Rob Behnke
June 14th, 2021
Blockchain technology can solve a number of major cybersecurity problems. By creating a way to store a trusted ledger and perform computations in a decentralized fashion, blockchain transforms common business practices. Additionally, much of the trust previously placed in centralized authorities (like banks) has been transferred to cryptography and other algorithms.
The blockchain is a complex system with a number of different features and functions. While the blockchain as a whole has many applications, some of the features that it provides are very useful in the field of cybersecurity.
Here are 5 ways in which blockchain technology can be applied to cybersecurity use cases:
One of the main goals of the blockchain is to create an immutable and distributed digital ledger. The original purpose for this was to store financial data (i.e. the records of cryptocurrency transfers), but any data (including other records, executable code, etc.) can be stored on a blockchain’s distributed ledger.
The blockchain creates an immutable and decentralized ledger by having each node in the network store a copy of the ledger. This ledger uses cryptography to make it very difficult to create a fake copy of the ledger that would be accepted by all of the nodes in the network. This combination of distributed storage and ledger immutability makes it very difficult to forge the ledger to delete or modify the data that it contains.
An immutable digital ledger has a number of potential applications in cybersecurity. One example is for the storage of log files. Cybercriminals commonly delete or modify log files during their attacks to hide their tracks, making it more difficult to detect their presence or figure out what they have done. With an immutable and distributed digital ledger storing log data, it is much more difficult to create a fake version of the record that hides the attacker’s activities or to delete every copy of the ledger across the network.
A core tenet of the blockchain is decentralization. The blockchain was designed to replace traditional financial systems, which rely upon centralized parties like banks to control and secure records of financial transactions. The blockchain is designed to spread power over a number of different parties and incentivize each to act in the best interests of the blockchain network.
The blockchain’s decentralization depends heavily on the blockchain consensus algorithm. Any blockchain consensus algorithm uses a scarce resource to represent control over the blockchain. The more of that resource that a party controls, the higher their probability of being selected to create the next block. Since block creators choose what to include in their blocks and add to the ledger, this equates to control over the ledger itself.
Blockchains incentivize creators to build valid blocks and attempt to distribute control over their scarce resources to prevent 51% attacks and similar threats to their decentralization.
Decentralized decision-making makes systems more difficult to attack because it eliminates single points of failure. If a system relies on a single node to make all decisions, then an attacker who disables or corrupts that node can break the system. With the decentralization provided by blockchain consensus algorithms, an attacker needs to disable or corrupt many nodes in the blockchain network to gain control over its decision-making processes.
The blockchain is designed to implement a distributed digital ledger. Additionally, the introduction of smart contracts has made it possible to support distributed processing on top of this ledger.
Blockchain’s distributed data storage and processing are made possible by the design of the blockchain protocol. Multiple nodes store copies of the digital ledger and agree on a process for updating that ledger. This ensures that all copies of the ledger remain synchronized without the need for a central authority to choose the “official” version of the ledger.
A distributed system for data processing and storage is more resilient than a centralized one. In the event of a cyberattack or other business-disrupting event, it is possible that some nodes of the blockchain network will be knocked offline. With a distributed system for data processing and storage, the blockchain network can maintain operations much longer than a traditional, centralized system and can more easily bring downed nodes back up-to-date once operations are restored.
The functionality of the blockchain is heavily dependent on authenticated data with strong integrity protections. The original blockchains were designed to store financial data, and these systems wouldn’t work if anyone could create a fake transaction from a certain account or modify data after the fact.
With a distributed ledger that communicates updates over a peer-to-peer network, it is essential that every node in the network be able to verify the authenticity of a transaction or block and that it has not been tampered with en-route.
Blockchain ensures data authenticity and integrity using public key cryptography and digital signatures. A digital signature proves that the signed data came from the owner of a particular private key and has not been tampered with since. With knowledge of the public key associated with that private key, anyone can verify the signature and the authenticity and integrity of the data that it protects.
One of the major challenges associated with digital signatures is verifying ownership of a public key. Blockchain solves this problem by using public keys for identity throughout the system. A blockchain address is derived from a public key, so it is easy to verify that data signed with a particular public key was created by the owner of that account (or someone who knows their private key).
A system for data authentication and integrity verification is valuable in any industry, including cybersecurity. Digital signatures can be used to validate the authenticity of software before running it or tie actions on a computer to a particular user.
The original blockchains were designed primarily for data storage, enabling them to implement a decentralized financial system. However, these blockchains were expanded to include support for smart contracts. Smart contracts enable programs to run on top of the blockchain in a distributed and decentralized fashion.
The blockchain uses the blockchain’s decentralized ledger to implement smart contracts. Instead of holding financial data, transactions on these platforms carry executable code. When a block is added to the distributed ledger, every node runs the code that it contains in their copy of the blockchain’s virtual machine. Since every node has a virtual machine with the same starting state and runs the exact same code, they always agree on the current state of the blockchain’s virtual computer.
Smart contract functionality is valuable in cybersecurity for many of the same reasons that the blockchain’s distributed storage is. The ability to run programs on a distributed and decentralized platform makes these programs more resilient because all of the systems need to fail for the program to stop working. Storing operations on an immutable ledger that is publicly visible also supports the auditability of these transactions.
Blockchain technology has a lot of promise in the field of cybersecurity. However, it is not well-suited to all cybersecurity use cases. For example, storing sensitive personal data on a publicly-visible, immutable ledger is always a bad idea.
Blockchain use cases in the field of cybersecurity must be carefully designed to ensure that they solve the intended challenge without introducing additional problems. Before any blockchain-based solution is launched for cybersecurity use cases (or any use case), it should undergo a comprehensive audit to identify any issues with its design or implementation.