Blockchain’s Brilliant Approach To Cybersecurity

Hackers can shut down entire networks, tamper with data, lure unwary users into cyber-traps, steal and spoof identities, and carry out other devious attacks by leveraging centralized repositories and single points of failure.

The Blockchain’s alternative approach to storing and sharing information provides a way out of this security mess. The same technology that has enabled secure transactions with cryptocurrencies such as Bitcoin and Ethereum could now serve as a tool to prevent cyberattacks and security incidents.

Blockchains can increase security on three fronts: blocking identity theft, preventing data tampering, and stopping Denial of Service (DDoS) attacks.

1. Protecting Identities

Public Key Infrastructure (PKI) is a popular form of public key cryptography that secures emails, messaging apps, websites, and other forms of communication. However, because most implementations of PKI rely on centralized, trusted third party Certificate Authorities (CA) to issue, revoke, and store key pairs for every participant, hackers can compromise them to spoof user identities and crack encrypted communications.

For instance, controversy recently broke over the key renegotiation process of WhatsApp, which could possibly be exploited to push false keys and perform man-in-the-middle attacks on one of the most popular and secure messaging apps in the world. Publishing keys on a blockchain instead would eliminate the risk of false key propagation and enable applications to verify the identity of the people you are communicating with.

CertCoin is one of the first implementations of blockchain-based PKI. The project, developed at MIT, removes central authorities altogether and uses the blockchain as a distributed ledger of domains and their associated public keys. CertCoin provides a public and auditable PKI that also doesn’t have a single point of failure.

More recently, tech research company Pomcor published a blueprint for a blockchain-based PKI that doesn’t remove central authorities but uses Blockchains to store hashes of issued and revoked certificates. This approach gives users a means to verify the authenticity of certificates with a decentralized and transparent source. It also has the side benefit of optimizing network access by performing key and signature verification on local copies of the blockchain.

Another interesting study of identification based on distributed ledgers is the IOTA, a project that applies Tangle (a blockless type of distributed ledger that is lightweight and scalable) to provide the backbone for millions of IoT devices to interact and identify each other in a peer-to-peer manner and without the need for a third-party authority.

“By referencing hashes that match identity attributes of an individual tied to the ledger one can start to reconstruct the entire identity management system. The fact that you can tie these attributes of person to a tamper-proof hash makes it impossible for someone to forge your identity,” says IOTA cofounder David Sønstebø.

2. Protecting data integrity

We sign documents and files with private keys so that recipients and users can verify the source of the data they’re handling. And then we go to great lengths to prove that those keys haven’t been tampered with, which is difficult when the key is meant to be secret in the first place.

The blockchain alternative to document signing replaces secrets with transparency, distributing evidence across many blockchain nodes and making it practically impossible to manipulate data without being caught. How do you prove that the San Antonio Spurs were the champions of the 2014 NBA Playoffs? You don’t need to because it’s general knowledge. The same applies to data on a blockchain distributed ledger.

Keyless Signature Structure (KSI), a blockchain project led by data security startup GuardTime, is one group that aims to replace key-based data authentication. KSI stores hashes of original data and files on the blockchain and verifies other copies by running hashing algorithms and comparing the results with what is stored on the blockchain. Any manipulation of the data will be quickly discovered because the original hash exists on millions of nodes.

As GuardTime CTO Matthew Johnson told me, the blockchain approach to data authentication offers “mathematical certainty over the provenance and integrity” of information. The U.S. Department of Defense’s DARPA agency is considering KSI as a potential fit to protect sensitive military data.

And on the health care front, blockchain company Gem is using blockchain to provide data transparency, change-auditing, and fine-grained access control of health records. This is especially important as healthcare providers handle reams of sensitive data and have been victims of huge data breaches.

“Data controlling critical business processes, patient health, and clinical trials are all attack surfaces in healthcare industry,” said Gem VP of Engineering Siva Kannan. “Blockchain technology would help in verifying the integrity of patient data shared across different organizations, create immutable audit trails for data governing health care business processes, and maintain the integrity of data collected in clinical health trials.”

