Cybersecurity has been a big concern over the last several years. This year alone we have seen rising trends in the deployment of sophisticated ransomware, banking Trojans, distributed denial-of-service (DDoS) attacks, cybertheft, and even cyberattacks on politicians. So, what can be done to enhance security for all things cyber? There is no panacea as far as cybersecurity goes. There are too many parts and pieces for one thing to fix it all. However, there is a certain technology called blockchain that could in theory be used to secure many aspects of cyber.
Blockchain in simple terms, is nothing more than a decentralized database or ledger used to store transactional data. Blockchain was first conceptualized by Satoshi Nakamoto in 2008, followed by implementation in 2009 with the Bitcoin. It’s primarily used with various cryptocurrencies, most notably ‘the first and most famous cryptocurrency, Bitcoin, (that) was launched back in 2009.’ The core philosophy behind such tech is anonymity and decentralization. The anonymity and decentralization play a major part on the security of blockchain, in addition to cryptography.
Blockchain is supposed to be secure due to the cryptography methods it uses, the distributed nature of the database (or ledger), and the participants’ agreements upon the transactional changes that occur using their cryptographic signatures. Each transaction (or block) is like a chain link containing the previous block’s cryptographic signature. It’s this signature that makes a blockchain transaction unchangeable and irreversible.
Since the blockchain is a decentralized ledger maintained by anonymous computers all around the world, the block validation system keeps the ledger tamper proof. This means that while maintaining old records forever, new records are added irreversibly. The blockchain is essentially an ‘independent, transparent, and permanent database’ stored across multiple computers and shared with a community and is oftentimes called a mutual distributed ledger (MDL). Stealthcare CEO Jeremy Samide states that “blockchain itself is relatively secure. The crypto in blockchain seems battle tested but is still wrapped around the same weakened systems as well as humans as the weakest link.” Nothing is inherently secure. All tech including blockchain, has weaknesses.
The first rule of thumb is that “anything can be hacked.” All it takes are a set of credentials either saved to a text file on an Internet connected computer or a sticky note attached to a computer monitor. For example, if this text file contains a person’s bitcoin address and private keys and the text file is stolen, it doesn’t matter how secure blockchain is. That person has just become a victim of cryptocurrency fraud.
Nothing is so secure that it can’t be abused in some way or another, including blockchain, cryptocurrency and its storage. One example is the August 2016 hack of Bitfinex, one of the largest cryptocurrency exchanges in the world. This hack resulted in the theft of 120,000 BTC (approx. $68 million USD) from various customer accounts. These hacks aren’t on the blockchain itself, but rather the cryptocurrency exchanges. CryptoCompare CEO Charles Hayter states, “It’s not bitcoin’s fault. It’s the infrastructure around it.”
Samide suggests it’s the implementation of blockchain that’s at fault as opposed to the infrastructure. “We have seen more problems, vulnerabilities and cyber attacks in the actual exchanges themselves. Individual digital wallets have been compromised where documented serious losses have occurred through the use of social engineering and malware based attacks. Bad actors are attacking the implementation of blockchain like digital wallets and the systems in different ways that are offering a greater reward and less risk compared to attacking a traditional financial institution. So, in the blockchain instance, we are just transferring the risk to the consumer more than a traditional bank would as they would cover fraudulent losses. If the current issues revolving around exchanges, individual users and digital wallets is not addressed, this will actually begin to slow or limit its adoption.”
Another example of how blockchain can be abused utilized a proof-of-concept (PoC) software that was demonstrated at Black Hat Asia in March 2015 by Interpol. This PoC software essentially morphed into malware, circumventing the blockchain used by bitcoin which introduced ‘data unrelated to transactions into the blockchain.’ Researchers at the University of Newcastle have also demonstrated the ability for a botnet command & control system to utilize the bitcoin network to send messages.
At some point the blockchain framework could become mainstream. Samide states “Blockchain has a number of applicable uses in the marketplace for tracking and authentication. I think the decentralized architecture around how blockchain works needs to be fortified. Disrupting the decentralized authentication process of blockchain could create an unreliable system. Blockchain as a framework can be used for multiple purposes. Other than cryptocurrency, there are banks and other financial institutions, as well as other entities like the federal government that are testing it out.
There has been speculation on whether blockchain could be used as the next platform for interbank monetary transfers, especially the SWIFT network. Samide suggests “blockchain has the ability to evolve and mature into a viable solution that could eventually replace the SWIFT network. Again, blockchain is only as good as the systems around it. Protecting the implementation of blockchain around legacy banking systems will be key.”
With SWIFT potentially getting replaced with blockchain at some point, there is also the potentiality of banks getting replaced with blockchain. Samide states “I don’t think that is conceivable in the next decade, however, I think you will see more virtual banks pop up utilizing 100% blockchain to make their transactions in the future.”
Another potential use is using blockchain for data storage on smartphones. There’ve been numerous data breaches at various companies like Yahoo!, LinkedIn, and Amazon. Essentially the hackers pilfered centralized databases containing personally identifiable information (PII) including usernames, passwords, phone numbers, payment card data, and other forms of PII. Smartphones, used by nearly everyone, ‘can store – in encrypted form – Social Security numbers, credit card numbers, billing addresses, birth dates, and other personal information traditionally kept in large, centralized databases.’ As such, decentralized storage of PII, while not easily implemented, could prevent a lot of future data breaches
Even the US military is looking to achieve the computer concept of “information integrity” using blockchain. The Defense Advanced Research Projects Agency – DARPA – is looking to use blockchain to ‘secure highly sensitive data, with potential applications for everything from nuclear weapons to military satellites.’
The concept of “information integrity” is essentially tracking when systems or data is viewed or otherwise modified. Timothy Booher, program manager at DARPA, makes the following analogy: ‘Instead of trying to make the walls of a castle as tall as possible to prevent an intruder from getting in, it’s more important to know if anyone has been inside the castle, and what they’re doing there.’
Since blockchain was initially developed for use with Bitcoin, the very first cryptocurrency, it has evolved. It isn’t very often that a piece of technology with a specific design can be repurposed for use in other fields and industries. Even though there are weaknesses with the implementation of blockchain technology, the blockchain itself is quite secure. If cybersecurity experts can find ways to lock down the implementations of blockchain, the threat of hackers and cybercriminals could potentially be minimized.