“Innovative uses for blockchain technology are already becoming a part of other fields beyond cryptocurrencies and can be especially useful to boost cybersecurity. In this article we will take a look at how these effects have impacted our industry and understand how we can ride the blockchain wave to harness this technology to our advantage within cybersecurity.”
The future is now
In 2008 we saw the debut of Bitcoin. Just a handful of years ago, many easily dismissed this as a fad, something that wouldn’t grow past the small niche groups.
Today, a decade since its humble beginnings, Bitcoin paved its way to become one of the most disruptive technologies of the decade and has grown exponentially. It is rapidly being recognized as an accepted payment method worldwide. Users, wallet owners, traders and investors continue to shower cryptocurrencies with their endorsement and financial support whilst ICOs increase by the day.
Bitcoin: the “digital gold”, as it is sometimes called, and for good reason, runs on a technological backbone known as the blockchain, and while the blockchain does not come with its own fancy nickname, it is truly the real hero behind the cryptocurrency’s success story.
The blockchain was originally devised as the foundation technology for the digital currency, has continued to grow and evolve into something greater, as the tech community is continuously finding new and innovative ways to potentially use the technology. Perhaps, if it continues to grow at this rate we could soon see it become a backbone of a new type of internet, an internet that can be distributed, but not copied.
The blockchain has many applications outside cryptocurrency, Steve Morgan, Founder and Editor-in-Chief at Cybersecurity Ventures, agrees. “Blockchain is a fundamental business enabler. It will be the big gainer for many organizations globally. The technology promises to break down geographic and monetary boundaries.”
The blockchain has many applications outside cryptocurrency, Steve Morgan, Founder and Editor-in-Chief at Cybersecurity Ventures, agrees. “Blockchain is a fundamental business enabler. It will be the big gainer for many organizations globally. The technology promises to break down geographic and monetary boundaries.”
Part of the success story of the blockchain is linked to its ease of use. Blockchain technology in itself is complicated, true, just like your car. However, you do not need to know what makes your car tick under the bonnet to use it, and the same concept can be applied for Blockchain.
Impact of Blockchain on Cybersecurity
Innovative uses for blockchain technology are already becoming a part of other fields beyond cryptocurrencies and can be especially useful to boost cybersecurity. Together we will take a look at how these effects have impacted our industry and understand how we can ride the blockchain wave to harness this technology to our advantage within cybersecurity.
Crucial for minimizing data destruction
The blockchain could play an important role in guaranteeing data availability, because unlike the atypical scenario, every piece of information will be distributed throughout the entire system.
Therefore, given that a single data exists mutually in multiple locations, in the event that data in one node is altered or deleted, either by accident or on purpose, a verification mechanism would be triggered and compare the faulty data with the metadata packet. If then the data is found to not match the rest, it would be discarded and replaced with a valid copy.
This means that the only way that the data can be accidentally or maliciously destroyed is for the whole blockchain to be wiped out, and then wipe out every single node separately. If even one node remains within the system, the data could be fully restored.
Critical for DNS distribution and DDoS prevention
Distributed Denial of Service (DDoS) attacks have recently become more frequent and potent for big companies. GitHub was hit with a 1.35Tbps earlier this year, breaking the largest DDoS attack record (so far).
The market for DDoS mitigation tools continues to grow and pick up pace on finding innovative techniques on how to stop an attack. Nevertheless, as proven in a few recent successful attacks, DDoS isn’t just about volume, there still remains a flaw within the Domain Name System (DNS). DNS servers are partially decentralized meaning there could be multiple DNS servers, which are great for redundancy but not so much for resiliency, since the mapping is oneto-one, which makes the DNS system open to DDoS-ing. This allows an attacker to overwhelm a DNS server or servers with queries and render it unavailable without having to resort to huge amounts of Gigabytes in an attack.
With blockchain, DNS would be completely decentralized, so that each DNS would point to multiple nodes. In this scenario, an attacker would have to direct a DDoS attack to all nodes in the blockchain, making it almost impossible for a website to be taken offline.
We have recently started seeing some companies emerge with an implementation of decentralized DNS in blockchain, so as to prevent DDoS attacks from occurring. For instance, Blockstack fully decentralizes DNS while MaidSafe a UK-based company offer an alternate, decentralized internet.
Transparent and Incorruptible
The blockchain network lives in a state of consensus, one that automatically checks-in with itself every ten minutes. A self-auditing ecosystem of a digital value, the network reconciles every transaction that happens in ten-minute intervals. Each group of these transactions is referred to as a “block”. Two important properties result from this:
Transparency – data is embedded within the network as a whole, by definition it is public.
It cannot be corrupted – altering any unit of information on the blockchain would mean using a huge amount of computing power to override the entire network.
As some of us may have experienced first hand, while many software vulnerabilities can lead to security problems such as data leaks or network compromises. Investigation of such incidents sometimes reveal that the issue behind these incidents may be in the logistics network or supply chain.
While the blockchain itself will provide little to no value in thwarting or detecting such attacks, it does offer an infrastructure of transparency, event tracking, cryptography and the chance to improve security sensor and data sharing – which some security solutions and implementations on enterprise networks lack.
Security by design, as the new standard
While originally designed to facilitate the exchange of virtual currency, the blockchain’s decentralized system seems exciting and applicable across different cybersecurity topics. The increased transparency and distribution afforded by blockchain technology definitely lends itself to solving a lot of problematic cybersecurity issues.
For instance, we may yet see the blockchain technology provide a trustworthy infrastructure for vendors to better retain control of enterprise systems and networks, perform audit trails with added confidence, and as a means to tackle weak spots in security protocols.
Perhaps, a reason why blockchain resonated well, and is being enthusiastically picked to solve issues within cybersecurity was the fact that it offers a solid model that operates “securely by design” because of the importance given to data security, in an age when trust in systems is of utmost importance.
BIO
Giannella Borg is an Information Security Engineer, working for LeoVegas Gaming Group in Malta. She has been working in Information Technology for over 10 years, particularly in iGaming, FinTech, IT Services and Computer Software industries and has attained various certifications & certificates throughout her career including CISM, CRISC, CISA and COBIT5. She is an active board member of the ISACA Malta Chapter, where she helps organise local educational seminars and workshops, engage in IT research projects, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security amongst local professional members. Giannella is well versed in many Cybersecurity fields but is particularly passionate speaking about DevSecOps and security awareness gamification topics.
