What Makes Blockchain A New Security Standard?

Uploaded on 2018-12-07 in TECHNOLOGY-Key Areas-Blockchain, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Developments

Blockchain is an area of cybersecurity that has a lot of potential. As efforts to standardize the technology continue to make headway, we could see blockchain become a new security standard for various industries. 

Blockchain, although relatively new, already has an interesting history. The concept initiated with Satoshi Nakamoto back in 2009, when Bitcoin emerged.

Despite the fact that Bitcoin has made much noise in the world and every crypto-related website offers it now, nothing is known about its creator himself/herself. Nakamoto has managed to keep his/her identity under wraps. The code for Bitcoin and its blockchain was created for the purpose of privacy, transparency, and immutability.

How Does Blockchain Work?
Typically, when you want to make a transaction with someone, you go through a third party, like a bank. This is ideal because you do not have to trust every single person you have a transaction with, you only have to trust the third party. So, if Frank buys a necklace from Janice but Janice never delivers the necklace and claims Frank never paid for it, Frank can turn to the bank. The bank keeps detailed records and can show proof that Frank did, in fact, pay for the necklace. It makes sense that such a model has stood the test of time.

Going through a third party, while convenient in some respects, comes with a price. Banks can be as corrupt as individuals. Plus, having to go through a third party is neither cost-efficient nor timely. Blockchain technology allows you to bypass the third party and perform transactions one-to-one while reducing the risk of doing business with people you have no reason to trust.

Blockchain is essentially a large ledger, which takes the form of a chain of digitized blocks that keeps track of all transactions, but unlike with banks, this ledger is transparent. Anyone can see it. Because the blockchain is immutable, people can’t alter the ledger, which helps prevent fraud. In a public blockchain, transactions are sealed with cryptography and become a page in a ledger that is geographically spread out. While the transactions are sealed, they are still visible because they are not scrambled. Instead of being scrambled, they are hashed to create a digest, which represents transactions in a given block.

What makes this model so secure is that you cannot make changes to the block or its transactions without having to recalculate the whole digest. This is effectively impossible because of how dispersed the network is. The process requires more computing power than any single person would have access to. Criminals can’t change one block without changing the blocks that came before and after it, or they would be detected immediately. The larger the network is, the more secure it is because such networks will be more dispersed and require more computing power. This also means tinier networks are more vulnerable to cyber attacks.

All Blockchains Are Different
Another thing to keep in mind is that there are multiple different blockchains and not all of them are of the same quality. For one, there are private blockchains, as well as public blockchains. This is the most important distinction a blockchain can have. Public blockchains utilize computers that contact to the publicly-accessible Internet. The Internet is used to substantiate transactions and put them onto the ledger. Private blockchains rely on members-only networks. Not just anyone with a computer can access them. They need to be invited to join the network. While public blockchains offer more anonymity, private blockchain is preferable when confidential information is involved because there is more control over who does and does not have access to the information.

A significant difference lies in the process used to verify transactions. Most public blockchains verify transactions using a process called network consensus. Bitcoin, for example, achieves this consensus via mining. Many private blockchains, however, rely on a selective endorsement process in which trusted members confirm transactions. This requires a very secure infrastructure because you have to be able to trust the insiders who are verifying the transactions. In this day and age, you can’t really be sure who you can trust. In a private blockchain, you need it to be the case that people cannot access sensitive information. This is the best way to maintain security. So even administrators cannot have access to sensitive information. The other priority is to keep encryption keys secure.

The Setback
Blockchain struggles from the same thing most new technological concepts do. It changes too much. There are hundreds of organizations that use blockchain technology, but they don’t all use it in the same way, and they don’t even talk about it using the same vocabulary. To make matters worse, most of these organizations don’t communicate with each other on any level. The lack of interactions makes it harder to establish security standards that can be widely adopted.

Right now, IBM is pushing for Hyperledger to be the standard. Hyperledger is a blockchain project hosted by the Linux Foundation. Linux already acts like a reference platform for operating systems. Thus, IBM thinks it makes sense for the Linux Foundation to act as the reference platform for blockchain technology. But other organizations are also pushing their own preferred standards. It might take time before the blockchain community can come together and decide on a security standard.

Many efforts to standardize concentrate on interfaces, but governance is another thing to consider, namely because of the growing popularity of smart contracts.

Smart contracts allow parties to create self-executing legal agreements with each other, which comes with a lot of security concerns. For one, bugs within the smart contract code have already cost various organizations millions of dollars. There is still a lot of work to be done when it comes to risk mitigation.

Microsoft has developed a group to test smart contract design practices. This is a start. But there is still more that needs to happen to make sure the code supporting blockchain technology has the right amount of security. Ultimately, blockchain needs good infrastructure to be secure, and it will require standardized interfaces and governance to make sure the infrastructure is strong enough across the board to ensure the security of blockchains.

Mary-Ann Callahan is a Bitcoin expert at CEX.IO a leading multi-functional cryptocurrency exchange.

You Might Also Read: 

Faster Blockchain For Financial Institutions:

 

« Cybersecurity 2019: Predictions You Can’t Ignore
Russia And Ukraine’s Crisis Could Escalate Beyond Cyberwar »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Virtustream

Virtustream

The Virtustream Enterprise Class Cloud provides a secure, highly available, Infrastructure as a Service (IaaS) to enterprises and government customers.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

Advanced Software Products Group (ASPG)

Advanced Software Products Group (ASPG)

ASPG offers a wide range of innovative mainframe software solutions for Data Security, Access Management, System Management and CICS productivity.

Computing Technology Industry Association (CompTIA)

Computing Technology Industry Association (CompTIA)

CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

United Network Technologies

United Network Technologies

United Network Technologies is a leading Managed Services Provider, distributor and developer of specialised cyber security components and technologies.

Force Majeure

Force Majeure

Force Majeure specializes in cybersecurity, incident response, and digital forensics, with experience spanning more than a decade.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

ImmuneBytes

ImmuneBytes

ImmuneBytes is a cutting-edge security startup that aims to provide a secure blockchain environment for a dependable and open Web3 ecosystem.

Afripol

Afripol

AFRIPOL was set up to strengthen cooperation between the police agencies of AU member states in the prevention and fight against organized transnational crime, terrorism, and cybercrime.

Barquin Solutions

Barquin Solutions

Barquin Solutions is a full-service information technology consulting firm focused on supporting U.S. federal government agencies and their partners.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.

Boo Consulting

Boo Consulting

Boo Consulting is a trusted privacy and risk consultancy firm. We are driven to help you find an appropriate solution that will suit your budget and requirements.

Tundra Managed Solutions

Tundra Managed Solutions

Tundra Managed Solutions is a comprehensive IT services division offering a wide range of managed solutions designed to meet the diverse needs of businesses.