Distributed registries and information security: what blockchain protects from

    The main advantages of the blockchain are transparency of ongoing transactions and openness. This is useful when concluding contracts and conducting transactions. All participants in the process are aware of the steps of their partners.

    The blockchain is also decentralized, so it is difficult to compromise the data stored in it. These properties have led technology to become widespread in the financial sector. However, the applicability of the blockchain is not limited to cryptocurrencies. Today we are talking about how technology is used to ensure information security. / image Michael Pick CC




    The blockchain is becoming a help for services whose users are worried about data safety: IoT, law, medicine, insurance, etc. For example, it was taken outside of IBM to work with transactions. The company has created a cloud service for testing applications in a secure environment.

    According to IBM representatives, developers can launch their own sandbox blockchain in 12 seconds. A minute after that, he will be ready to launch test applications.

    Another project in this area is MIT's Enigma solution, based on the Bitcoin blockchain. Enigma allows you to run any code on encrypted data, while making it “inaccessible” to a third party.

    Other companies are also looking for applications of blockchain in the field of security. For example, Humaniq, which plans to use the blockchain in conjunction with artificial intelligence and biometric recognition technologies to create a personal identification service. The solution will be useful when buying goods in stores, insurance, even with a simple trip to the bar. A similar authorization solution is offered by Remme.

    Guardtime project usesclosed blockchains and replaces RSA digital signatures with KSI (Keyless Signature Infrastructure) signatures. They use hash cryptography. The company hopes that this will avoid problems in the future when quantum computers become widespread (they easily solve the factorization problems on which RSA is built).

    What threats does the blockchain protect against?


    The security problem is facing the modern world quite acutely. The number of cyber threats, including identity theft, is growing. According to the Cybersecurity Ventures analytical agency, the annual damage from cybercrimes will reach $ 6 trillion by 2021. In 2015, the damage amounted to 3 trillion. Therefore , the number of funds invested in cybersecurity is growing - by 2021 it will exceed $ 1 trillion.

    Companies use blockchain because this technology can protect data and make its audit more transparent. Blockchain technology prevents a range of different attacks.

    Man-in-the-middle attacks

    Encrypted connections (such as HTTPS and TLS) for channel protection rely on public key certification infrastructure (PKI) and certification authorities (CAs). Each member of the network has a public / private key pair. He keeps the private key secretly. The public key stores the CA.

    When a user wants to establish a secure connection (go to the site), he requests the public key of the resource from the certification center and encrypts the data before sending. To decrypt the data, the site uses its private key.

    However, in this case, the reliability of the system depends on how well the certification center is protected. If attackers manage to compromise CA, then they get the opportunity to conduct a man-in-the-middle (MITM) attack. In this case, fake public keys are sent to which hackers have corresponding private keys. With their help, the decryption of the transmitted information is performed.

    For example, it recently became aware of a vulnerability in WhatsApp that compromised user privacy. The bug was associated with the reinstallation of keys and allowed attackers to replace them with a MITM attack.

    However, in a blockchain-based system, MITM is not feasible. When a user publishes a public key on the blockchain, all the nodes of the network “learn” about it (for example, the bitcoin blockchain has 10 thousand active nodes). This information is written to the block, and blockchain cryptography protects the integrity of the registry. Therefore, it will not be possible to publish fake keys from the attackers - the fake is immediately recognized.

    CertCoin is one of the first blockchain-based PKI implementations. A project developed at MIT excludes certification authorities and uses the blockchain as a distributed registry of domains and their associated public keys.

    Another example is Pomcor. She introducedA project that does not exclude CA, but uses a blockchain to store hashes of issued and revoked certificates. This approach enables users to verify the authenticity of certificates. It also optimizes network access, since the verification of the key and signature is carried out on local copies of the blockchain.

    Data manipulation

    Last February, hackers compromised the Linux Mint site and uploaded an infected version of the operating system with a built-in backdoor to it. Typically, developers provide hash amounts so that users verify a copy of the software, but here, hackers were able to publish hash amounts of their version. Therefore, users who downloaded the OS did not suspect a fake.

    A similar situation can occur with any information distributed on the network. And to know for sure that the received data is authentic, it is impossible.

    However, on a blockchain, a network participant can publish a hash associated with a single file, an operating system image, and other data that requires protection. In this case, if hackers get to the information and change it, they will not be able to correct the hash amount recorded in the blockchain.

    There are already projects implementing such an idea. Startup GuardTime suggests using a Keyless Signature Structure (KSI). KSI stores hashes of data and files and verifies copies using hashing algorithms. In this way, the group hopes to replace the key authentication process.

    GuardTime technical director Matthew Johnson says that blockchain-based authentication of data guarantees mathematical integrity. DARPA even sees KSI as a solution to protect sensitive military information.

