Blockchain is a buzzword that is getting a lot of attention but a lot of people don’t seem to really understand what it is all about, or how it can be useful. It’s more than just something for cryptocurrencies. IT’s something that can be useful for information security too.
We store so much data these days, health records, social security information, financial information, all stores in databases that are connected to the web. It’s important to develop an understanding of who has access to all of that data, and how it is used.
Blockchain and Cyber Security
Blockchain is the term used to describe a database that is distributed over a network, and that is maintained by its participants. The decentralized nature of blockchain means that the information in the chain cannot be tampered with. This is important because it presents a number of options in the field of cyber security – consensus requirements can protect databases and networks from attack. The Proof of Work mechanism, or other consensus mechanisms, ensures that people cannot just modify data secured in a ledger, and this increases the resilience of that database. A good example of this is the way that Bitcoin works. The crypto currency has been operational for ten years, and so far no group has managed to hack the ledger. Individual wallets and exchanges have been stolen or interfered with, but the ledger itself is reliable.
A ledger-like system would be useful for any form of data that needs to be tamper-proof – such as social security numbers or health records. Smart contracts and multi-signature wallets show promise for allowing users to have more control over how their information is handled.
Removing Failure Points
Over the years there have been some high profile hacks, and blockchain could have prevented some of them. Take, for example, the Equifax hack. Equifax has access to a huge amount of information about people and about their financial histories, but individuals don’t have a lot of control over how that information is handled, and they were kept in the dark when the hack happened. The leaked information left a lot of people open to identity theft.
Blockchain from http://path.network is a better way of holding information because users have more control over who gets access to their personal information and when. Instead of anyone potentially being able to read the information at any point, users can keep their information on the blockchain, and make it available to banks, employers and other institutions on a case by case basis.
The traditional centralized architecture has pros and cons. It is simple and it means that information can be easily edited, but it means that if there is a failure in the security system, it can be catastrophic. While technical security can be quite good these days, there is one clear point of failure. The human element. All it takes is for one person to give out their admin password or to re-use an insecure password and any powerful security system can come tumbling down. Indeed, the concept of social engineering is now so ubiquitous that many ‘hackers’ don’t bother with exploits and 0-day vulnerabilities, or even brute forcing passwords. They target the human because the human is the weakest link. With blockchain, the distributed nature of the system makes it harder to do damage and means that the only things that will suffer when someone gives out their passwords by mistake are the things that person has control over on their own.
Blockchain Makes It Easier to Secure Data
Blockchain is a valuable option for making data on a network safer. It is harder for people to simply make changes to a block of data, because if the change isn’t made in the correct way then the rest of the network will flag the block as having been tampered with. All transactions will be listed, along with who made them, so malicious changes can be picked up on relatively easily.
Right now, it’s mostly cryptocurrencies that are relying on this, but there is a lot of potential for this to be used with sensitive information such as medical records and social security data. Anything that is stored online needs to be stored in a way that protects it from tampering and ensures that only those with authorized access to the system can modify it. Having data signed with a digital signature is one way of ensuring that it hasn’t been tampered with.
Resistance to Innovation
One thing that makes some people worried is that with blockchain there is no one official copy of the data. The distributed nature of the blockchain means that everyone gets a copy of the data and all of the transactions are recorded. This is a security feature but it’s something that makes some people nervous – because they feel that they don’t have full control over the data that is in the network. The lack of one single copy is a boon, however, because it means that if something were to happen to one particular copy there are thousands, or millions of other copies out there.
Once a change has been made to the blockchain, the change is permanent. To undo a change on the blockchain would require that more than half of the nodes agree with the revision. This means that ‘do overs’ can only happen in emergencies, and after extensive debate. There have been some high profile examples of accidents on the blockchain – such as a developer mistake causing huge problems for Ethereum when they ‘locked’ a huge number of wallets. So reversals can be done, but they are not something that any developer would want to rely on in the long term. It’s things like that which would need to be ironed out before blockchain would become a major and mainstream part of the financial industry or something that local governments would use for their computer systems and databases. Keeping data in an old-fashioned database may not last for much longer though.