Cybersecurity has been a concern since before online transactions became prominent, although, in years earlier erast, there may have been less of a temptation for attackers to try their hand at stealing information as there were relatively few transactions taking place on the internet.
But today, with literally millions of retail sites and other user-facing companies storing and processing extremely sensitive personal information such as addresses, bank account info, credit card numbers, and social security numbers, it shouldn’t be too surprising that malicious attackers see transactions and servers as an opportunity for profitable theft.
In several high-profile situations, data breaches have been massive and left tens of millions of people wondering whether their personal information was being sold online.
It does need to be acknowledged that many large companies have dedicated a great deal of time and resources to enhancing their cybersecurity, and strides have been made as a result. It is currently much more difficult to attempt a data breach than it was ten years ago, thanks to infosec systems like privileged account management.
But this doesn’t mean that personal data is 100% safe online. Quite the opposite, in fact, since many attackers are now using social engineering tactics to convince individuals to hand over their own information.
An example is phishing, which is a tactic where attackers contact users posing as a trusted site or institution and request that users provide personal information under the guise of some allegedly-legitimate internal process of the company.
So when we talk about improving cybersecurity, we’re not only talking about purely technical improvements.
Still, there is a new factor in contemporary cybersecurity: blockchain, and it’s what we’re here to talk about today.
One of the simplest ways we can describe blockchain is as a digital ledger system that has become famous for preserving anonymity and for its potential to essentially operate on its own, or with minimal input from humans.
Blockchain only entered public discourse for its role in the cryptocurrency phenomenon, with Bitcoin being the most well-known and the most popular among traders.
Eliott Teissonniere of Nodle
Our expert guest, Eliott Teissonniere, has been working directly with blockchain technology since the early days.
CTO of a startup by age 17, he advanced rapidly through the tech world and landed at the Internet of Things (IoT) and blockchain startup Nodle, where he greatly expanded the scope of the company, from its capabilities to the sheer number of patents filed.
Teissonniere has since been recognized as an authority on blockchain and decentralized governance.
Here, Teissonniere has helped us to cover the relationship between blockchain and cybersecurity in detail.
To kick things off, there’s a seemingly straightforward question: is blockchain more secure?
“Although [blockchain] opens new potential attack vectors that are specific to it, it guarantees that all the participants in a blockchain network are behaving as intended, meaning that we can have full certainty that the code of the blockchain node has been executed with no tampering. In addition to that, a Blockchain can be a formidable tool when a clear audit or access log is needed. Indeed, every transaction or action happening on it is recorded and untamperable.”
This permanency can be extremely helpful in regards to investigating issues, for example. Even if there is some foul play that takes place via blockchain, the record of that incident isn’t going anywhere, allowing investigators to use that information to learn more and potentially prevent similar problems in the future.
Overall, blockchain can be much more secure than more traditional cybersecurity methods, though it’s not completely infallible. With Teissonniere’s help, let’s explore the relationship between blockchain and cybersecurity.
How blockchain prevents tampering
So how exactly does blockchain prevent individuals or groups of people from tampering with operations?
As Teissonniere explains, a great deal of blockchain’s strength comes from its status as a network. Blockchain doesn’t exist in a single place or on a single machine; it’s made up of many different high-caliber machines, and the network itself provides checks and balances for the other ‘members’ of the network.
“Every computer actively participating in a blockchain network has to verify and execute every transaction before agreeing with all the other computers on its results. They do this through something called a consensus protocol. As long as a majority of participants are honest and use the correct code, malevolent parties won’t be able to change the state of the blockchain since their changes won’t get approved by the others.”
In other words, it would take a highly-coordinated effort from many, many different participants in a blockchain network to alter the trajectory of the entire network.
It’s not a complete impossibility, but it is extremely unlikely. Compare this to attacks on more traditional cybersecurity systems, where a small group or even a single attacker could succeed in breaching security and obtaining data under the right conditions.
This is a major security benefit of blockchain, and it comes from blockchain’s inherent structure rather than through explicit cybersecurity measures.
Add to the equation the fact that attacks on major blockchains generally require attackers to hold that network’s utility token (Bitcoin or Ethereum, for example), and the financial prerequisites to stage any sort of meaningful attack can become insurmountable.
Applying blockchain to aid security
To be clear, blockchain isn’t currently widely used by major companies and sites that process mass amounts of user information. There are some examples, such as Hedera Hashgraph, but these networks remain the exception that proves this rule. Therefore, mainstream cybersecurity remainsa separate category from blockchain.
But it’s both interesting and potentially quite important to compare blockchain with current cybersecurity technology, especially when it comes to authenticating users in order to approve transactions.
An important note on this topic is that blockchain doesn’t use standard username and password logins, instead utilizing what’s called cryptographic signatures.
“A blockchain would be very helpful in any scenario where authenticating users is crucial. On a blockchain, every user is identified by a unique cryptographic identifier which is then verified every time a transaction is executed.”
Realistically, that cryptographic identifier can’t be faked. This contrasts sharply with sign-ins. If a cyber criminal has your login information, there will be little standing between them and your data. Yes, you might get an email saying that there’s been a login from a new IP address, but if you don’t see that notification quickly enough, then, depending on the site in question and their own cybersecurity protocols, it may already be too late.
Teissonniere feels that, in this way, blockchain has a clear advantage over traditional sign-in methods, and he also argues that it could easily be integrated into some of our personal devices.
“In general, the implementation of such [blockchain] systems can be seen as superior to existing systems used by major tech companies. When it comes to authenticating users, a cryptographic signature is superior to the usual username and password combination due to the lack of a shared secret between the service and the end-user. Additionally, it’s possible to leverage the use of hardware security modules built into most consumer devices to manage users’ cryptographic keys seamlessly, making it easier and more secure than traditional solutions.”
That analogy of a shared secret is a very useful one in terms of explaining the benefits of a cryptographic signature over a login system.
The more ‘people’ that are involved, the more potential opportunities there are for attack.
Using that shared secret analogy, imagine you need a favor from someone at your place of work. Your coworker agrees, but only if you divulge a personal secret. Since you have no other options, you share the secret.
Now, if someone else wants to learn that secret, they can try to get it out of you and they can try to get it out of your coworker. There are simply more ways for that information to find its way into the wrong hands.
In this scenario, blockchain systems essentially allow you to handle everything yourself. You’re keeping all the secrets to yourself, therefore reducing the risk of attack. No one can fool you into giving away something you don’t want to.
Responsible and practical implementation
While the market surrounding cryptocurrency trading may make mainstream headlines, we’re not living in a time when non-speculative use of blockchain dominate discussion of the technology
Teissonniere highlights how responsibly and practically implementing blockchain systems can be difficult and costly:
“Implementing any blockchain software generally requires a specific kind of expertise. This makes it expensive and tricky to build a correct implementation from scratch, which is why most companies and projects are more likely to build atop existing implementations instead of creating their own. In addition to that, any serious implementation usually has to go through one or more third-party audits to make sure that it is correct.”
With this in mind, it is possible for large companies of any industry that store large amounts of user data to utilize blockchain systems in some way, and if they chose to do so, advanced cybersecurity would definitely be one of the immediate advantages.
As Teissonniere explained above, the initial time and financial investment required to design or license an existing blockchain system and then migrate to that system may be seen by some companies as too substantial a barrier.
But it’s also possible that, as blockchain tech becomes more ubiquitous and as cybersecurity threats become more serious, blockchain may help lead the way into a new era of cybersecurity, one that benefits all of us.