Blockchain's brilliant approach to cybersecurity

Blockchain’s brilliant approach to cybersecurity

Blockchain’s brilliant approach to cybersecurity

Hackers can shut down entire networks, tamper with data, lure unwary users into cybertraps, steal and spoof identities, and carry out other devious attacks by leveraging centralized repositories and single points of failure.

The blockchain's alternative approach to storing and sharing information provides a way out of this security mess. The same technology that has enabled secure transactions with cryptocurrencies such as Bitcoin and Ethereum could now serve as a tool to prevent cyberattacks and security incidents.

Blockchains can increase security on three fronts: blocking identity theft, preventing data tampering, and stopping Denial of Service attacks.

Public Key Infrastructure (PKI) is a popular form of public key cryptography that secures emails, messaging apps, websites, and other forms of communication. However because most implementations of PKI rely on centralized, trusted third party Certificate Authorities (CA) to issue, revoke, and store key pairs for every participant, hackers can compromise them to spoof user identities and crack encrypted communications.

For instance, controversy recently broke over the key renegotiation process of WhatsApp, which could possibly be exploited to push false keys and perform man-in-the-middle attacks on one of the most popular and secure messaging apps in the world. Publishing keys on a blockchain instead would eliminate the risk of false key propagation and remove the shadow of doubt about the authenticity of users' conversation parties.

Read Also:
Six Key Principles to Accelerate Data Preparation in the Data Lake

CertCoin is one of the first implementations of blockchain-based PKI. The project, developed at MIT, removes central authorities altogether and uses the blockchain as a distributed ledger of domains and their associated public keys. CertCoin provides a public and auditable PKI that also doesn't have a single point of failure.

More recently, tech research company Pomcor published a blueprint for a blockchain-based PKI that doesn't remove central authorities but uses blockchains to store hashes of issued and revoked certificates. This approach gives users a means to verify the authenticity of certificates with a decentralized and transparent source. It also has the side benefit of optimizing network access by performing key and signature verification on local copies of the blockchain.

Another interesting study of identification based on distributed ledgers is the IOTA, a project that applies Tangle (a blockless type of distributed ledger that is lightweight and scalable) to provide the backbone for millions of IoT devices to interact and identify each other in a peer-to-peer manner and without the need for a third-party authority.

Read Also:
How Big Data Is Helping the NYPD Solve Crimes Faster

“By referencing hashes that match identity attributes of an individual tied to the ledger one can start to reconstruct the entire identity management system. The fact that you can tie these attributes of person to a tamper-proof hash makes it impossible for someone to forge your identity,” says IOTA cofounder David Sønstebø.

We sign documents and files with private keys so that recipients and users can verify the source of the data they're handling. And then we go to great lengths to prove that those keys haven't been tampered with, which is difficult when the key is meant to be secret in the first place.

The blockchain alternative to document signing replaces secrets with transparency, distributing evidence across many blockchain nodes and making it practically impossible to manipulate data without being caught. How do you prove that the San Antonio Spurs were the champions of the 2014 NBA Playoffs? You don't need to because it's general knowledge. The same applies to data on a blockchain distributed ledger.

Read Also:
6 Reasons Why Big Data Career Is A Smart Choice


Chief Analytics Officer Spring 2017

2
May
2017
Chief Analytics Officer Spring 2017

15% off with code MP15

Read Also:
What is Artificial Intelligence?

Big Data and Analytics for Healthcare Philadelphia

17
May
2017
Big Data and Analytics for Healthcare Philadelphia

$200 off with code DATA200

Read Also:
Data Science for IoT vs Classic Data Science: 10 Differences

SMX London

23
May
2017
SMX London

10% off with code 7WDATASMX

Read Also:
Six Key Principles to Accelerate Data Preparation in the Data Lake

Data Science Congress 2017

5
Jun
2017
Data Science Congress 2017

20% off with code 7wdata_DSC2017

Read Also:
Lessons Learned: What Big Data and Predictive Analytics Missed in 2016

AI Paris

6
Jun
2017
AI Paris

20% off with code AIP17-7WDATA-20

Read Also:
Data Science for IoT vs Classic Data Science: 10 Differences

Leave a Reply

Your email address will not be published. Required fields are marked *