3. Protecting Critical Infrastructure

A massive October DDoS attack taught us all a painful lesson about how easy it has become for hackers to target critical services. By bringing down the single service that provided Domain Name Services (DNS) for major websites, the attackers were able to cut off access to Twitter, Netflix, PayPal, and other services for several hours, yet another manifestation of the failure of centralized infrastructures.

A blockchain approach to storing DNS entries could, according to Coin Center’s Peter Van Valkenburgh, improve security by removing the single target that hackers can attack to compromise the entire system.

Nebulis is a project that is exploring the concept of a distributed DNS system that will never fail under an excess of requests. Nebulis uses the Ethereum blockchain and the Interplanetary Filesystem (IPFS), a distributed alternative to HTTP, to register and resolve domain names.

“The killer weakness of the current DNS system is its overreliance on caching,” Nebulis founder Philip Saunders said. “Caching makes it possible to stage DDoS attacks against DNS servers and allows oppressive regimes to censor social networks and manipulate DNS registries.”

Blockchain will also remove the network fees associated with DNS reads and will only impose costs on updates and new entries. “This has great potential for lifting a great deal of pressure from the physical backbone of the Internet,” Saunders said. “It also means we can do away with many of the redundancies of the traditional DNS and come up with something much better.

A transparent, distributed DNS where domain records are under their owners’ control will also make it virtually impossible for any single entity, including governments, to manipulate entries at their whim.

New and unexpected cybersecurity threats will continue to emerge while old threats linger. Blockchains won’t be a silver bullet to fix everything that’s wrong with the Internet, but they will be a powerful tool experts and engineers can leverage to harden their systems against the multitude of threats that surround us, especially where centralized weaknesses and single points of failure are concerned.

Venturebeat:       What Happened To The Blockchain Revolution?:      Could Bitcoin’s Blockchain Run An Entire City?:

 

« Only In Texas: Ransomware Steals Data From Police
Suspect Monitoring & Surveillance Technology »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TBG Security

TBG Security

TBG provides a portfolio of services including cyber security, compliance and continuity solutions.

Verimuchme

Verimuchme

Verimuchme is a digital wallet and exchange platform to secure, verify and re-use personal information.

Panaseer

Panaseer

Panaseer is an enterprise cybersecurity automation and data analytics company that helps organizations stop preventable breaches by ensuring security controls are working effectively.

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

Cobalt Strike

Cobalt Strike

Cobalt Strike is penetration testing software designed to execute targeted attacks.

Assured Enterprises

Assured Enterprises

Assured Enterprises provides comprehensive cyber risk identification, management and mitigation across all platforms.

Matias Consulting Group (MCG)

Matias Consulting Group (MCG)

Your Business needs competitive and resilient ICT solutions. MCG defines, deploy & support them enabling you to focus on your core business.

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

X-Ways Software Technology

X-Ways Software Technology

X-Ways provide software for computer forensics, electronic discovery, data recovery, low-level data processing, and IT security.

Titans24

Titans24

Titans24 is a Software-as-a-Service security platform for web applications. It prevents attacks on business websites that are protected under 11 cyber-security layers.

Cyber Command - Estonian Defence Forces

Cyber Command - Estonian Defence Forces

The main mission of the Cyber Command is to carry out operations in cyberspace in order to provide command support for Ministry of Defence’s area of responsibility.

HackNotice

HackNotice

HackNotice Teams is an all-in-one encompassing tool that monitors threats within your organization, different vendors, and third parties whose services you use.

Bosch Global Software Technologies (BGSW)

Bosch Global Software Technologies (BGSW)

Bosch Global Software Technologies offer an advanced innovation for AI security. The Bosch AIShield is the definite answer to safeguard your business against model extraction attacks.

Centre for Cyber Security Research & Innovation

Centre for Cyber Security Research & Innovation

The Centre for Cyber Security Research & Innovation is Nepal's First Academic Research Institute to focus on understanding the overall Information Security of Nepalese Organizations.

CipherStash

CipherStash

CipherStash is a complete data governance and breach prevention platform.

Cyber Security Unity (CSU)

Cyber Security Unity (CSU)

Cyber Security Unity (formerly the UK Cyber Security Association) is a new global community which has been set up to help unite the industry and combat the growing cyber threat.