How blockchain technology protects us from bad actors in our digital future
The blockchain industry has experienced significant growth in the last couple of years as one unicorn after another sprouts from the soil that grows crypto start-ups. In this new series of blog posts and webinars, we take a closer look at the technology and explore why it is so successful and why everybody is talking about it. We also look beyond the speculative aspect that blockchain is so frequently associated with and focus on the real-world problems that the technology is poised to solve.
In the course of the last few years, crypto adoption has ramped up and blockchain use cases have been changing with the zeitgeist. Even Bitcoin itself, the reigning king in the crypto space, is in a constant struggle to reshape and redefine what problem the technology ultimately is going to solve. The narrative of Bitcoin has slowly transitioned from a peer-to-peer payment system to a store of value because of the mathematics behind the curtains. In general, use cases for blockchain technology have progressively diversified away from solely being a means of payment and thus towards being cryptocurrency. Indeed, thousands of blockchain projects emerged in the last couple of years, many of which are claiming to solve a specific real-world issue that needs to be addressed in a specific field.
The unique properties that blockchain brings to the table make the application attractive in several business areas, such as finance, pharma and logistics. There are several other areas that are heavily impacted by the technology. Due to a high level of digitalisation, cyberattacks have ramped up. Hence, in this first of a series of blog posts, we will highlight the area of cybersecurity and describe how blockchain can elevate this sector to new heights and help us in our daily lives.
Why is blockchain relevant for cybersecurity?
Although there is still tremendous room for growth, there is already a wide range of cybersecurity problems that are being addressed concerning data security, mutability and authentication, among others.
Today, most all of us use Internet of Things (IoT) devices on a daily base. Smartphones are undeniably useful and have revolutionised our lives in many ways. Thanks to thousands of apps available to download, we use smartphones for different matters. Therefore, to make life even more comfortable, the number of smart products that communicate wirelessly with other devices in the age of IoT has grown rapidly.
In a nutshell, such a system collects data through sensors and other devices and then collates and transfers it, ultimately (automatically) manipulating the data gathered.
Although there is still tremendous room for growth, there is already a wide range of cybersecurity problems and cyberattacks that we are facing in our daily lives and that are being addressed concerning data security, mutability and authentication, among others.
To secure access and protect us from bad actors, blockchain can be very relevant.
In such a network, blockchain is predestined to authenticate devices to the network as well as end users to devices, such as mobiles, laptops, cars and refrigerators, in order to secure access and protect us, the end users, from bad actors in the network. In this field, private blockchains could be used to secure the network, securely track data management and prevent any malicious access from outsiders through permitted access control.
Through the properties of the blockchain, data storage and sharing also become an area of interest. In a highly connected and globalised world, it remains crucial that data stored in the4/4cloud is resistant to unauthorised change and can be verified as being the same from dispatch to receipt. With data storage and sharing, a distributed ledger, which is a technology used in blockchain, can be utilised to eliminate a single source of failure within a given storage system, ultimately protecting the data stored from tampering.
Other fields of application where blockchain could play a prominent role in the future are private user data and navigation of the Internet. On the one hand, the technology could help protect personal identifiable information from being exchanged with other parties. On the other, safely utilising web applications and communicating with others through secure, encrypted methods has become essential in a world where everything happens in the digital realm, although encryption is not a measure uniquely bound to blockchain. Although blockchains are generally a ledger that can be seen by everyone, which can be problematic from a data protection standpoint, the security of private user data can also be enhanced. For example, typical user device preferences can be encrypted and stored on the blockchain to be retrieved only by the users themselves.
In addition to that, the navigation and utility of the Internet can be improved by using the blockchain to validate wireless Internet access points by storing and monitoring access control data on a local ledger.
Centralisation as the predetermined breaking point
The majority of existing security measures and applications rely on a single trusted authority to verify information or store data, which leaves the system vulnerable to attack. This is where blockchains shine compared to existing security measures since they are by definition decentralised and do not require authority and trust of an individual member of the group (or network). Since all the historical information is available to every participating member of the network, the system does not require trust.
