Blockchain Security for Enterprise: How safe is it?
Stating the Case for Blockchain Use in Enterprise Level Applications.
Blockchain Security
The Blockchain is the underlying technology supporting digital currencies like Bitcoin; it’s a decentralized platform that securely processes transactions through encryption[1].
Since this technology cannot be owned by any one person, company, or entity, and each user has the ability to view or access the state of Blockchain at any given time, the Blockchain has become increasingly lauded as a new underlying protocol and infrastructure to do completely new and revolutionary functions that have a great impact on business, industry, government, and potentially society.
As a notable basis to the protocol, the security and verifiability of data and its transfer is achieved using mathematically designed cryptosystems.
Miners, as they are called, who are a network of computers forming a validated consensus of the state of the blockchain, are scattered all over the globe. This network, by nature and design is decentralized and crypto-economically incentivized to be resilient to attacks.
The decentralized consensus nature of blockchains (in this case Bitcoin) renders them almost impossible to break at its core; as an attacker or group of attackers would require the computational hashing power of a nation state and all the tech companies therein to overcome the more than 51% computational power of the network.
“The blockchain has the ability to enhance reliability in business processes by eliminating political and economic risks associated with trusting a centralized system.–Vitalik Buterin [2],
Trust and transparency can run together while leaving a public audit trail for their activities for everyone to check its validity.
Blockchain and Cyber Security
The cyberspace is the underlying infrastructure that holds the key to the modernity in technology.
However, its vulnerability to attacks complicates the essence of its existence, therefore it’s crucial for developers to put up concrete cyber security measures for safety and integrity of data [3].
“The fact that traditional systems work in a centralized manner render them readily prone to attacks since the attackers only target the central server.–Buntinx [3],
This is what’s called a single point of failure, or a “honey pot” problem.
A Blockchain inherently offers a distributed and decentralized network systems thereby eliminating these single points of failure.
They also offer encrypted authentication, digital signatures and public key encryption, distributed ledgers based on consensus, smart contracts, and fault tolerant transaction processing.
The integration of consensus mechanisms in the Blockchain network is a breakthrough in cyber security that actualized the ability to keep hackers out [3].
Blockchain Data Security
One of the driving factors that led to the invention of Blockchain technology is the need for confidentiality, integrity, and authentication for financial-related information.
The level CIA standards of information security are achieved in Blockchain technologies through the implementation of cryptography and encryption methods in the relay, processing, and storage of data.
Encryption may be defined as a cryptographic technique that entails the use of a complex mathematical algorithm to encrypt (close) and decrypt (open) data.
Homomorphic Encryption
The essence of Homomorphic encryption is to enable for computations on encrypted data before its actual decryption [4].
Currently, data privacy and transactions is upheld since computations may be done on the data but only those with the decryption key may access its contents [4].
Homomorphic encryption occurs in two main processes that are full and semi-complete arithmetic schemes.
Fully Homomorphic encryption schemes are said to be Turing-complete since they allow for both addition and subtraction operations on the ciphered messages. On the contrary, Semi homomorphic schemes like RSA only support one arithmetic operation on the ciphered text.
Zero Knowledge Proofs
An essential interaction for a Blockchain can be determined through Zero knowledge Proofs, cryptographic techniques that require two transacting parties, a prover, and a verifier, to prove some propositions about the transaction without having to be true without having to reveal all its information [4].
For a zero-knowledge proof to be considered valid, they must meet three conditions:
Strictness: the honest prover must follow the protocol by convincing the honest prover with the correct statement.
Accuracy: No false statement would be used by a cheating prover to convince and honest verifier except when the statement has some truth probability in it.
Zero-knowledge: when the main statement is true, all the cheating verifiers will only learn about this fact. It is achieved through simulating the process to each cheating verifier without access to the validator, given the statement to proof; it produces a mimic of the interaction between the honest prover and cheating verifier.
Using Blockchain for Security
A Blockchain is commonly known for its potentially resilient combination of safety features. Information Age [5] explains that a Blockchain as a holistic approach to the traditional endpoint protection with additional features for user privacy, communication and transaction security, business and system security through transparency, audit trail, and distributed encrypted nodes. Across blockchains protocols, safety and confidentiality are highly prioritized as central pillars for maintaining the growing digital age.
It can be said that where individuals, businesses, and governments are constantly locked in a battle against bugs, fraud, and malicious actors, blockchains propose an alternative.
