Flavijus Piliponis â stock.ado
Blockchain technologies offer several design configurations and applications that can enhance security. Despite all its purported security benefits, however, the blockchain market has been rife with security issues -- cryptocurrency-related crimes resulted in more than $14 billion in losses in 2021, up nearly 57% from the prior year.
This begs the question: Are blockchains secure by design, or should blockchain use cases be designed for security?
Are blockchains secure by design?
Blockchain technology digitizes and distributes record-keeping across a network, so transaction verification processes no longer rely on a single central institution. Blockchains are always distributed but vary widely in permissions, sizes, roles, transparency, types of participants and how transactions are processed. A decentralized structure offers inherent security benefits because it eliminates the single point of failure.
Blockchains are also composed of several built-in security qualities, such as cryptography, public and private keys, software-mediated consensus, contracts and identity controls. These built-in qualities offer data protection and integrity by verifying access, authenticating transaction records, proving traceability and maintaining privacy.
These configurations enhance blockchain's position in the confidentiality, integrity and availability triad by offering improved resilience, transparency and encryption. Blockchains, however, are designed and built by people, which means they're subject to human error, bias or exposure based on use case, subversion and malicious attacks.
Fancy math and software are no match for the chaos of the real world. For this reason, blockchains are only secure by design in theory. In practice, blockchains must be designed and implemented for security.
A use case-based approach to blockchain for cybersecurity
Technologies involved in building blockchain-based platforms and applications have potential for improved security, but technologies are never the starting point. Security leaders must work with product and platform builders to first identify the problems, interactions and tradeoffs for new security capabilities, and then they can actively design, test, implement and manage them.
Here are six categories for blockchain use cases in security and privacy.
1. Resilience and availability
Decentralized infrastructure helps support resilience against attacks, corruption and downtime. This process mitigates the following vulnerabilities:
- Distributing information and communications technology networks helps reduce data exposure and redirect users when a centralized database goes offline or is attacked.
- Decentralizing DNSes is helpful for redundancy in the event of a DDoS attack.
- In an IoT context, distributing operations and administrative controls away from a central hub enables security decisions to be made closer to the periphery of the network.
2. Data integrity
Data on blockchains can't be altered because network nodes cross-reference and build upon each other and require consensus to verify transactions. Data off-chain, however, can be corrupted. This is where on-chain signatures can enable new blockchain use cases where security is paramount. Decentralized voting, health and scientific data collaboration across institutions and decentralized metadata -- which is increasingly important for optimizing AI in cybersecurity -- are three examples of data integrity applications for which blockchain designs are emerging.
3. Traceability and provenance
Transparency and traceability are core to blockchain designs, but their security benefits manifest differently in different applications. In a supply chain context, a digital distributed ledger stores tamper-proof records of transactions and freight data across parties and the product lifecycle. This reduces risks of counterfeit and tampering by any single party. In financial use cases, transparency and immutability of payment history reduce the need for a central broker. Blockchains can also improve security and privacy of transactions such as remittances and cross-border payments.
4. Authentication of software and/or device interactions
Transactions on a blockchain are not always finance-based; they can be used for any verifiable interaction. Authenticating software updates is a good cyber hygiene practice due to the proliferation of malicious "updates." Blockchain hashing can help organizations verify updates, downloads and patches with the product's developer. This also helps prevent supply chain attacks, particularly as software and edge IoT devices are prime targets for network entry.
5. Authentication of individuals
Several components of blockchain can be applied to identity protection, authentication, access management and more. These capabilities have numerous security benefits, including the following:
- Sensitive data protection. Blockchain technology can shift what information is stored on-chain, for example, a hash instead of personally identifiable information.
- Data minimization. IT teams can employ cryptographic techniques, such as zero-knowledge proofs or selective disclosure, to reveal only what is necessary for an application to function.
- Identity theft prevention. Blockchain uses cryptographic keys to authenticate identity attributes and credentials, in turn preventing identity theft.
- Multisignature access controls and decentralized administration. Blockchain can help prevent any single actor from error, takeover or fraud.
6. Ownership validation
Proving ownership of online assets was difficult before the existence of digital ledgers. Even in the physical world, deeds can be destroyed, certifications don't always hold up across borders and hundreds of millions of people lack access to stable government identity or financial services. Just as nonfungible tokens (NFTs) enable artists to digitally watermark their media, the ability to create an immutable record of authenticity and ownership with cryptographic keys has numerous security benefits across many blockchain use cases, including the following:
- Students, teachers and professionals can own their credentials, regardless of jurisdiction, reducing counterfeit certifications.
- Creators can maintain full rights over their media, improving copyright protection.
- Property owners can prove their title and delegate rights.
- Manufacturers, such as luxury brands, can attach NFTs to their goods to ensure authenticity.
Blockchain applications already power projects that rely on security, controlled access, accountability, transparency and efficiency. Security leaders must understand the benefits and risks of blockchain's general design before implementing these use cases and using them to foster trust in the digital world.