Blockchain has the potential to improve encryption and authentication as these six use cases for blockchain in security demonstrate
It has become something of a priority for industry leaders, especially in financial services, energy and manufacturing. Authenticating Bitcoin payments has perhaps become the most cited use case, but this technology can extend to applications like content delivery networks and smart grid systems too.
Blockchain has the potential to improve everything from data integrity and digital identities to enabling safer IoT devices to prevent DDoS attacks.
Bill Buchanan, an acclaimed computer scientist and professor at the School of Computing at Edinburgh Napier University said: “In 2018, we must encrypt by default. At the current time, you cannot verify that no one has read an email sent to you, and that it hasn’t been modified. We often can’t even verify the sender.
“With blockchain methods, we can properly verify and sign our transactions. While there is some hype around cryptocurrencies, the implementation of blockchain methods will actually build more trustworthy infrastructure for our digital services.”
Blockchain in security
- Securing edge devices with authentication – As IT focus shifts to supposedly “smart” edge devices with data and connectivity, so, too, goes security. Many are subsequently seeking ways of using blockchain to secure IoT and industrial IoT (IioT) devices, given that the technology strengthens authentication, improves data attribution and flow, and aids record management. The Isle of Man government in the UK is testing blockchain technology to see if it can prevent IoT devices from compromise.
- Improved confidentiality and data integrity – Some blockchain implementations now address the data confidentiality and access control challenges, a critical challenge in an age where data can easily be manipulated or spoofed. But, the full encryption of blockchain data ensures that this data will not be accessible to unauthorised parties while in transit. IBM provides its Watson IoT platform with an option to manage IoT data in a private blockchain ledger, which is integrated into Big Blue’s cloud services. Ericsson’s Blockchain Data Integrity service provides fully auditable, compliant and trustworthy data to app developers working within GE’s Predix PaaS platform.
- Secure private messaging – Startups like Obsidian are using blockchain to secure private information exchanged in chats, messaging apps and through social media. Obsidian’s messenger uses blockchain to secure users’ metadata. The user will not have to use email or any other authentication method to use the messenger. The metadata is randomly distributed throughout a ledger and thus will not be available for gathering in one single point, from which it could be compromised. Elsewhere, engineers at the Defense Advanced Research Projects Agency (DARPA) are reportedly experimenting with blockchain to create a messaging service that is secure and impenetrable to foreign attacks.
- Boosting or even replacing Public Key Infrastructure- CertCoin is one of the first implementations of blockchain-based PKI. The project removes central authorities altogether and uses the blockchain as a distributed ledger of domains and their public keys. Start-up REMME gives each device its own specific SSL certificate based on the blockchain, which prevents intruders from faking certificates. Guardtime has been using blockchains to create a Keyless Signature Infrastructure (KSI), a replacement for PKI.
- A Safer Domain Name System – The Mirai botnet showed just how easy it is for criminals to compromise critical internet infrastructure. By bringing down the domain name system (DNS) service provider for most major websites, the attackers were able to cut off access to Twitter, Netflix, PayPal, and other services. A blockchain approach to storing DNS entries could, in theory, improve security by removing the single, attackable target.
- Reduced Distributed Denial of Service Attacks (DDoS) – Blockchain startup Gladius says its decentralised solutions can protect against DDoS attacks by “allowing you to connect to protection pools near you to provide better protection and accelerate content.”