How blockchains are redefining cyber security
Blockchains are more than just Bitcoin – they’re a whole new way of looking at cyber security, writes Vijay Michalik, research analyst for digital transformation at Frost & Sullivan
Blockchains are a nebulous concept. You'll have heard of Bitcoin already, and may understand that a blockchain, in the technical sense, is the foundation. Blockchains don't just encompass this breakthrough technology, but a spectrum of business models, organisational structures and radical ideas.
Bitcoin is the first truly successful blockchain application, a digital currency, and it occupies an important space within this spectrum. Its technological capabilities are matched with a carefully balanced incentive structure. It also fosters a community around its open-source development, and third-party businesses creating applications and integrations.
Blockchains are built on a history of security research
Far from being an unprecedented breakthrough, with unintended consequences, the blockchain technology stack is a culmination of decades of cryptography and security research.
The 1970s cryptography breakthrough of the Merkle tree and the distributed hash tables of the 1990s combine to create autonomy, fault tolerance and scalability for distributed systems. They're the tools that built famous decentralised applications like BitTorrent, Napster and Freenet.
Bitcoin's most impressive contribution is recognising the synergies between this field of distributed communications and file sharing systems, and digital currencies, which had seen many false starts prior to Bitcoin's success since 2009.
The key was Hashcash, a system proposed in 1997 to limit and suppress email spam and denial-of-service attacks. Hashcash is an algorithm that requires the sacrifice of processing power as a security mechanism. This proof-of-work creates the incentive structure and network verification that now powers cryptocurrencies.
The final step is the addition of smart contracts to the blockchain stack, a name coined by Nick Szabo as early as 1993. Smart contracts are algorithmic; a type of self-executing code which enables more complex asset transfer and the automated exchange of rights. These are the building blocks of a complete programming language, and the more advanced blockchain applications such as those envisioned by Ethereum.
What we get is a set of security tools that are very good at coordination between mutually unknown actors and secure data or value transfer. We think of blockchains as having four key characteristics to this end: they're cryptography-based, distributed, peer to peer, and, in many cases, open source.
Innovative blockchain applications in security
As with many open source movements, we're seeing the different stages of the blockchain ecosystem build out in waves: first the core protocols (Bitcoin, Ethereum and other platforms); now middleware, from Consensys; and then applications.
There's been some degree of consolidation on blockchain development around Bitcoin and Ethereum over the past year, although Ethereum isn't the second biggest token by market capitalisation.
Bitcoin's first mover-advantage and financial specialisation has granted it momentum and early market interest, while Ethereum's Turing-complete programming capabilities enable many other truly disruptive opportunities.
Guardtime's security solution runs on a private blockchain, and features a cross-vertical solution replacing RSA digital signatures: its KSI (Keyless Signature Infrastructure), which uses only hash-function cryptography for signing. This prepares digital identity systems for the security necessities of the future – where quantum computers make factorisation problems like those that RSA relies on trivial.
Inter Planetary File System (IPFS) is a new core internet protocol that is designed to supplant the Hypertext Transfer Protocol (HTTP). IPFS can address some of the most difficult security challenges that the HTTP-based internet faces: centralised hosting and distribution, and weak application of content-signing protection.
Using context-driven storage, self-certification and an incentivised blockchain mechanism, IPFS becomes a secure, permanent web, resilient against server failure.
MIT's Enigma, based on the Bitcoin blockchain, enables any code to be run on encrypted data. In its model, data can be stored, shared and analysed without being fully revealed to a single third party, enabling trustless sharing of data and distributed computation without resorting to full transparency. This grants blockchains, even in a permissionless setup, access to the full spectrum of data visibility from fully private to public.
Colony.io is a decentralised schema for business based on the Ethereum blockchain. The namesake colonies present a flat organisational structure with security, incentives, flexibility and resilience built in, capable of supporting businesses in many industries.
Tokens are awarded to users based on fulfilled tasks and organisational decisions are made based on consensus between contributors. These tokens represent equity in the colony business and are tradable for cash.
The whole system is run on a tokenised blockchain, with an identity and reputation system and voting system complementing its blockchain. It represents a culmination of different opportunities implied by blockchains' features.
It's a secure business model through its adaptability, digital identities, and democratic incentivisation. In the words of Alain de Botton, "It’s just the sort of thing that proves capitalism can be both moral and helpful, as well as profit generating.”
A holistic view of security
When we think of that combination of features, we can see blockchains as a broader way of looking at security. Not only traditional endpoint protection, but a holistic approach that includes user identity security, transaction and communication infrastructure security, business security through transparency and audit, and security from malicious insiders, compromised nodes or server failure. These are all addressable with blockchains because security and privacy are central to the protocol, and not an external consideration.
A holistic view is necessary to maintain today's connected world. The past decade of digital transformation across industries has put our lives and livelihoods in data.
Where individuals, businesses and governments are constantly locked in a battle against bugs, fraud and malicious actors, blockchains propose an alternative.
The paradigm shift blockchains represent can offer true data integrity, advanced digital identity systems and a new way for business to offer transparency for audit alongside access for third parties.