Ultimately, the system does not require trust because each member of a network has a complete copy of all the historical information available, and just by achieving consensus of the majority, more data will be added on top of the existing information. The bottom line is that many members of a group who have access to the same information will be able to secure that group far better than a group made up of one leader and a host of members who rely on the leader for their information. That is particularly true when bad actors could come in the form of group members or even as the leaders themselves.
A whole industry has formed around tackling the problem of handling malicious programs and people through blockchain technology. To illustrate how real-world companies try to solve real-world cybersecurity issues, we will now take a look at a specific example of an innovative player in the market.
The pain point of IoT
One of the companies who has committed itself to the fight against cybercrime is ASVIN, an award-winning company from Stuttgart. The start-up, founded by experts that are highly influential in the fields of IoT and cybersecurity, builds its solution on a combination of several blockchains and other distributed ledger technologies (DLT). DLT refers to an infrastructure that allows for decentralised access, validation and record updating in an immutable manner. DLT is one of the cornerstones of a blockchain, but there are other platforms that use DLT and operate like blockchains while also having some distinct differences.
So what pain point has ASVIN identified in the market? In the past, only mobiles and computers were connected to the Internet, but in the new era of IoT, we connect other things, such as security cameras, refrigerators, cars and industrial equipment, which are now part of the Internet. There are well over six billion devices on the Internet, and within a few years, this number is expected to triple.
The IoT suffers from increasing risks from cyberattacks caused by vulnerabilities in software. Vulnerable software is the number one reason for malicious activity in networks, so users as well as developers need a clear and holistic picture of software to improve the security of IoT devices. This is where a software bill of materials (SBOM) comes into play. In a nutshell, this quite essential bill can be described as a list of components used in a piece of software and is perhaps one of the most important actions for development teams because it lets you know exactly what is in your code.
To connect to the Internet, devices have evolved from being analogue to being more and more digital, meaning that they are linked to some kind of software. However, when creating such software for new, complex IoT products and fleets or updating the existing ones, companies often struggle to create a complete SBOM.
The problem is that there is often a lack of supplier information for components and software, or the information is outdated. The blockchain enables companies to build a comprehensive and sustainable risk management system and gain much more visibility, thereby shedding light on vulnerabilities in their networked products, which allows them to quickly react to threats when they surface.
DLT has enabled the SBOM to develop into an enhanced version of itself, the distributed software bill of materials (D-SBOM), which enhances security through decentralisation and provides a solution for complex IoT software supply chains by documenting all IoT devices’ software. In addition, vendors can use D-SBOM to track software installed on IoT devices and determine its exact origin. Such tracking allows continuous monitoring of IoT devices for known software vulnerabilities as well as fast reaction times should a new weakness in the code surface.
Blockchain, the panacea? An outlook.
Blockchain technologies and fully distributed and decentralised systems have only been in development for a bit over 10 years and thus are still in their infancy. However, cybersecurity in general is a rather broad topic that has been around much longer.
The scope of applications for blockchain to improve security in cyberspace is manifold. However, blockchains and related technologies, such as distributed ledgers and encryption, offer no silver bullet for cybersecurity issues. If anything, they simply strengthen existing efforts for secure networks, communications and data. They utilise encryption and hashing to store immutable records, which is similar to the technology conventional cybersecurity solutions have utilised for a long time now.
As new possibilities in the digital realm emerge, malicious actions usually accompany them. This might also bring new sets of requirements for blockchains in their quest to make the digital space safer for everybody. For example, permissionless blockchain frameworks, such as Bitcoin and Ethereum, generally take minutes to reach consensus. However, such latency might not be acceptable for time- and delay-sensitive applications. In its highly innovative spirit, the blockchain community strives for better solutions every day, which will certainly have positive effects on cybersecurity in the future.