker and procurement specialist. We help companies to Reduce Risk, Increase Assurance and Improve Performance.

PagerDuty

PagerDuty

PagerDuty is the central nervous system for a company’s digital operations. We identify issues in real-time and bring together the right people to respond to problems faster.

Numen Cyber Technology

Numen Cyber Technology

Numen Cyber Technology is committed to becoming a Threat Discovery and Response expert for corporate customers.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

Lineaje

Lineaje

Lineaje solves critical Software Supply Chain security problems faced by every organization that builds, uses or sells software.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.