Blockchain in Cyber Security: Who is Who
According to a 2017 IBM Study of 3,000 global C-suite executives, 33 percent of organizations, across industries, are considering or actively engaged with Blockchain. Improvements in security against fraud and cybercrime make up 56 percent of the reason business leaders are currently using or considering adopting blockchain in their organizations.
Blockchain is changing the way the world works, one new technology at a time. Information Security applications for blockchain technology are strengthening traditional security tactics, as a variety of players have stepped onto the scene to disrupt the way threat intelligence is exchanged. Considering more than 4,000 ransomware attacks have occurred every day since the beginning of 2016, according to Justice.gov, it’s clear there’s a need for change.
“The blockchain’s alternative approach to storing and sharing information provides a way out of this security mess. The same technology that has enabled secure transactions with cryptocurrencies such as Bitcoin and Ethereum could now serve as a tool to prevent cyber attacks and security incidents,” says Ben Dickson, teach expert for Venture Beat.
Below we review what’s going on in blockchain and cyber security. We’re breaking down the major players so you can stay up to date with the latest and greatest in InfoSec.
When it comes to security, the greatest strength of blockchain is in the way it allows us to decentralize the process of addressing potential threats.
In the PolySwarm marketplace, decentralizing threat detection allows people from all over the world to participate. Being rewarded for submitting correct assertions also encourages experts to continue learning and innovating, allowing us to continually provide high-value cyber security.
All those participating will also have access to a common source of threat intelligence and use a common token to pay for information or work. PolySwarm eliminates the incentive to conduct duplicative work, instead fostering a competitive environment where experts compete to protect enterprises and end users.
Developed at MIT, CertCoin is changing the way PKI (Public Key Infrastructure) is implemented. The team explains:
“Current approaches to authentication on the internet include certificate authorities and webs of trust. Both of those approaches have significant drawbacks: the former relies upon trusted third parties, introducing a central point of failure, and the latter has a high barrier to entry.”
Instead, the creators of CertCoin have found a way to decentralize the process, removing middle-man authorities, and leveraging the distributed nature of the blockchain to create an auditable certification ledger, available to the public, without a single point of failure.
Keyless Signature Structure (KSI) is the focus for GuardTime, who first began their work by helping the Estonian Government create a verifiable security system.
Now, they work in a variety of industries to replace key-based data authentication by storing hashes of original files, data and the like on blockchain. When running hashing algorithms, they’re able to verify other copies of this information and compare results, allowing for quick discovery of manipulations.
Their technology can be used in security, supply chain, compliance and networking, and their mission is simple: “leverage the tools we have built, work with partners and build the highest quality enterprise solutions.”
This mobile-first anonymous coin uses Intel SGX technology as one layer to safeguard the privacy of transactions. MobileCoin is designed in part by the magnanimous Moxie Marlinspike of Signal fame.
MobileCoin’s goal: to create a streamlined, private digital currency that’s both easy to use and allows for quick transactions from any mobile device. “While it may feel like the last thing the world needs is yet another cryptocurrency, Marlinspike’s track record with Signal — and the organization behind it, Open Whisper Systems — makes this a project worth watching,” says Lily Hay Newman, writer for Wired.
With a focus on privacy and ease-of-use, MobileCoin is using nodes to manage both the ledger and transaction validation. These operate on a fully updated copy of each currency’s blockchain, and will also handle all key management for users, ensuring total privacy, ease-of-use and speed. Finally, the nodes work in conjunction with the SGX enclaves to bolster security:
“For MobileCoin, the enclaves in all of the nodes of the network hide the currency’s indelible ledger from view. Users’ private keys are stored and shielded in the enclave, too,” explains Newman.
This community-driven ecosystem is one we can get behind: supporting hacker ethics, encouraging legitimate research, and nourishing the relationship between blockchain and cyber security.
“Our ecosystem will allow customers to acquire high quality penetration test services and vulnerabilities assessment for their products. The whole process, as well as our findings, are timestamped and published to the blockchain-based HackenProof Vulnerabilities and Countermeasures Certificate, uniquely issued for each project,” explains Hacken.io on their homepage.
Hacken deviates from the norm even further with their “Burning Principal” and “Burning Model,” which they argue makes the marketplace less volatile than the wider cryptocurrency market.
Quantstamp is the first scalable security audit protocol, used to uncover vulnerabilities in Ethereum smart contracts.
In addition to security, Quantstamp is focused on making their service cost effective as well, which they believe is critical to the success of smart contract use in many industries.
The network they’ve built sets automated checks in motion. When bugs or vulnerabilities are identified a reward is given. By using their Quantstamp token, they’re able to ensure that the network is both scalable and decentralized.