Blockchain: Can it secure the Internet?

The recent Bitcoin bubble thrust the concept of cryptocurrencies firmly into the public consciousness. But attention quickly shifted away from Bitcoin itself – just one of a huge range of crypto-powered digital currencies, after all – and onto the technology that underpins it: the blockchain.

Blockchain has been the focus of huge amounts of research and development for at least a few years now, but it’s only really in the last six months or so that the media spotlight has made it an everyday term, often connected to adjectives like “world-changing”, “transformative” or “revolutionary”. So what’s the big deal? How is blockchain going to make the world better, faster, more secure?

Decentralization and distribution

The bulk of current data storage and transaction processing is centralized – when you withdraw from or pay into your bank account, whether you do it online, by mail, over the phone, or in person in a physical branch, eventually that change to your account is recorded, stored and verified in a central database.

That central point is a major risk, one that banks around the world have invested huge amounts of time, effort and cash into keeping secure; if it gets hacked, or blockaded by denial-of-service, or knocked out by a missile, or diddled by a rogue admin, it’s game over. The same is true of pretty much everything else in the digital world, from shopping sites and cloud storage to health and voter records.

Blockchain operates on quite the opposite model – entirely distributed, with no single point of failure. Every “node” contributes to checking and verifying each other node’s input. This makes it waaay more difficult for malicious types to break into.

It’s not invulnerable to DDoS, but an attacker would have to first identify the nodes, then take down enough of them to prevent the system from reaching the “consensus” required to approve a transaction. It’s not invulnerable to hacking either, but again it would take a huge number of small node hijacks rather than one big attack on the central point. Assuming your blockchain implementation is a reasonable size, this puts it beyond pretty much any attacker.

There are proposals being floated to develop blockchain-based, distributed file storage, more resilient DNS, even DDoS systems which make use of blockchain’s decentralization to redirect traffic around blockages. An example is Gladius, a blockchain startup creating a decentralized content delivery network (CDN) and DDoS mitigation system. Gladius uses the blockchain to distribute files and assets across  thousands of computers that share its network. When users sign up with the Gladius network, they can rent out their computer’s idle time, storage, and bandwidth to host websites and receive cryptocurrency in exchange.

Traceability and transparency

Another feature of blockchain is its inherent traceability, something that is largely lacking, or at best no more than an add-on, in most of the other systems we currently use. In blockchain systems every transaction that’s ever been performed is included in the chain, and cannot be changed retrospectively without corrupting the chain.

You can pick back through and see exactly what happened, exactly when, and who took part – hence the frequent use of the term “ledger” (and also, the expanding nature of blockchain ledgers – the bitcoin chain doubled from 50 to 100GB through 2016).

This makes it ideal for applications like legal contracts, government and health records, regulatory compliance, and of course banking and stock trading – anything where absolute integrity of the data, and trackability of changes, is a must.

Another side benefit for stock trading is speed – while current trades typically take a few days for the creaky old banking system to confirm and “settle” a deal, a blockchain approach would eliminate this delay, cutting out the expensive middle-men and rolling all the components of making a deal into a single step.

Even state governments are recognizing the value of blockchain technology, A new state bill introduced to the Colorado Senate is looking at using blockchain technology to secure private data from cyberattacks.

Introduced on Jan. 16, Senate Bill 086 suggests that using a distributed ledger would eliminate the need for paper records and in-person updating of such data. The blockchain system would subsequently solve the state’s existing data collection and retention issues, and create a more secure record

Encryption and confidentiality

The Bitcoin blockchain, like most other current implementations, is public and can be inspected by anyone. There are options to implement blockchain with access controls though, and this could offer greatly enhanced privacy in communications.

The ability to encrypt all the data all the time, to ensure its integrity thanks to the pooled validation of the chain, and to have your archives always retrievable thanks to the distributed setup, make this sort of approach ideal for business, governmental and private citizen comms applications.

The implementation of blockchain methods will actually build more trustworthy infrastructure for digital services.

There are numerous blockchain-based, peer-to-peer private messaging systems in the works – at least one provider is looking at per-message micropayments via cryptocurrency “tokens”, which should seriously reduce the attractiveness of spamming and trolling. Even DARPA is working on an “un-sniffable” comms system for the military.

Identity and authentication

Ever since the first pair of computers were connected to each other, we’ve struggled to find dependable ways of confirming that the person or device at the other end of the connection was who they claimed to be. PKI implementations like SSL/TLS or the venerable PGP are indeed “pretty good”, but they depend on centralized key management and certificate authorities, which can be vulnerable to the same risks as any other centralized system.

Blockchain itself generally makes use of PKI, but offers opportunities for much more resilient implementations, leveraging the distributed structure. There are even “keyless” variants, one of which is already in use to secure health records of over a million people in Estonia.

With each node reliably identifiable and almost impossible to spoof, blockchain can allow for extremely dependable identification, something which is likely to first impact IoT devices – being able to truly authenticate every device connecting to your network, and indeed to track their activities with no possibility of spoofing, deleting or concealing anything, will be a major boon for IT admins currently dealing with the boom in BYOD.

This benefit extends even further as our world get “smarter” – there are applications for blockchain in securely identifying and tracking components in power grids and other utilities, smart metering, and much more besides.

A brighter future, some day…

So, it looks like blockchain has the potential to provide all sorts of benefits, both for security and usability. Our future online world could well be a much safer and more efficient place, but of course it all depends on implementation – there are likely to be many flawed attempts before we get things right. When decentralized blockchain protocols start displacing the centralized web services that dominate the current internet, we’ll start to see real internet-based sovereignty and security.  Whether it will ultimately solve the problem of identity remains an open question – there’s still a gap between humans and our devices – but it certainly shows signs of moving us a few steps closer to a more secure future.

Previous ArticleConvincing executive stakeholders that even the tiniest cyber-incident can lead to big disasters. Next ArticleGDPR: The big myth that could slide US firms into hot water.