What Makes Blockchain A New Security Standard?

Uploaded on 2018-12-07 in TECHNOLOGY-Key Areas-Blockchain, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Developments

Blockchain is an area of cybersecurity that has a lot of potential. As efforts to standardize the technology continue to make headway, we could see blockchain become a new security standard for various industries. 

Blockchain, although relatively new, already has an interesting history. The concept initiated with Satoshi Nakamoto back in 2009, when Bitcoin emerged.

Despite the fact that Bitcoin has made much noise in the world and every crypto-related website offers it now, nothing is known about its creator himself/herself. Nakamoto has managed to keep his/her identity under wraps. The code for Bitcoin and its blockchain was created for the purpose of privacy, transparency, and immutability.

How Does Blockchain Work?
Typically, when you want to make a transaction with someone, you go through a third party, like a bank. This is ideal because you do not have to trust every single person you have a transaction with, you only have to trust the third party. So, if Frank buys a necklace from Janice but Janice never delivers the necklace and claims Frank never paid for it, Frank can turn to the bank. The bank keeps detailed records and can show proof that Frank did, in fact, pay for the necklace. It makes sense that such a model has stood the test of time.

Going through a third party, while convenient in some respects, comes with a price. Banks can be as corrupt as individuals. Plus, having to go through a third party is neither cost-efficient nor timely. Blockchain technology allows you to bypass the third party and perform transactions one-to-one while reducing the risk of doing business with people you have no reason to trust.

Blockchain is essentially a large ledger, which takes the form of a chain of digitized blocks that keeps track of all transactions, but unlike with banks, this ledger is transparent. Anyone can see it. Because the blockchain is immutable, people can’t alter the ledger, which helps prevent fraud. In a public blockchain, transactions are sealed with cryptography and become a page in a ledger that is geographically spread out. While the transactions are sealed, they are still visible because they are not scrambled. Instead of being scrambled, they are hashed to create a digest, which represents transactions in a given block.

What makes this model so secure is that you cannot make changes to the block or its transactions without having to recalculate the whole digest. This is effectively impossible because of how dispersed the network is. The process requires more computing power than any single person would have access to. Criminals can’t change one block without changing the blocks that came before and after it, or they would be detected immediately. The larger the network is, the more secure it is because such networks will be more dispersed and require more computing power. This also means tinier networks are more vulnerable to cyber attacks.

All Blockchains Are Different
Another thing to keep in mind is that there are multiple different blockchains and not all of them are of the same quality. For one, there are private blockchains, as well as public blockchains. This is the most important distinction a blockchain can have. Public blockchains utilize computers that contact to the publicly-accessible Internet. The Internet is used to substantiate transactions and put them onto the ledger. Private blockchains rely on members-only networks. Not just anyone with a computer can access them. They need to be invited to join the network. While public blockchains offer more anonymity, private blockchain is preferable when confidential information is involved because there is more control over who does and does not have access to the information.

A significant difference lies in the process used to verify transactions. Most public blockchains verify transactions using a process called network consensus. Bitcoin, for example, achieves this consensus via mining. Many private blockchains, however, rely on a selective endorsement process in which trusted members confirm transactions. This requires a very secure infrastructure because you have to be able to trust the insiders who are verifying the transactions. In this day and age, you can’t really be sure who you can trust. In a private blockchain, you need it to be the case that people cannot access sensitive information. This is the best way to maintain security. So even administrators cannot have access to sensitive information. The other priority is to keep encryption keys secure.

The Setback
Blockchain struggles from the same thing most new technological concepts do. It changes too much. There are hundreds of organizations that use blockchain technology, but they don’t all use it in the same way, and they don’t even talk about it using the same vocabulary. To make matters worse, most of these organizations don’t communicate with each other on any level. The lack of interactions makes it harder to establish security standards that can be widely adopted.

Right now, IBM is pushing for Hyperledger to be the standard. Hyperledger is a blockchain project hosted by the Linux Foundation. Linux already acts like a reference platform for operating systems. Thus, IBM thinks it makes sense for the Linux Foundation to act as the reference platform for blockchain technology. But other organizations are also pushing their own preferred standards. It might take time before the blockchain community can come together and decide on a security standard.

Many efforts to standardize concentrate on interfaces, but governance is another thing to consider, namely because of the growing popularity of smart contracts.

Smart contracts allow parties to create self-executing legal agreements with each other, which comes with a lot of security concerns. For one, bugs within the smart contract code have already cost various organizations millions of dollars. There is still a lot of work to be done when it comes to risk mitigation.

Microsoft has developed a group to test smart contract design practices. This is a start. But there is still more that needs to happen to make sure the code supporting blockchain technology has the right amount of security. Ultimately, blockchain needs good infrastructure to be secure, and it will require standardized interfaces and governance to make sure the infrastructure is strong enough across the board to ensure the security of blockchains.

Mary-Ann Callahan is a Bitcoin expert at CEX.IO a leading multi-functional cryptocurrency exchange.

You Might Also Read: 

Faster Blockchain For Financial Institutions:

 

« Cybersecurity 2019: Predictions You Can’t Ignore
Russia And Ukraine’s Crisis Could Escalate Beyond Cyberwar »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

AusCERT

AusCERT

AusCERT is the premier Computer Emergency Response Team (CERT) in Australia and a leading CERT in the Asia/Pacific region

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

Siscon

Siscon

Siscon delivers tailor-made compliance solutions that are based on the customer's specific wishes and reality and then supplement with many years of experience in the field.

Mondo

Mondo

Mondo is the largest national staffing agency specializing exclusively in high-end, niche IT, Tech, and Digital Marketing talent. Areas of expertise include Cybersecurity.

Samsung Knox

Samsung Knox

Samsung Knox brings multi-layered defence-grade security to your business’s smartphones and tablets.

Sonda

Sonda

SONDA is the leading systems integrator and IT service provider in Latin America.

PBOSecure

PBOSecure

PBOSecure is a dynamic and progressive IT consultancy company specializing in IT and Industrial Control System (ICS) security.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

Sydeco

Sydeco

Sydeco offer a complete range of products that secure computer and industrial networks, servers, programs and data against any type of computer attack.

CrossCountry Consulting

CrossCountry Consulting

CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations and technology consulting services.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

Sterling Information Technologies

Sterling Information Technologies

Sterling is an information security, operational risk consulting and advisory group. Our Advisory services help to safeguard information assets while supporting business operations.

Prescott

Prescott

Prescott acts as your guiding light in the preparation for your CMMC assessment and long after by governing your cybersecurity practice.

NetSentries Technologies

NetSentries Technologies

NetSentries provide smart cybersecurity solutions and services to protect Governments, Enterprise and Individuals from threats through a comprehensive range of protocols, products and services.