Blockchain: future of cybersecurity
According to the information presented by Coinmarketrate.com, since its inception in 2009, blockchain has experienced unprecedented success. Initially, this technology was invented for the decentralized transfer of money without intermediaries. But it has much more to offer!
Indeed, it turns out to be a strategic tool in the field of cybersecurity, since since the beginning of the pandemic, the number of computer attacks aimed at companies and government services has increased fourfold, which affects the functioning of structures and endangers people’s lives.
Although this technology is not a “silver bullet” for solving all security problems or fighting cyber attacks, it can become a new tool for protecting our information systems.
Some studies have shown that a decentralized alternative can become a viable form of information storage or security of critical Internet infrastructures. Some players have realized this and are now positioning themselves on this rapidly evolving technology.
In addition to banks, many industries are tempted to integrate blockchain into their strategies in order to provide themselves with a new form of protection that can withstand cyber attacks. Currently, blockchain is a topic that attracts a lot of attention.
What is blockchain
The term blockchain, which has become very popular in the last two years, can be defined without reference to the term Bitcoin. In the literature, there is usually a definition that looks like this:
“Blockchain is a distributed registry reproduced on several computers connected to each other by a peer-to-peer network. They are called nodes. The communication between the nodes is encrypted and guarantees the identity of the sender and the recipient of the data. When a node adds a new block to the registry, it offers it to the network, which is based on consensus, to determine where (and especially when) the block will be added to the registry.
The first blockchain was the Bitcoin network. It is a database structured into a chain of information blocks, in which blocks allow you to distribute data in a network that does not necessarily have trustworthy analogues. The idea is very unique: the data is formed into several blocks, then sorted into a single chain and replicated over the network.
This register can be compared to a public, anonymous and tamper-proof ledger in which all valid transactions are recorded.
As mathematician Jean-Paul Delae writes, you need to imagine “a very large, accessible notebook that everyone reads for free, and on which everyone can write, but it cannot be erased and destroyed.” Based on this, central management bodies are not required to add a new block of information, since the consensus protocol allows all active network participants to confirm the authenticity of transactions.
Blockchain’s Contribution to Cybersecurity
The information is protected, accessible and guaranteed. There are two main ways to classify blockchains: public and private.
According to the lexicon of blockchain*, a public blockchain is a blockchain that is open to any user, whether in terms of reading (free access to the registry), using (sending peer-to-peer transactions) or participating in the proper functioning of the network (transaction validation).
A private blockchain is a blockchain in which certain rights are assigned to certain users, in particular, the right to confirm transactions. A private blockchain does not require the use of cryptocurrencies.
Heresy for some (who believe that blockchain is inherently public), and a system that others (large companies, especially in the banking sector, and government agencies) consider encouraging.
Blockchain, whether public or private, is based on peer-to-peer (P2P) exchange protocols. Briefly speaking about P2P, it is a network consisting of a number of devices collectively storing and exchanging data. All participants are individually active nodes. Their power is usually equal, and the tasks they perform are the same.
The principle of operation for P2P network
To understand how P2P works, let’s look at an example of a client-server network
In the client-server network, we have:
On the one hand, there is a computer called a client that sends requests.
On the other side is a set of computers called servers that are waiting for client requests to respond to them.
The principle of operation of the client-server network
Thus, there is a hierarchical system: the client cannot perform the same function as the server on which it depends.
Peer-to-peer networks are completely different from traditional models, where all clients also act as servers.
In other words, there is no central repository. That is why we are talking about peer-to-peer networks in order to more accurately designate computers connected to each other.
Blockchain and Cybersecurity
In comparison with the traditional model, the capabilities offered by the P2P model give a clear advantage: data storage does not occur in one centralized location, which increases their security to the risks of hacking, misuse or loss. Of course, they can be changed after the fact, but the history and trace of the modification will always be stored on the network.
Making a conclusion, it becomes clear why there is no need for a dominant body, and therefore no party can control and use the network to implement its own plans. The user becomes the true owner of his personal data if he ensures their proper protection.
Blockchain can Replace Certification Bodies
In the cybersecurity world, data encryption is based on keys: private key infrastructures (PKI). These keys are used to provide authentication, data encryption, and electronic signatures. Historically, the storage of these keys is provided by certification authorities (CA), trusted organizations that guarantee the storage and distribution of keys and certificates.
The centralized nature of these organizations creates dependence on private intermediaries, who are not always chosen, and who impose their trust on the rest of the network participants. Blockchain introduces innovation, allowing you to do without a trusted third party.
Initially, the CA generates and manages with the help of a computer the certificates required for approved electronic identifiers, which are used for secure authentication, data encryption and electronic signatures. However, this requires backup and maintenance. Replacing the CA with a blockchain, and therefore with a large number of connected machines, will make the PKI even more reliable and durable.
In conclusion, it should be noted that the blockchain meets four basic requirements for any security device:
- Availability and ability of information to be used at any time.
- Integrity, which ensures that a document or data has not been modified during its collection, processing, storage and retrieval.
- Confidentiality, which ensures that only authorized users have access to information or a document.
- Traceability, to be able who interfered with the document, especially when reading, reproducing, changing, printing or archiving it.