Blockchain’s Brilliant Approach To Cybersecurity

Uploaded on 2017-02-10 in TECHNOLOGY-Key Areas-Blockchain, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Developments

Hackers can shut down entire networks, tamper with data, lure unwary users into cyber-traps, steal and spoof identities, and carry out other devious attacks by leveraging centralized repositories and single points of failure.

The Blockchain’s alternative approach to storing and sharing information provides a way out of this security mess. The same technology that has enabled secure transactions with cryptocurrencies such as Bitcoin and Ethereum could now serve as a tool to prevent cyberattacks and security incidents.

Blockchains can increase security on three fronts: blocking identity theft, preventing data tampering, and stopping Denial of Service (DDoS) attacks.

1. Protecting Identities

Public Key Infrastructure (PKI) is a popular form of public key cryptography that secures emails, messaging apps, websites, and other forms of communication. However, because most implementations of PKI rely on centralized, trusted third party Certificate Authorities (CA) to issue, revoke, and store key pairs for every participant, hackers can compromise them to spoof user identities and crack encrypted communications.

For instance, controversy recently broke over the key renegotiation process of WhatsApp, which could possibly be exploited to push false keys and perform man-in-the-middle attacks on one of the most popular and secure messaging apps in the world. Publishing keys on a blockchain instead would eliminate the risk of false key propagation and enable applications to verify the identity of the people you are communicating with.

CertCoin is one of the first implementations of blockchain-based PKI. The project, developed at MIT, removes central authorities altogether and uses the blockchain as a distributed ledger of domains and their associated public keys. CertCoin provides a public and auditable PKI that also doesn’t have a single point of failure.

More recently, tech research company Pomcor published a blueprint for a blockchain-based PKI that doesn’t remove central authorities but uses Blockchains to store hashes of issued and revoked certificates. This approach gives users a means to verify the authenticity of certificates with a decentralized and transparent source. It also has the side benefit of optimizing network access by performing key and signature verification on local copies of the blockchain.

Another interesting study of identification based on distributed ledgers is the IOTA, a project that applies Tangle (a blockless type of distributed ledger that is lightweight and scalable) to provide the backbone for millions of IoT devices to interact and identify each other in a peer-to-peer manner and without the need for a third-party authority.

“By referencing hashes that match identity attributes of an individual tied to the ledger one can start to reconstruct the entire identity management system. The fact that you can tie these attributes of person to a tamper-proof hash makes it impossible for someone to forge your identity,” says IOTA cofounder David Sønstebø.

2. Protecting data integrity

We sign documents and files with private keys so that recipients and users can verify the source of the data they’re handling. And then we go to great lengths to prove that those keys haven’t been tampered with, which is difficult when the key is meant to be secret in the first place.

The blockchain alternative to document signing replaces secrets with transparency, distributing evidence across many blockchain nodes and making it practically impossible to manipulate data without being caught. How do you prove that the San Antonio Spurs were the champions of the 2014 NBA Playoffs? You don’t need to because it’s general knowledge. The same applies to data on a blockchain distributed ledger.

Keyless Signature Structure (KSI), a blockchain project led by data security startup GuardTime, is one group that aims to replace key-based data authentication. KSI stores hashes of original data and files on the blockchain and verifies other copies by running hashing algorithms and comparing the results with what is stored on the blockchain. Any manipulation of the data will be quickly discovered because the original hash exists on millions of nodes.

As GuardTime CTO Matthew Johnson told me, the blockchain approach to data authentication offers “mathematical certainty over the provenance and integrity” of information. The U.S. Department of Defense’s DARPA agency is considering KSI as a potential fit to protect sensitive military data.

And on the health care front, blockchain company Gem is using blockchain to provide data transparency, change-auditing, and fine-grained access control of health records. This is especially important as healthcare providers handle reams of sensitive data and have been victims of huge data breaches.

