By Jesús Cedeño, Senior Editor, cryptocoinsociety.com
These days many people (especially if they’re more or less tech-oriented) have heard about cryptocurrencies and blockchains. Even if they don’t fully understand these terms, think that Bitcoin is the only cryptocurrency or only know that blockchains are the “thing that makes Bitcoin work”, they have heard or read about these terms. Cryptocurrencies have their supporters and detractors, but they are reshaping the world of finance. Blockchain technology is also having an impact on many sectors, not limited to that of cryptocurrencies themselves. Blockchain applications are being developed for education, trade, and other areas. But what about cybersecurity? What is the impact of blockchains and cryptocurrencies on cybersecurity? Read along to find out more about what’s going on in this sector.
Just what is a Blockchain?
Let’s start by explaining what a blockchain is to make sure we’re all on the same page. We probably all know what a ledger is. Ledgers have been around for millennia as records of transactions. Some examples of ledgers in the modern world are the accounting logs that all businesses keep. Blockchains are, at their core, ledgers. So what makes them different?
Unlike a business’s accounting ledger, which is usually stored in a single, secure location, blockchains are distributed ledgers. This means that there are many copies of the ledger stored on many computers across a network. And the blockchain itself has ways of assuring that all copies of the ledger are identical to each other. This keeps the information stored on the blockchain immutable and protected from crashes, attacks, or other after-the-fact modifications.
The anonymous, secure nature of blockchains has had both positive and negative impacts on cybersecurity. Let’s take a look at both.
Blockchains and Cyber Security: The bad
Although cryptocurrencies are far from the only application for blockchain technology, they were the first successful implementation of blockchains. Specifically, Bitcoin was the first such implementation. Bitcoin offered users a secure, reliable, anonymous way to transfer funds. And anonymity was the first major factor that drew many users to Bitcoin.
Of course, any normal, law-abiding, by-the-book citizen anywhere in the world can have perfectly valid reasons for wanting to make anonymous financial transactions. Personal security can be one of them; if you have a lot of money, you don’t necessarily want everybody around you to know that. But the flip side of anonymity is that it is also desirable for illegal purposes. In the early years of Bitcoin, many black market sites like Silk Road would accept payments only in Bitcoin. In more recent years, cryptocurrencies are increasingly being used as forms of payment in ransomware attacks. In these cases, anonymity means that identifying and prosecuting the ones responsible is extremely difficult. Cryptocurrencies have also made money laundering easier.
This downside of cryptocurrencies’ anonymity is the reason why many exchanges are being forced to comply with KYC policies if they want to keep operating. So, each user on these exchanges is being asked to provide proof of identity and/or residency to use the exchange’s service. Even localbitcoins, a long-time haven for anonymous Bitcoin transactions, have recently started applying KYC.
Of course, there are many services that you can currently use to protect your personal data and enhance your cybersecurity and that don’t work with blockchain technology. But these systems have a drawback… they are centralized services, meaning that they are hosted on a particular server. This makes the security systems themselves targets for hackers and other ill-intentioned people that want access to your data. Though far from a security system, Facebook is a good example of what can happen. In October 2018 a hack on Facebook’s servers exposed personal data on over 30 million accounts.
Blockchains and Cyber Security: The Good
Looking at the bad things just mentioned above, you can probably notice something important. These downsides are really related to cryptocurrencies (or, more specifically, the ways some people have chosen to use them) and not to blockchains themselves. There are three features in blockchains that can make them useful for cybersecurity: decentralization, immutability, and transparency.
In a decentralized system, by definition, there is no single main server. All information is shared between all the participants in the system. These are the nodes that host the blockchain. New nodes can be installed at any time, but it means downloading the entire ledger so every node has the exact same information. Besides sharing the same information, the nodes work together to ensure that the data is intact; unchanged (here’s where the immutability feature comes in). If there is no single server and all nodes are constantly verifying the information, this makes the system very secure. A potential hacker that wanted to alter any data would have to hack most of the nodes in the blockchain at the same time. This is near-impossible.
Having the data spread out over many nodes also improves availability. Since there is no single server, then saturation because a lot of people are trying to read the data at the same time is less likely and decreases, even more, when new nodes come online.
Transparency is something that can be seen as an advantage or a disadvantage, depending on the situation. All transactions on a blockchain are publicly visible, meaning that the data on the blockchain isn’t usually encrypted. If you go to a Bitcoin blockchain explorer like btc.com, you can see every transaction that has ever occurred on that blockchain. For example, you could see that on August 30th, 2020, at 12:35, 0.13098231 BTC was sent from the wallet address 33ACizvWTKqBGCKFdM2DEhVRp4qxeWcBPw to wallet address 13UsFi8MnqmgxBU31T9uWA5ocXLZkeNPQy. The transaction is visible to all. We just don’t know who owns those wallets. For all we know, it could be a user sending Bitcoin from his personal wallet to an exchange wallet.
Even though the data isn’t usually encrypted, that doesn’t mean it can’t. Some blockchains are designed to encrypt the data, and data can also be encrypted by an app before storing it.
So blockchains offer an available, secure, hack-proof way to store data. And this can be used to improve cybersecurity in several ways. Let’s take a look at some of the possibilities.
Blockchains and Cyber Security: What’s being done now?
