Security through obscurity is widely frowned upon by cyber security experts. So you might assume that using blockchain technology — the system that underpins crypto currencies such as Bitcoin and which allows people to hold the currencies and make transactions with them anonymously — would be equally frowned upon. In fact, nothing could be further from the case. Blockchain has the potential to revolutionize many areas of cybersecurity and make life considerably harder for cyber criminals and casual hackers.
Security through obscurity is the digital equivalent of burying treasure in the ground: its security depends on the fact that no one else knows where it is hidden— nothing more. Going back to blockchain technology, the key point to remember is that even though it enables people to carry out transactions anonymously, it does not rely on obscurity for its security.
In fact the reverse is true. Not only is blockchain technology well understood, but it was also specifically designed to be transparent in the way it operates. Even though people may use it anonymously, it offers no privacy or confidentiality at all when it comes to transactions that are recorded in the blockchain.
As most IT professionals are no doubt aware by now, blockchain technology appeared on the scene a little over a decade ago. A blockchain is defined as a growing list of records, called blocks, that are linked using cryptography. Each block of this distributed ledger contains a cryptographic hash of the previous block, a timestamp, and the transaction data referred to earlier.
By design, a blockchain is resistant to modification of its data. This is because once recorded, the data in any given block cannot be altered retroactively without alteration of all (or at least the majority) of subsequent blocks (to substitute a new hash of the previous block.) Since public blockchains are highly distributed, altering subsequent blocks is practically impossible as it would involve altering multiple copies of the blockchain sitting on computers all around the world. And that, as we shall see, makes it ideal for many cybersecurity applications.
One obvious application of blockchain technology for security is to secure DNS servers. These servers contain mappings between IP addresses and domain names. Although there are multiple instances of these DNS servers, they should all be the same, and it should only be possible for individual DNS records to be changed by the owners of those records.
Blockchain technology is ideal for this, precisely because data can’t be changed retroactively. That means that the integrity of the data stored in the blockchain is guaranteed, so a hacker would not be able to poison a DNS server by modifying DNS records — perhaps in order to carry out a denial of service attack. But the owner of a DNS record could make a change, and this change would be recorded on the DNS blockchain.
Another possible use of blockchain technology for cybersecurity would be to use it to verify that software, including router and other network hardware firmware, application installers, and security patches, is genuine and has not been modified by hackers. Currently this is done using hashes of the software, with the correct hashes being made publicly available so that they can be compared with hashes carried out by the software user. But this system presupposes that the public hashes themselves have not been modified by hackers to match the modified software. A tamper-proof blockchain containing the hashes of any software releases would be a far more secure option that would be practically impossible for hackers to corrupt.
The Internet of Things (IoT) is yet another field in which the application of blockchain technology for cybersecurity purposes is hugely promising. That’s in part because IoT devices are often widely geographically distributed, but also because the data that these devices collect and transmit needs to be tamper-proof.
Since a blockchain system is near impossible to modify, there is no trust requirement for any parties that are part of a blockchain-based IoT network: no one company has control over the potentially vast amounts of data generated by the IoT devices, and all organizations party to the blockchain can see all the data.
Storage Secured by Blockchain
Perhaps the most universally relevant area in which blockchain technology may end up being used for security is for storage. Using a storage blockchain service such as Yottachain, participants’ data is sharded, redundant copies of each shard are made, and the shards are then encrypted and distributed to multiple storage nodes. Records of where each node ends up and changes to data are stored in the storage blockchain. (It’s important to note that data itself is not stored in the blockchain, only metadata.)
The benefit of this type of distributed storage is that, by definition, there is no central data storage repository for a cyber criminal to target. Any hacker that managed to access a particular storage node would only be able to access (encrypted) shards of data, rather than the data in its entirety, and would be unable to tamper with or otherwise modify the shard.
Blockchain’s Almost Unlimited Potential
There are certainly many more potential applications of blockchain technology for cybersecurity than those outlined above — some of which may already be under development, and some of which have yet to be conceived of. As a secure, decentralized and incorruptible ledger of digital transactions, it is uniquely positioned to make digital operations more secure and cyber criminals’ activities a great deal more challenging. In the long run it may well be that blockchain will be seen primarily as a cybersecurity tool rather than a platform upon which cryptocurrencies can be built.