    Another example is Gem, which uses blockchain to control medical records. Hospitals work with a lot of personal information about patients and were previously subjected to hacker attacks. According to Gem representatives, the blockchain will help verify the integrity of the data that a group of organizations has access to.

    DDoS attacks

    The “task” of distributed network attacks is to limit the bandwidth of a network resource, for example, the infrastructure that supports the company’s website. Web servers always have limits on the number of requests (processed simultaneously). If the number of calls to the server exceeds the capabilities of any infrastructure component, there are problems with the level of service. Moreover, the scale of these problems depends on the purpose of the DDoS attack.

    The massive DDoS attack on the American DNS provider Dyn last October left millions of users without services such as Twitter, PayPal, Netflix, GitHub and Spotify. DDoS attack on Dyn carried outusing the giant Mirai botnet, which included tens of millions of devices: routers, printers, IP cameras and other gadgets connected to the Internet. Together, they broadcast data to Dyn servers at a speed of 1.2 Tbps. And in October of this year, the Reaper virus began to spread , infecting smart gadgets around the world.

    An attack on the Dyn DNS provider shows how common failure points and centralized systems make the entire Internet infrastructure vulnerable. A more serious scenario for the development of attacks on DNS servers will be its compromise in order to redirect users to sites with malicious software.

    However, you can abandon central DNS servers and implement a system in which name-IP address pairs are registered on the blockchain network and distributed across all nodes. This will ensure transparency and security at the same time. Hackers will not be able to make a single infrastructure their target by attacking a separate cluster. The data itself will be protected by cryptographic algorithms.

    Nebulis is a project that is just exploring the concept of distributed DNS systems that withstand large "flows" of queries. The company uses the Ethereum blockchain and Interplanetary File System (IPFS) to register domain names.

    The blockchain will also eliminate the network overhead associated with reading DNS. “Tax” will be imposed on the procedures for updating records and making new ones. Byaccording to blockchain expert Philip Saunders, this will remove the load from the "Internet skeleton."


    / image Henri Bergius CC

    IoT device protection

    According to a study by F5 Networks, the number of attacks on IoT devices and infrastructure has increased by 280% since the beginning of this year. For the most part, this is due to the spread of Mirai malware. Hackers break into the Internet of things devices and use them for DDoS attacks and hosting the Trojan infrastructure.

    At the same time, as noted in the study, the criminals changed the tactics of forming botnets and are specifically looking for gadgets that have known vulnerabilities.

    Blockchain promises IoT protection for the same reasons that it is the heart of cryptocurrencies: confidence in the legitimacy of data and a clear approval process. So says IoT expert Ahmed Banafa and a professor at the University of California at San Jose. Banafa wrote a popular review of the potential of blockchain to solve IoT security issues.

    However, the fact is that simply registering the device in the blockchain is not enough. According to Thomas Hardjono of MIT Connection Science, infrastructure is needed to manage devices and control access to data.

    One solution could beChainAnchor project led by MIT. This is a framework that smart gadget creators, data providers, and third-party developers will support. The idea is that network members, in exchange for maintaining security, will be able to sell anonymous data from IoT devices. The framework has mechanisms that allow you to block compromised devices, as well as disconnect legitimate gadgets from the blockchain when changing ownership.

    Researchers at the University of New South Wales offera different approach to IoT security. In their model of a blockchain-protected smart home, there is a “miner” that replaces a router for managing network transactions. This device manages communications between home IoT devices and the outside world: it authorizes new devices and disables gadgets with suspicious activity. If the IoT component is part of a botnet, the block miner will see this and stop sending its packets outside the home network.

    Another work based on distributed ledgers is the IOTA project . It is a cryptositon for microtransactions and is optimized for use on the Internet of things. IOTA blockchain is being createdeasy to handle a network of smart devices, the number of which in the next ten years, according to some estimates, will grow to 50 billion.

    Lightness is achieved through the use of Tangle technology. This is a directed acyclic graph in which there are no directed cycles (paths starting and ending at the same vertex). This approach eliminates the centralization of mining, expands the limits of scalability and allows working in conditions of unlimited data growth.

    Blockchain and the future of cybersecurity


    The blockchain provides a fundamentally different approach to cybersecurity, which extends beyond the node servers and includes the protection of user data, communication channels and critical infrastructure that supports the business processes of organizations.

    Vulnerabilities in centralized systems are becoming increasingly apparent as cyber attacks increase. New threats on the Internet will always arise. Blockchains will not become a “silver bullet”, but they will be a powerful tool that engineers can use to increase the reliability of their systems.



    PS On our Facebook page we published a digest about the features of blockchain technologies. In it, we have collected materials from our blog on Habré and the English-language Internet, dedicated to cryptography and consensus. You can find it here .

    Also popular now: