Some of the major corporations in the world, like Lockheed Martin and the US military, have deployed blockchain for securing their data. In India too, state governments of Andhra Pradesh and Telangana, as well as a few commercial banks are using this technology to protect their database records and fight against cybercrime.
Blockchain, the underlying technology of cryptocurrencies offers a completely unique approach to cybersecurity. It establishes a high trust environment for storing and sharing information, say security experts. With an unprecedented increase in the adoption of emerging technologies blurring the security perimeter, it is pivotal to have more distributed security models like Blockchain guarding the virtual walls of data integrity,” says Manish Sharma, Principal Consultant at IDC.
Using Blockchain for data breach mitigation
Recently, attackers had hacked into Equifax’s network that led to a potential compromise of sensitive data of over 140 million of its users, all of which was held in a centralized location.
“Blockchain technology uses a decentralized security model as compared to traditional centralized cybersecurity models, eliminating the perils of the single point of breach. This has been the perennial limitation of traditional methods of enterprise security”
Principal Consultant, IDC
On a blockchain, the data is stored and distributed on decentralized networks without the authority of any single entity. Experts believe that the decentralized trait of this technology can be effectively utilized to hamper attacks.
“Blockchain technology uses a decentralized security model as compared to traditional centralized cybersecurity models, eliminating the perils of the single point of breach. This has been the perennial limitation of traditional methods of enterprise security,” tells Manish Sharma. "Technologies based on the blockchain work on decentralized network systems which provide provenance, integrity, and identity associated with digital assets,” added Sharma.
Every new block of information being added to a chain is encrypted with a part of the previous chain, making the historical record of data unchangeable. It is designed in a way that if a hacker tries to alter anything on the blockchain, it will cause a change in the entire data signature, which can be easily identified and isolated to alert the network administrators. For a hacker to successfully attack the blockchain network, it would require him to simultaneously alter the constantly-updating nodes, making it almost immune to tampering.
Keyless Signature Infrastructure
To connect to any network, public keys are used for authentication and encryption under the current public key infrastructure (PKI). By attacking the central repository where certificates are stored, hackers can easily fake user identities and break encrypted exchange of data.
Blockchain-based keyless signature infrastructure (KSI), helps to securely manage the public keys, thus eliminating the risk of breach.
“Because the data is not stored on one server, but distributed to many parties, even if there is an attack on one system, it will not be affected. That is where the blockchain really helps in preventing data breach attacks,” says Sivarama Krishnan, Leader-Cybersecurity at PwC India.
Blockchain creates a trusted environment
Blockchain allows users to deal with others whom they ordinarily cannot trust, without the need of a neutral third party or regulator. Using advanced cryptography, a blockchain is unreadable to the members it is shared with. It is based on hash functions that are constantly updated, making it more secure than simple encryption. The distributed nature of blockchain removes the presence of blind trust in third parties.
“When you can trust everyone in the whole chain, it becomes safer and safer to transact upon. The current roll outs we see are communities which have deployed blockchain from the starting to the end point, from bank to the trader. When all parties are fully able to trust each other in a business environment, it is good for security. But the technology is still evolving, so we have to wait and watch its impact,” said Shrikant Shitole, Country Head, FireEye.
Blockchain-based keyless signature infrastructure
To connect to any network, public keys are used for authentication and encryption under the prevalent public key infrastructure (PKI). The keys are awarded through digital certificates managed on an authorized central server. By attacking the central repository where certificates are stored, hackers can easily fake user identities and break encrypted exchange of data.
“Because the data is not stored on one server, but distributed to many parties, even if there is an attack on one system, it will not be affected. That is where the blockchain really helps in preventing data breach attacks”
Leader-Cybersecurity, PwC India
But, with the help of a blockchain-based technology, known as keyless signature infrastructure (KSI), the public keys can be securely managed, which eliminates the risk of breach. “Keyless signature infrastructure relies on the use of hash function cryptography as compared to the traditional asymmetric key cryptography used in public key infrastructure, and provides real-time signature validation to ensure comprehensive enterprise security,” said Manish Sharma.
But, the adoption of keyless server infrastructure is at its nascent stage due to lack of regulatory support. “Keyless signatures could be a great technology but today only public key infrastructure has full regulatory support and if we use blockchain-based keyless infrastructure, it is all going to be based on future legal validation,” said Sivarama Krishnan.
User access management on blockchain
In a blockchain, an identity of a user can be tied to a tamper-proof hash, making it almost impossible for someone to copy the identity. By matching the identity of an individual tied to the blockchain hash, the entire identity management system can be reconstructed in case of a mishap.
An Alternate to HTTP
Blockchain technology is also being used to serve as an alternate for HTTP web protocol. The Inter Planetary File System (IPFS) uses blockchain protocol and hash cryptography to make a more secure form of internet.
Hacking into servers and attaining user passwords is a big cause of enterprise data breach. Blockchain technology is being used to create networks which don’t require entering the user password. A use case is a Ukrainian startup, REMME, which gives unique SSL certificates to all devices in a network and records them automatically on the blockchain, removing the need for an authentication server and password database. This makes it difficult for the hackers to attack those networks.
Blockchain for a secure web
Blockchain technology is also being used to serve as an alternate form of web protocol in place of the present HTTP. Known as Inter Planetary File System (IPFS), it is a decentralized peer-to-peer form of network which uses the blockchain protocol and hash cryptography to make a more secure form of internet. IPFS employs nodes to distribute files stored in the network, thus eliminating the central point of failure by ensuring no single node is storing all of the data.
Blockchain adoption in enterprise security
Blockchain functions in enhancing cybersecurity through various means such as encrypted authentication, digital signatures and keyless signature encryption, distributed ledgers based on consensus, smart contracts, and fault-tolerant transaction processing. For businesses, using blockchain technology certainly gives a boost to the cybersecurity market, which is estimated by IDC to cross the $80 billion mark by end of 2017. The technology is promising compared to the traditional methods of security. But its full-blown adoption in enterprises, especially in India, may take time, believe experts.
“Although the adoption of blockchain-based technologies as an alternative to traditional enterprise security models is at a nascent stage, its use cases have started evolving. In India, organizations such as TCS are using blockchain-based keyless signature infrastructure to provide data protection and privacy,” said Sharma.