“Data controlling critical business processes, patient health, and clinical trials are all attack surfaces in healthcare industry,” said Gem VP of Engineering Siva Kannan. “Blockchain technology would help in verifying the integrity of patient data shared across different organizations, create immutable audit trails for data governing health care business processes, and maintain the integrity of data collected in clinical health trials.”

3. Protecting Critical Infrastructure

A massive October DDoS attack taught us all a painful lesson about how easy it has become for hackers to target critical services. By bringing down the single service that provided Domain Name Services (DNS) for major websites, the attackers were able to cut off access to Twitter, Netflix, PayPal, and other services for several hours, yet another manifestation of the failure of centralized infrastructures.

A blockchain approach to storing DNS entries could, according to Coin Center’s Peter Van Valkenburgh, improve security by removing the single target that hackers can attack to compromise the entire system.

Nebulis is a project that is exploring the concept of a distributed DNS system that will never fail under an excess of requests. Nebulis uses the Ethereum blockchain and the Interplanetary Filesystem (IPFS), a distributed alternative to HTTP, to register and resolve domain names.

“The killer weakness of the current DNS system is its overreliance on caching,” Nebulis founder Philip Saunders said. “Caching makes it possible to stage DDoS attacks against DNS servers and allows oppressive regimes to censor social networks and manipulate DNS registries.”

Blockchain will also remove the network fees associated with DNS reads and will only impose costs on updates and new entries. “This has great potential for lifting a great deal of pressure from the physical backbone of the Internet,” Saunders said. “It also means we can do away with many of the redundancies of the traditional DNS and come up with something much better.

A transparent, distributed DNS where domain records are under their owners’ control will also make it virtually impossible for any single entity, including governments, to manipulate entries at their whim.

New and unexpected cybersecurity threats will continue to emerge while old threats linger. Blockchains won’t be a silver bullet to fix everything that’s wrong with the Internet, but they will be a powerful tool experts and engineers can leverage to harden their systems against the multitude of threats that surround us, especially where centralized weaknesses and single points of failure are concerned.

Venturebeat:       What Happened To The Blockchain Revolution?:      Could Bitcoin’s Blockchain Run An Entire City?:

 

« Only In Texas: Ransomware Steals Data From Police
Suspect Monitoring & Surveillance Technology »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

APrivacy

APrivacy

APrivacy provides information and communication security products for the financial services industry.

Consult Hyperion

Consult Hyperion

Consult Hyperion is an independent strategic and technical consultancy specialising in digital identity and secure electronic transactions.

Quokka

Quokka

Quokka (formerly Kryptowire) is the source for mobile security and privacy solutions, staying steps ahead of the threat and delivering peace of mind.

R2S Technologies

R2S Technologies

R2S can help you implement a cyber security framework to ensure your business is more resilient towards the growing threat of cyber crime. We provide Web and Mobile Application Security Assessment..

Zuratrust

Zuratrust

Zuratrust provide protection for all kinds of email related cyber attacks.

MythX

MythX

MythX is the premier security analysis service for Ethereum smart contracts.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

White Bullet

White Bullet

White Bullet’s risk profiling AI detects, dynamically scores and flags unsafe domains, apps and advertising.

NuID

NuID

NuID is a pioneer in trustless authentication and decentralized digital identity.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

EnigmaSoft

EnigmaSoft

EnigmaSoft is known for its PC anti-malware remediation utility and service under the tradename SpyHunter.

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric cybersecurity practitioners charged with defending hybrid cloud environments.

Securix

Securix

SECURIX AG delivers holistic IT security solutions that are tailored to the specific challenges and requirements of your company.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

Emantra

Emantra

Emantra specialises in the enablement of Secure Cloud services through it’s comprehensive Sovereign Cloud Hosting, Secure Access Service Edge, and managed services.

Canary Technology Solutions (Canary IT)

Canary Technology Solutions (Canary IT)

A Cloud, Cyber Security, Retail Solutions and Managed IT Services provider for over 25 years, we safeguard and revolutionise business through technology and foresight.