Bitcoin, the blockchain powered currency innovation, has been in the news recently. With a 900% appreciation over just the last year, there are concerns that Bitcoin is approaching a financial market bubble. However, there are no similar concerns about its underlying technology, Blockchain. Beyond cryptocurrency, Blockchain is already being used in a wide range of applications like banking, real estate, logistics, education, crowdfunding, government records and cloud storage. In this blogpost, we discuss one of those applications – cybersecurity.
Let’s start with an overview of blockchain. As we discussed earlier in ‘Is Bitcoin the new gold?’, Blockchain circumvents the need for a central ledger, while simultaneously keeping a record of the transactions, by keeping not one but many copies of the transaction on several computers. In practice, all outstanding transactions are grouped into blocks, each block is linked to a previous block and then recorded by a network of computers using cryptographic technology. With multiple records of transactions recorded by multiple parties without being owned by one party, it is virtually impossible for someone to fudge all records of the transaction. Most blockchains allow any party to participate in their network while some, called permissioned blockchains, require the new entity to get participation approval from the consortium. Blockchain’s unique feature – the ability to securely decentralize record-keeping across a group of willing participants, is being used to address 3 cybersecurity challenges – preventing cyberattacks, password-less authentication and secure digital identity.
DDoS (distributed denial of service) attacks are a common cybersecurity challenge. In DDoS, hackers send so many superfluous requests to a server holding a critical database, that the legitimate requests cannot be fulfilled. A typical solution to DDoS is to segment the bad traffic from good traffic and not let the bad traffic hit the critical database, just like your email provider either deletes perceived spam or routes it to a dedicated spam folder. The Blockchain solution to preventing cyberattacks is to store the critical information securely in multiple locations, thus making it much tougher for hackers to bring down all the databases. This is exactly what Gladius does. Its users rent out their unused bandwidth and computing power to a common pool, which can be used if one participant faces DDoS attack.
As we discussed in ‘Why do data breaches happen?’, almost 50% of data breaches in 2016 come from employees or contractors inadvertently giving away password/account access. But what if user and access authentication did not require login and password? Remme achieves password-less authentication for businesses by using blockchain. Instead of giving each user a username and password, it gives each device a SSL certificate. The certificate data is securely stored on the distributed blockchain, which also makes a central password database unnecessary.
Today, our digital identity is fragmented across multiple providers – social activity with Facebook, financial transactions with banks, Passport/driving ID with government etc. We not only have little control over their accuracy and privacy but also, as has been experienced by anyone after an identity theft, have all the downside from data breaches. e-estonia addresses these challenges through a permissioned blockchain. The Estonian government keeps the digital identity of all citizens on blockchain and enables citizens to view their personal data through a cryptographically secure digital identity card. Any permissioned 3rd party wishing to view that information has to first take approval from the concerned citizen, and any change to the information is seen and agreed by all permissioned participants. A single, centralized and secure digital identity thus enables citizens to access a host of eServices. In the US healthcare industry, HBR details how permissioned blockchain can be used to store, protect and share electronic medical records.
Given these strong use cases, why don’t we see blockchain used more broadly in cybersecurity? In addition to teething issues like network architecture, access & legal protocols, one interesting reason is power consumption. Adding a new block to the chain requires a lot of iterative computation which can be economically prohibitive. IEEE Spectrum gives a good overview of the electricity consumed just in mining Bitcoins: “In June, the world’s bitcoin miners were generating roughly 5 quintillion 256-bit cryptographic hashes every second …. That’s a 5 with 18 zeros after it, every second…. [The] power it takes to sustain that level of computation [is] around 500 megawatts—enough to supply roughly 325,000 homes. According to one estimate, processing a bitcoin transaction consumes more than 5,000 times as much energy as using a Visa credit card.”