Companies with customer information and valuable intellectual property assets need to embrace a fool-proof and trustworthy technology rather than being purely applying defensive strategies using tools such as firewalls and intrusion detection systems. Many of your company’s valuable assets are at risk to criminal activities carried out on the Dark Web and we don’t even know about it. This may impact your brand, customer loyalty & reputation.
Off late, the credit rating firm Equifax sustained a significant data breach which compromised people’s most sensitive personal information. According to Fortune, “Equifax has revised its estimate for the number of people potentially affected by its recent massive data breach to a total of 145.5 million people.” The Equifax hack comes on the heels of many other major corporations’ hacks: that of LinkedIn, JPMorgan, Oracle, Yahoo, Dropbox, Google Drive, Adobe, etc. What all these businesses have in common is that we rely on each of them on an everyday basis and each of them carry and store a good chunk of our personal information.
Sign up for your weekly dose of what's up in emerging technology.
Blockchain: A potential solution
Blockchain is the culmination of decades of research and breakthroughs in cryptography and security, and it offers a totally different approach to storing information and performing functions, which makes it especially suitable for environments with high security requirements and mutually unknown actors.
Blockchain is essentially a giant public ledger of information, meaning it can just as easily hold all of our personal information as well.
The answer as to why blockchains are safer and more appropriate to hold our personal identifiable information (PII) lies in the nature of the technology itself. It is a central or mutual database meaning that it is “hard to exploit as a natural monopoly,” i.e. we are in complete control of our information and do not have to rely on other organizations to hold and secure our data.
And, because blockchain gives individuals control over their own information, it is generally deemed to be more secure, reliable and trustworthy. The information stored on a blockchain is also immutable due to the multifarious node network design of blockchains as well as the cryptology governing it.
How Blockchain works?
Its core algorithm relies on two kinds of records: individual transactions and transaction blocks. Blockchain’s code first makes each transaction into a unique hash value. The hash values are then combined in a hash tree, with a specified group of hashed transitions creating a block. Each block is given a unique hash that includes the hash of the prior block’s header and a timestamp.
Since each block’s header includes the hash of the prior block, the two are linked, creating the first links of a chain. Since this chain is created by using information from each other block, each link is immutably bound together.
Use Cases of Blockchain in Cyber Security
According to the National Institute of Standards and Technology (NIST), confidentiality refers to “the property that sensitive information is not disclosed to unauthorized individuals, entities, or processes”.
One of the data security startup “Guardtime” is placing its bets on blockchain technology to secure sensitive records. It has already used blockchains to create a Keyless Signature Infrastructure (KSI), a replacement for the more traditional Public Key Infrastructure (PKI), which uses asymmetric encryption and a cache of public keys maintained by a centralized Certificate Authority (CA).
The fundamental threat with PKI is that you need to base your security on the secrets (keys) and the people who manage them. In contrast, instead of relying on secrets, blockchain-based security is predicated on distributing the evidence among many parties, which makes it impossible to manipulate data without being detected.
Blockchain has eliminated the need for trusted parties to verify the integrity of data just as in the cryptocurrency example it eliminated the need for a centralized authority to act as a bank.
KSI verifies the integrity of data by running hash functions on it and comparing the results against original metadata stored on the blockchain. “This is a fundamentally different approach to traditional security. Rather than using Anti-Virus, Anti-Malware and Intrusion Detection schemes that search for vulnerabilities, you have mathematical certainty over the provenance and integrity of every component in your system.
NIST, defines availability as “ensuring timely and reliable access to and use of information”.
Cyberattacks attempting to impact technology services availability continue to increase. DDoSs(Distributed Denial of Service), being one of the most common type of attacks, can also cause the most disruption to internet services. The resulting implications are that websites get disrupted, mobile apps become unresponsive, and this can generate ever increasing losses, and costs, to businesses.
Given blockchains are distributed platforms, the decentralization and peer-to-peer characteristics of the technology make it harder to disrupt than conventional distributed application architectures (such as client-server).
Blockchains have no single point of failure, which highly decreases the chances of an IP-based DDoS attack disrupting the normal operation. If a node is taken down, data is still accessible via other nodes within the network, since all of them maintain a full copy of the ledger at all times.
Integrity is defined as the “guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity” according to NIST.
Maintaining data consistency, and guaranteeing integrity, during its entire life cycle is crucial in information systems. Data encryption, hash comparison (data digesting), or the use of digital signing, are some examples of how system owners can assure the integrity of the data, regardless of the stage it is in (in transit, at rest and in use storage). Blockchain’s built in characteristics, immutability and traceability, already provide organizations with a means to ensure data integrity. The consensus model protocols associated with the technology also present organizations with a further level of assurance over the security of the data.
Road Ahead …
Harnessing the strength of the blockchain, it’s entirely possible that the data breaches we know today could become a thing of the past very soon. This would be a new digital era, where individuals could control their data and personal transactions would be truly private and secure — and where businesses would not have to deal with the expensive headache of storing and protecting sensitive consumer data.
The paradigm shift represented by blockchain can provide the transparency and auditing that will enable us to make the most use of shared online services, while eliminating the potential security and privacy trade-offs.