How blockchain can help fight cyberattacks
By Ben Dickson for TechCrunch
Imagine a computing platform that would have no single point of failure and would be resilient to the cyberattacks that are making the headlines these days. This is the promise behind blockchain, the distributed ledger that underlies cryptocurrencies like Bitcoin and Ethereum and challenges the traditional server/client paradigm.
In 2009, Bitcoin became the first real application of blockchain, a secure decentralized monetary exchange platform that removed the need for central brokers. More recently, blockchain has proven its worth in other fields.
Blockchain is the culmination of decades of research and breakthroughs in cryptography and security, and it offers a totally different approach to storing information and performing functions, which makes it especially suitable for environments with high security requirements and mutually unknown actors.
The concept is already being used in several innovative ways to enhance cybersecurity and protect organizations and applications against cyberattacks.
Preventing data manipulation and fraud
One of the main characteristics of the blockchain is its immutability. The use of sequential hashing and cryptography, combined with the decentralized structure, make it virtually impossible for any party to unilaterally alter data on the ledger.
This can be used by organizations handling sensitive information to maintain the integrity of data, and to prevent and detect any form of tampering.
Guardtime is a data security startup that is placing its bets on blockchain technology to secure sensitive records. It has already used blockchains to create a Keyless Signature Infrastructure (KSI), a replacement for the more traditional Public Key Infrastructure (PKI), which uses asymmetric encryption and a cache of public keys maintained by a centralized Certificate Authority (CA).
Matthew Johnson, CTO at Guardtime, believes that while PKI was a suitable technology for digitally signing software, firmware and network configurations, it was never designed to authenticate data.
“The fundamental threat with PKI is that you need to base your security on the secrets (keys) and the people who manage them,” Johnson says. “That is very hard to do well and impossible to prove — just as in the real world you can‘t prove a secret has been kept, in the security world you can‘t prove a key has not been compromised.”
Blockchain-based security is predicated on distributing the evidence among many parties.
In contrast, instead of relying on secrets, blockchain-based security is predicated on distributing the evidence among many parties, which makes it impossible to manipulate data without being detected.
“Blockchain has eliminated the need for trusted parties to verify the integrity of data just as in the cryptocurrency example it eliminated the need for a centralized authority to act as a bank,” Johnson explains.
KSI verifies the integrity of data by running hash functions on it and comparing the results against original metadata stored on the blockchain. “This is a fundamentally different approach to traditional security,” Johnson says. “Rather than using Anti-Virus, Anti-Malware and Intrusion Detection schemes that search for vulnerabilities, you have mathematical certainty over the provenance and integrity of every component in your system.”
KSI is already being considered by organizations such as the Defense Advanced Research Projects Agency (DARPA) to protect sensitive military data, and by the Estonian eHealth Foundation to secure over one million health records.
Preventing Distributed Denial of Service attacks
On October 21, millions of users across the U.S. were cut off from major websites such as Twitter, PayPal, Netflix and Spotify. The reason was a massive DDoS attack that brought down the DNS servers of service provider Dyn.
The episode was a reminder of how a weakness in the current backbone can become a bottleneck and a point of failure in a system that involves thousands and millions of nodes and users.
Blockchain provides a fundamentally different approach to cybersecurity.
“The killer weakness of the current DNS system is its overreliance on caching,” says Philip Saunders, founder of Nebulis, a distributed, blank-slate DNS system. “This is what allows China to poison its DNS nameservers, censoring key social networks and banned keywords. At the same time it is also what makes it so easy for millions of autonomous devices under the control of malicious code to shut down whole networks and have these interruptions persist.”
Blockchain offers a solution, Saunders believes, a decentralized system would make it literally impossible for the infrastructure to fail under an excess of requests.
Nebulis uses the Ethereum blockchain and the Interplanetary File System (IPFS), a distributed alternative to HTTP’s centralized structure, to make its DNS infrastructure immune to DDoS attacks.
“Blockchains, particularly the Ethereum platform, can allow a different approach,” Saunders explains. “Only changes or updates to the record cost money in the form of network fees, but reads are free, as long as you have a copy of the blockchain.”
As Saunders explains, with the Ethereum blockchain, you read straight from your own copy without imposing costs on the network. “This has great potential for lifting a great deal of pressure from the physical backbone of the internet,” he says. “It also means we can do away with many of the redundancies of the traditional DNS and come up with something which is much better.”
The team has finished the first draft of the Nebulis directory, which is currently undergoing testing. They plan to launch the first iteration of the directory soon.
Preventing data theft in untrusted environments
Encrypting data has now become a norm across organizations. However, when you want to act upon that data, you’ll have to decrypt and reveal its contents.
“Currently, there’s really no option for computing over encrypted data in the market,” says Guy Zyskind, founder and CEO of Enigma, a decentralized cloud platform based on blockchain. “The result is that we can only encrypt data at rest (i.e. while being stored on disk) or in-transit (sending over the wire), but not in-use. This means that when we process data, in whatever way or form, we end up decrypting it. This poses the usual risks associated with data breaches — an attacker with access to a system can see the plain-text data.”
Another problem pertains to the fact that we live in an era of cloud and on-demand services, where our data is accessed and processed by untrusted third parties.
“There are many situations where we want to jointly work on data without revealing our portion to untrusted entities,” Zyskind says. “This happens constantly in the business world, where companies would like to collaborate without revealing sensitive information that they are prohibited from sharing due to security, privacy and even regulation reasons. Similarly, we’re seeing more peer-to-peer systems where users themselves would like to maintain their privacy and anonymity.”
Enigma enables different participants to jointly store data and run computations while maintaining complete privacy. The platform uses blockchain to record time-stamped events and hashes of files that prevent attackers from hiding their tracks if they manipulate data.
Additionally, Enigma uses Multi-Party Computation (MPC), a cryptographic technology that performs computations by distributing data and tasks among multiple untrusted parties and making sure each party only has partial access to the data. “The parties are trusted as a whole, decentralized unit, but not individually,” Zyskind explains.
According to Zyskind, the combination not only prevents data from being tampered with, but also protects it from falling into the wrong hands. “The main point to consider is that the two technologies are complementary — both are needed to protect against a wide spectrum of cybersecurity threats,” he says.
The paradigm can be used in several settings involving parties that cannot directly share data with each other but have the need to perform joint operations over it. Potential use cases involve simple tasks like bookkeeping, aggregations and generating simple statistics. It can also be used to train machine learning models over encrypted data sets owned by different parties.
Enigma also can be used in fraud detection, where organizations can jointly execute fraud-detection algorithms over their encrypted data without compromising privacy.
Blockchain and the future of cybersecurity
Blockchain provides a fundamentally different approach to cybersecurity, which can go beyond endpoints and include user identity security, transaction and communication security and the protection of critical infrastructure that supports operations across organizations.
The paradigm shift represented by blockchain can provide the transparency and auditing that will enable us to make the most use of shared online services, while eliminating the potential security and privacy trade-offs.
First appeared at TC