What Makes Blockchain A New Security Standard?

Uploaded on 2018-12-07 in TECHNOLOGY-Key Areas-Blockchain, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Developments

Blockchain is an area of cybersecurity that has a lot of potential. As efforts to standardize the technology continue to make headway, we could see blockchain become a new security standard for various industries. 

Blockchain, although relatively new, already has an interesting history. The concept initiated with Satoshi Nakamoto back in 2009, when Bitcoin emerged.

Despite the fact that Bitcoin has made much noise in the world and every crypto-related website offers it now, nothing is known about its creator himself/herself. Nakamoto has managed to keep his/her identity under wraps. The code for Bitcoin and its blockchain was created for the purpose of privacy, transparency, and immutability.

How Does Blockchain Work?
Typically, when you want to make a transaction with someone, you go through a third party, like a bank. This is ideal because you do not have to trust every single person you have a transaction with, you only have to trust the third party. So, if Frank buys a necklace from Janice but Janice never delivers the necklace and claims Frank never paid for it, Frank can turn to the bank. The bank keeps detailed records and can show proof that Frank did, in fact, pay for the necklace. It makes sense that such a model has stood the test of time.

Going through a third party, while convenient in some respects, comes with a price. Banks can be as corrupt as individuals. Plus, having to go through a third party is neither cost-efficient nor timely. Blockchain technology allows you to bypass the third party and perform transactions one-to-one while reducing the risk of doing business with people you have no reason to trust.

Blockchain is essentially a large ledger, which takes the form of a chain of digitized blocks that keeps track of all transactions, but unlike with banks, this ledger is transparent. Anyone can see it. Because the blockchain is immutable, people can’t alter the ledger, which helps prevent fraud. In a public blockchain, transactions are sealed with cryptography and become a page in a ledger that is geographically spread out. While the transactions are sealed, they are still visible because they are not scrambled. Instead of being scrambled, they are hashed to create a digest, which represents transactions in a given block.

What makes this model so secure is that you cannot make changes to the block or its transactions without having to recalculate the whole digest. This is effectively impossible because of how dispersed the network is. The process requires more computing power than any single person would have access to. Criminals can’t change one block without changing the blocks that came before and after it, or they would be detected immediately. The larger the network is, the more secure it is because such networks will be more dispersed and require more computing power. This also means tinier networks are more vulnerable to cyber attacks.

All Blockchains Are Different
Another thing to keep in mind is that there are multiple different blockchains and not all of them are of the same quality. For one, there are private blockchains, as well as public blockchains. This is the most important distinction a blockchain can have. Public blockchains utilize computers that contact to the publicly-accessible Internet. The Internet is used to substantiate transactions and put them onto the ledger. Private blockchains rely on members-only networks. Not just anyone with a computer can access them. They need to be invited to join the network. While public blockchains offer more anonymity, private blockchain is preferable when confidential information is involved because there is more control over who does and does not have access to the information.

A significant difference lies in the process used to verify transactions. Most public blockchains verify transactions using a process called network consensus. Bitcoin, for example, achieves this consensus via mining. Many private blockchains, however, rely on a selective endorsement process in which trusted members confirm transactions. This requires a very secure infrastructure because you have to be able to trust the insiders who are verifying the transactions. In this day and age, you can’t really be sure who you can trust. In a private blockchain, you need it to be the case that people cannot access sensitive information. This is the best way to maintain security. So even administrators cannot have access to sensitive information. The other priority is to keep encryption keys secure.

The Setback
Blockchain struggles from the same thing most new technological concepts do. It changes too much. There are hundreds of organizations that use blockchain technology, but they don’t all use it in the same way, and they don’t even talk about it using the same vocabulary. To make matters worse, most of these organizations don’t communicate with each other on any level. The lack of interactions makes it harder to establish security standards that can be widely adopted.

Right now, IBM is pushing for Hyperledger to be the standard. Hyperledger is a blockchain project hosted by the Linux Foundation. Linux already acts like a reference platform for operating systems. Thus, IBM thinks it makes sense for the Linux Foundation to act as the reference platform for blockchain technology. But other organizations are also pushing their own preferred standards. It might take time before the blockchain community can come together and decide on a security standard.

Many efforts to standardize concentrate on interfaces, but governance is another thing to consider, namely because of the growing popularity of smart contracts.

Smart contracts allow parties to create self-executing legal agreements with each other, which comes with a lot of security concerns. For one, bugs within the smart contract code have already cost various organizations millions of dollars. There is still a lot of work to be done when it comes to risk mitigation.

Microsoft has developed a group to test smart contract design practices. This is a start. But there is still more that needs to happen to make sure the code supporting blockchain technology has the right amount of security. Ultimately, blockchain needs good infrastructure to be secure, and it will require standardized interfaces and governance to make sure the infrastructure is strong enough across the board to ensure the security of blockchains.

Mary-Ann Callahan is a Bitcoin expert at CEX.IO a leading multi-functional cryptocurrency exchange.

You Might Also Read: 

Faster Blockchain For Financial Institutions:

 

« Cybersecurity 2019: Predictions You Can’t Ignore
Russia And Ukraine’s Crisis Could Escalate Beyond Cyberwar »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

DynaRisk

DynaRisk

DynaRisk helps companies protect their staff, clients and supply chain from cyber threats by enabling people to take action for themselves.

New Zealand Internet Task Force (NZITF)

New Zealand Internet Task Force (NZITF)

The New Zealand Internet Task Force (NZITF) is a non-profit with the mission of improving the cyber security posture of New Zealand.

Sothis

Sothis

Sothis is an information technology services company offering a range of solutions including cybersecurity, managed security services, information governance and compliance.

Arm

Arm

Arm delivers a complete IoT solution, from providing the IP for the chip to delivering the cloud services to securely manage the deployment of products throughout their lifecycle.

FirstPoint Mobile Guard

FirstPoint Mobile Guard

FirstPoint Mobile Guard has developed the market’s most advanced solution for securing cellular devices, including mobile phones and IoT products, by blocking malicious data leakage.

BotGuard

BotGuard

BotGuard provides a service to protect your website from malicious bots, crawlers, scrapers, and hacker attacks.

Kiberna

Kiberna

Kiberna are a small but niche company specialising in data driven security to manage your cyber risks.

Presidio Identity

Presidio Identity

Presidio Identity offers a digital-native approach that brings security, privacy, and simplicity to user authentication and digital interactions.

Pillar Technology Partners

Pillar Technology Partners

Pillar Technology Partners is an Information Security Company with a focus on improving Cyber Risk and optimizing the processes and technology that underpin the security of your information assets.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

Firesand

Firesand

Based in Milton Keynes, Firesand Ltd provides penetration testing services to improve your cyber security and protect your company against hackers.

Tenchi Security

Tenchi Security

Tenchi Security are specialized in Third-Party Cyber Risk Management (TPCRM) and aim to reduce information asymmetry when it comes to third and Nth-Party security and compliance risk management.

Codezero Technologies

Codezero Technologies

Codezero is at the forefront of microservices development, employing an identity-aware overlay network that delivers zero-trust security to DevOps.

3DOT Solutions

3DOT Solutions

3DOT Solutions is an established UK cybersecurity consultancy focused on delivering end-to-end cyber security solutions for private and public sector customers.