What Makes Blockchain A New Security Standard?

Uploaded on 2018-12-07 in TECHNOLOGY-Key Areas-Blockchain, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Developments

Blockchain is an area of cybersecurity that has a lot of potential. As efforts to standardize the technology continue to make headway, we could see blockchain become a new security standard for various industries. 

Blockchain, although relatively new, already has an interesting history. The concept initiated with Satoshi Nakamoto back in 2009, when Bitcoin emerged.

Despite the fact that Bitcoin has made much noise in the world and every crypto-related website offers it now, nothing is known about its creator himself/herself. Nakamoto has managed to keep his/her identity under wraps. The code for Bitcoin and its blockchain was created for the purpose of privacy, transparency, and immutability.

How Does Blockchain Work?
Typically, when you want to make a transaction with someone, you go through a third party, like a bank. This is ideal because you do not have to trust every single person you have a transaction with, you only have to trust the third party. So, if Frank buys a necklace from Janice but Janice never delivers the necklace and claims Frank never paid for it, Frank can turn to the bank. The bank keeps detailed records and can show proof that Frank did, in fact, pay for the necklace. It makes sense that such a model has stood the test of time.

Going through a third party, while convenient in some respects, comes with a price. Banks can be as corrupt as individuals. Plus, having to go through a third party is neither cost-efficient nor timely. Blockchain technology allows you to bypass the third party and perform transactions one-to-one while reducing the risk of doing business with people you have no reason to trust.

Blockchain is essentially a large ledger, which takes the form of a chain of digitized blocks that keeps track of all transactions, but unlike with banks, this ledger is transparent. Anyone can see it. Because the blockchain is immutable, people can’t alter the ledger, which helps prevent fraud. In a public blockchain, transactions are sealed with cryptography and become a page in a ledger that is geographically spread out. While the transactions are sealed, they are still visible because they are not scrambled. Instead of being scrambled, they are hashed to create a digest, which represents transactions in a given block.

What makes this model so secure is that you cannot make changes to the block or its transactions without having to recalculate the whole digest. This is effectively impossible because of how dispersed the network is. The process requires more computing power than any single person would have access to. Criminals can’t change one block without changing the blocks that came before and after it, or they would be detected immediately. The larger the network is, the more secure it is because such networks will be more dispersed and require more computing power. This also means tinier networks are more vulnerable to cyber attacks.

All Blockchains Are Different
Another thing to keep in mind is that there are multiple different blockchains and not all of them are of the same quality. For one, there are private blockchains, as well as public blockchains. This is the most important distinction a blockchain can have. Public blockchains utilize computers that contact to the publicly-accessible Internet. The Internet is used to substantiate transactions and put them onto the ledger. Private blockchains rely on members-only networks. Not just anyone with a computer can access them. They need to be invited to join the network. While public blockchains offer more anonymity, private blockchain is preferable when confidential information is involved because there is more control over who does and does not have access to the information.

A significant difference lies in the process used to verify transactions. Most public blockchains verify transactions using a process called network consensus. Bitcoin, for example, achieves this consensus via mining. Many private blockchains, however, rely on a selective endorsement process in which trusted members confirm transactions. This requires a very secure infrastructure because you have to be able to trust the insiders who are verifying the transactions. In this day and age, you can’t really be sure who you can trust. In a private blockchain, you need it to be the case that people cannot access sensitive information. This is the best way to maintain security. So even administrators cannot have access to sensitive information. The other priority is to keep encryption keys secure.

The Setback
Blockchain struggles from the same thing most new technological concepts do. It changes too much. There are hundreds of organizations that use blockchain technology, but they don’t all use it in the same way, and they don’t even talk about it using the same vocabulary. To make matters worse, most of these organizations don’t communicate with each other on any level. The lack of interactions makes it harder to establish security standards that can be widely adopted.

Right now, IBM is pushing for Hyperledger to be the standard. Hyperledger is a blockchain project hosted by the Linux Foundation. Linux already acts like a reference platform for operating systems. Thus, IBM thinks it makes sense for the Linux Foundation to act as the reference platform for blockchain technology. But other organizations are also pushing their own preferred standards. It might take time before the blockchain community can come together and decide on a security standard.

Many efforts to standardize concentrate on interfaces, but governance is another thing to consider, namely because of the growing popularity of smart contracts.

Smart contracts allow parties to create self-executing legal agreements with each other, which comes with a lot of security concerns. For one, bugs within the smart contract code have already cost various organizations millions of dollars. There is still a lot of work to be done when it comes to risk mitigation.

Microsoft has developed a group to test smart contract design practices. This is a start. But there is still more that needs to happen to make sure the code supporting blockchain technology has the right amount of security. Ultimately, blockchain needs good infrastructure to be secure, and it will require standardized interfaces and governance to make sure the infrastructure is strong enough across the board to ensure the security of blockchains.

Mary-Ann Callahan is a Bitcoin expert at CEX.IO a leading multi-functional cryptocurrency exchange.

You Might Also Read: 

Faster Blockchain For Financial Institutions:

 

« Cybersecurity 2019: Predictions You Can’t Ignore
Russia And Ukraine’s Crisis Could Escalate Beyond Cyberwar »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Security Weekly

Security Weekly

Security Weekly provides free content within the subject areas of IT security news, vulnerabilities, hacking, and research.

Stratogent

Stratogent

Stratogent does IT and Cybersecurity operations. We specialize in high-touch and high-change IT environments, especially in the biotech and pharma industry verticals.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

IoT Security Foundation (IoTSF)

IoT Security Foundation (IoTSF)

IoTSF is a collaborative, non-profit organisation with a mission to raise the quality and drive pervasive security in the Internet of Things.

TUV Sud

TUV Sud

TÜV SÜD is a leading technical service organisation. We specialize in testing, certification, auditing, training, and advisory services for different industries.

Labris Networks

Labris Networks

Labris Networks specializes in DDoS mitigation, NG Firewall, Unified Threat Management, Centralized Management, Regulatory Compliances and SOC/CERT Services.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

Data61

Data61

Data61 is Australia’s leading digital research network offering the research capabilities, IP and collaboration programs to unleash the country’s digital & data-driven potential.

URS Certification

URS Certification

United Registrar of Systems (URS Certification) is an independent certification body operating in more than 30 countries within the multinational URS Holdings.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

3Lines Venture Capital

3Lines Venture Capital

3Lines Venture Capital invests in exceptional founders and startups working on broad disruptive themes of Future of Work, AI enabled enterprises, and Industry 4.0.

Coveware

Coveware

Coveware helps businesses remediate ransomware. We help companies recover after files have been encrypted, and our analytic, monitoring and alerting tools help companies prevent ransomware incidents.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

Appknox

Appknox

Appknox is the world’s most powerful plug-and-play security platform that helps developers, security researchers, and enterprises to build a safe and secure mobile ecosystem.

Cyber Advisors

Cyber Advisors

Cyber Advisors offers customizable cyber security solutions and IT services for businesses of all sizes across the nation from experts you can trust.

Operant AI

Operant AI

Operant AI is the only Runtime AI Application Defense Platform that actively protects every layer of live cloud and AI applications from infra to APIs.