So there are a lot of theoretical benefits of using blockchains for enhancing cybersecurity. But it’s not just on paper. There are five key aspects of cybersecurity that are exploring the benefits of blockchains right now:
- Safer DNS
If you aren’t too into the technical aspects of the web, you probably don’t realize that the addresses for all the websites you visit, like Facebook, Wikipedia, Google, The New York Times, etc. are actually IP numbers like 18.104.22.168. But can you imagine browsing the web like that? Having to remember the IP numbers for all the websites you visit regularly (instead of easy website names like www.google.com) would be too much of a hassle. That’s where Domain Name Servers (DNS) come in. When you type www.cyberdefensemagazine.com, your computer asks a DNS where to go. The DNS knows the IP number for the site and directs your browser where you want to go. Imagine what can happen if someone hacks the DNS. They can alter it so that when you type in an address, you will be redirected to some other site. They can make you enter your bank information at a site that looks just like your bank’s website but is actually under their control. They can make whole websites unavailable for hours or days at a time. These are what are known as DNS attacks or Denial of Service (DoS) attacks.
If the DNS data were stored on a blockchain instead of specific servers, that would make these kinds of attacks near impossible. This is something that is already being looked into. DoS attacks are a big problem in cybersecurity, but their days just might be numbered.
- Secure Private Messaging
Instant messaging is great. Apps that let you send messages, audio, photos, and videos instantly, or even make voice or video calls to anywhere in the world have completely changed the way we communicate with each other. But this improvement came with an initial cost: data security. There were many cases of stolen data in the early years of instant messaging platforms like WhatsApp. While it is true that some apps like Telegram and WhatsApp itself have implemented end-to-end encryption to secure user’s data, other services are looking to blockchains for enhancing security and create a framework that would even make cross-platform messaging possible. Users can even be rewarded with crypto tokens for using these apps. SENSE chat and FortKnoxter are some of these early, blockchain-based instant messengers.
- Decentralized Data Storage
Having online backups of your personal data can be a life-saver. If your computer ever crashes, needs to be formatted, is stolen, or simply goes toes-up because of an electrical failure, your cloud storage is there for you. Just stop for a second and think about what potentially valuable information is in your Dropbox or OneDrive account. I know of a fellow crypto enthusiast (who honestly has more enthusiasm than technical know-how) that used to keep his private wallet keys in unencrypted text documents on OneDrive. Businesses can store sensitive information about millions of clients. Losing that information would be a disaster. But these data storage services are all centralized, meaning that a hacker knows where the information is stored, and those servers are highly attractive targets.
There are projects in development, like the Apollo Data Cloud, that use blockchains to ensure the security of the information stored in them. The data isn’t usually stored on the blockchain itself, but spread out over many storage nodes using protocols like the InterPlanetary File System (IPFS). This way there is no single entry point to the data and each file is split into pieces that can be on any node. This makes it a lot harder for anyone to break into your valuable personal information.
- Safer, More Fair Web Browsing
If you’re a casual web browser, you’re probably not aware of how much valuable information you’re actually sending out. Your web browser keeps track of your history, including what you do after you visit a particular site. Websites use trackers to know what kind of ads you click on and which ones you don’t; what pages you stay on longer and which ones you barely glance at before moving on. This is all valuable information that companies can sell. There’s also the issue of rewarding content creators. Have you ever visited a web site and wished there was a way to tip the content creator directly. Maybe it’s a new YouTuber that still doesn’t have enough followers or views to start receiving rewards directly from Google but is putting out good content. If so, you might want to check out Brave browser. It’s a more private browser with built-in tracker blocking and that enables tipping via the Basic Attention Token (BAT) cryptocurrency. You can read more about it in this Brave Browser review.
- Safer “Smarts”
These days, the internet isn’t only on our computers or smartphones and tablets. Each day there are more “smart” devices. Now we can have smart TVs, refrigerators, air conditioners, washers, toasters and a lot of other things. I’m pretty sure smart pencils and pens aren’t too far away at this point. This is what is known, very appropriately, as the “Internet of Things”, or IoT. While these IoT devices can bring a lot of benefits, they also bring risks. There’s no way of knowing if the manufacturer of your new smart toaster is taking the trouble of making it secure enough. And each device connected to the internet is a potential entry point for hackers, so if one of them managed to hack your toaster, they could then have access to your whole network.
Implementing IoT blockchains could help make smart devices a lot “smarter”. The blockchain could continuously monitor all the nodes and learn what behavior is expected from each device. So if your microwave suddenly starts asking for the feed from your smart camera, this suspicious activity could be shut down without having to send a request to any security server.
Cryptocurrencies have somewhat of a bad rep in certain circles. Lots of people don’t understand them and lots of governments don’t trust them. To be fair, there are some valid reasons for that mistrust. But those reasons are related to the way some people have used cryptocurrencies for many kinds of scams and money laundering and not to the cryptocurrencies themselves. And they certainly don’t apply to the blockchain technology behind them. Blockchains can be used for a lot of things and they can certainly become a major force for enhancing cybersecurity. The main advantage of blockchains as applied to security systems is their decentralized, self-verifying nature. With no single point of entry and needing to compromise possibly hundreds or thousands of nodes at the same time, hacking blockchain-based security systems is nearly impossible. The potential impact of blockchains and cryptocurrencies on cybersecurity is huge and I, for one, am excited to see what the near future will bring. How about you? What excites you most about blockchain-based security systems? What concerns you most?
About the author
Jesús Cedeño is the senior editor of Crypto Coin Society. He is a doctor turned cryptocurrency and blockchain enthusiast who loves sharing his thoughts on everything crypto, blockchain, and decentralized technology-related in an attempt to help simplify the subject matter in order to make it more accessible to the masses. Jesús can be reached on LinkedIn (https://www.linkedin.com/in/jesuscedeno73/) and at our company website https://www.cryptocoinsociety.com/author/jesuscedeno/.