The fact that the emerging blockchains can offer utmost data integrity, high-tech digital identity systems, and public/transparent audit trails reinforces the above statements. I would highly encourage enthusiasts to look into a little known, but emerging blockchain startup company called BackFeed who are working on these types of protocol innovations.
But Can the Blockchain be hacked?
Encryption protection
Most “blockchain” protocols are designed as a decentralized peer to peer networks that allow members to jointly store and run computational operations on the data without compromising the security and privacy[6].
Encryption has successfully been used as a data protection technique, but the vulnerability occurs when the user decrypts the data. The encrypted data can be kept in secure cloud files free from hackers by keeping the secret key safe. However, whenever the users need to access the data, they may have to unlock it and hence rendering it prone to hackers [6].
Consensus and distributed ledgers
The consensus is the protocol used to limit all transacting parties to adhere to the set consistency and the agreed distributed order of recording approved transactions thus creating an interconnected data store known as the distributed ledger [7]. Since a consensus must be reached, the common blockchain protocol rules are that a hacker must have at least 51 percent of the computational energy to break the consensus algorithm which may potentially be achieved using quantum computers.
Blockchain Use cases
Enigma
Zyskind, Nathan, and Pentland [8] wrote that “[Enigma] is a peer-to-peer (P2P) network, enabling different parties to jointly store and run computations on data while keeping the data completely private”.
Its computational model relies on the latest improved multi-party computation version, secured with a verifiable private-sharing scheme. It utilizes an improved distributed hash-table as its storage facility for the encrypted data [8].
It uses an external Blockchain to control its network, authenticate access, monitor and enable uninterrupted log of events.
Enigma has proved its worth having won the final round of the MIT Bitcoin Project’s Summer Startup Competition 2014. Courtesy of its creators, vibrant final presentation of its prototype, Amir Lazarovich & Guy Zyskind, MIT Media Lab students and Oz Nathan, a Bitcoin entrepreneur, the team, won $5,000 grand prize among other prices in the previous rounds. A small prize given the innate transformational power that their protocol has innovated.
Hawk
Hawk is a decentralized platform for writing smart contracts that hide the financial transactions it stores on the Blockchain to maintain the privacy of transaction data from the public view [9].
The Hawk system allows programmers to write private smart contracts without having to implement cryptography instantly; the compiler is perfectly designed with cryptographic primitives like zero-knowledge proofs to automatically generate efficient cryptographic protocols to enable the interfacing between the Blockchain and contracting parties.
Hawk embraces the formalized cryptographic model of Blockchain that allows for full security of its protocols. The Hawk formal modeling is a standard way of designing apps to run on decentralized blockchains.
Ethereum
Ethereum is a cryptocurrency built in Turing-complete language by Vitalik Buterin. Like Bitcoin, it allows for numerous interactions organization and execution through increased reliability, reduced business and political risks linked to centralized ownership, and eliminates the need for trust [2].
Ethereum Blockchain offers a platform through which different types of applications from different companies can run together while allowing efficient and seamless interaction where an audit trail is produced to keep track of the processing of data.
Blockchain Risks
Cyberspace Crime
Hackers and attackers may employ Blockchain cryptographic algorithms and mechanisms to perform malicious activities without leaving any traces one, most notably is what’s called a sybil attack. Cryptosystems have also led to the rise of the dark web where illegal goods and services are traded beyond governmental authorization or consent. For instance, the anonymity feature in Bitcoins has sparked a global uproar in the financial technology scams and thefts.
Irreversibility
Information encrypted in cryptosystems may not be accessed if the real user forgets or loses the private or decrypting keys hence they may not recover their rightful data unless they have spare keys correctly backed up.
Conclusion
Blockchain Technology has evolved over the last few years, initially known as the underlying Bitcoin technology infrastructure for sending secure payments, or transfers of value, and has gained reputation, if not over-hyped potential, from this pioneering implementation. The Bitcoin Blockchain has clearly demonstrated the power of decentralized peer to peer applications regarding both security and privacy of data. Having passed the test of time, we can only appreciate its resilient security and adopt it to embrace and take advantage of this high-level technology.
Originally published at intrepidreview.com on October 10, 2016.
I’m always interested in meeting web3 founders, engineers, and designers who are working on challenging projects. — so please feel free to contact me on Twitter