The tech sector is looking at new uses for blockchain, and information security is one area that holds promise.
Bitcoin, Ethereum, and other cryptocurrencies are making their way from the dark alleys of SilkRoad and AlphaBay into the mainstream. Suddenly, investing in these digital currencies has become something of a fad, with hedge funds and Wall Street pundits getting on board.
As someone who works in IT and sees both the behavior of customers and platforms, there is a clear trend -- though anecdotal -- of more interest over both new cryptocurrencies and consequently, matters that relate to safety and privacy.
While digital currencies may provide a new and substantial investment vehicle, the greater revolution may not be through Bitcoin, but through the blockchain technology upon which it is built. Suddenly blockchain is being suggested as a solution for everything from farming to climate change, and from real estate to VR content marketing.
Blockchain technology has some inherent properties that make it uniquely designed to change the way we address information and communication. This is most clear in the realm of cybersecurity, where blockchain is making some substantial inroads already.
Blockchain, as a distributed ledger, stores information immutably. This means there can be no change to information once it is coded into the chain. The implications for this in the cybersecurity world should be evident.
Blockchain is based on ‘hashes’, or mathematical functions that result in a single multi-digit solution. The point of hash equations is that they are impossible to back-calculate, since they are very complex equations and require access to the original data point. Further, any change to the original data would produce a different response in an unpredictable way, identifying any mutation.
Additionally, blocks are linked together with this hash. Each block not only contains its own data and hash, but also references the hash of the previous block. Therefore the connection between each block is more than simply the connection of blocks together. Since the hashes are based on the previous block’s data content, both the content and the hash are immutably connected to the previous block.
Consider the specific application in finance for example. Transactions can be immutably processed and stored in such a way that there is no risk of compromise. Credit card transactions cannot be disputed once coded. Financial transfers can be digitally signed, processed, and verified in seconds, immutably.
Bitcoin debit card and wallet providers such as Cryptopay are already taking advantage of this system.
The company created an exchange with dollars, euros, and pounds as fiat currencies, while leveraging their knowledge of the blockchain technology to create safe and secure systems for Bitcoin owners.
Because companies like Cryptopay can assure the safety and integrity of their users’ data and transaction information, there is almost no risk. Plus the Bitcoin debit card is accepted anywhere VISA is accepted, making use and functionality effectively equal with traditional debit cards.
Blockchain can also be utilized for validation mechanisms. Traditional validation mechanisms are user passwords. The problem with passwords is that they are tied to humans. They can be forgotten, misplaced, or given out indiscriminately.
When a password is compromised, the entire data network is compromised. No matter how much a company spends on its security infrastructure, a single compromised password creates an impossible scenario for security teams.
Blockchain solves this issue by effectively eliminating passwords. Rather than having a user store a single password, the password for any user can be identified as a given hash of a block. This hash password creates a certificate for the user to log in. Once a login occurs, the certificate is revoked, and a new certificate on the blockchain hash is created for the next login.
One simply needs to access the system through a portal in order for the blockchain hash to be created and then revoked. This hash-based system creates a new password (much like a token key) that cannot be replicated or distributed, and is revoked at logout.
While a token key can create a similar system, the key system is dependent on hardware that is carried by the user and therefore subject to the same limitations as a password, whereas the blockchain system is digitally dependent on the blockchain, and is fully secure.
Distributed ledger messaging
The power of blockchain for data distribution is also being used to create new and completely secure messaging systems.
There are no means to knowing which encrypted data points in the ledger belong to any specific message within the chain. Only the user with the appropriate signature can access the encrypted and distributed message and read the deciphered message.
This system allows transmission of any type of data, from documents to message and photos. This also creates a distributed network that allows users to send funds via proprietary cryptocurrencies on the blockchain. In this way, funds can be transferred completely securely, and completely anonymously.
Ralph Tkatchuk is a data security consultant and an IT guy with 15 years of field experience working with clients of various sizes and in different verticals. He is all about helping companies and individuals safeguard their data against malicious online abuse and fraud. His current specialty is in ecommerce data protection and prevention, with a keen interest in AI and machine learning. He runs TK Data Sec, a DataSec and IT consultancy.
The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.