What Blockchain Means for Security

Lauren Stephanian

October 03rd, 2017

It is estimated that hacks and flaws in security have cost the US over $445B every year. It is clear at this point that the cost of hacking attacks and ransomware has increased and will continue to increase year by year. Therefore, industries—especially those that require large amounts of important data—will need to invest in technologies to continue to be more secure. By design, Blockchain is theoretically a secure means of storing data. Each transaction is detailed on an immutable ledger, which serves to prevent and detect any form of tampering. Besides this, Blockchain also eliminates the need for verification from trusted third parties, which can come at high costs. But is this a promise that the technology has yet to fulfill, or is it part of the security revolution of the future we so desperately need?

How Blockchain is resolving security issues

One security issue that can be resolved by Blockchain relates to the fact that many industries rely heavily on “cloud and on-demand services, where our data is accessed and processed by untrusted third parties.” There are also many situations where they may want to jointly work on data without revealing our portion to untrusted entities. Blockchain can be used to create a system where users can jointly store data and also remain anonymous. In this case, Blockchain can be used to record time-stamped events that can’t be removed—so in the case of a cyber attack, it is easy to see where it came from. The Enigma Project, originally developed at MIT, is a good example of this use case.

Another issue that Blockchain can improve is data tampering. There have been a number of cyber attacks where the attackers don’t delete or steal data, but alter it. One infamous example of this is the Stuxnet malware, which severely and physically damaged Iran's nuclear program. If this data were altered on the Blockchain, the transactions will be marked and will not be able to be altered or covered, and therefore hackers will not be able to hide their tracks.

Blockchain's security vulnerabilities

The inalterability of Blockchain and its decentralization clearly has many advantages, however, it does not entirely remove the possibility of data being altered. It is possible to introduce data unrelated to transactions to the Blockchain, and therefore this Blockchain data could be exposed to malware. The extent to which malware could impact the entire Blockchain and all its data is not yet known, however, there have been some instances of proven vulnerabilities. One such proven vulnerability includes Vitaly Kamluk’s proof of concept software that could take information from a hacker’s Bitcoin address and essentially pull malicious data and store it on the Blockchain.

Private vs. public Blockchain implementations

When understanding security risks in Blockchain technology, it is also important to understand the difference between private and public implementations. On public Blockchains, anyone can read or write transactions and anyone can aggregate those transactions and publish them if they are able to solve a cryptographic puzzle. Solving these puzzles takes a lot of computer power, and therefore a high amount of energy is required to solve many of these problems. This leads to a market where most of the transactions and puzzle solving is done in countries where energy is cheapest. This, in turn, leads to centralization and potential collusion. Private Blockchains, in comparison, give the network operator control over who can read and write to the ledger.

In the case of Bitcoin in particular, ownership is proven through a private key linked to a transaction and just like physical money, these can easily be lost or stolen. One estimate puts the value of lost Bitcoins at $950M.

There are many pros and cons which should be considered when deciding whether or not to use Blockchain. It is important to note here that the most important thing Blockchain provides us is with the ability to track who committed a particular transaction—for good or for bad—and when. There are some security measures with which it certainly would help a great deal—especially when it comes to tracking what information was breached, altered, or stolen. However, it is not an end-all-be-all when it comes to keeping data secured. If Blockchain is to be used to store important data, such as financial information, or client health records, it should be a wrapped in a layer of other cyber security software.

Lauren Stephanian is a software developer by training and an analyst for the structured notes trading desk at Bank of America Merrill Lynch. She is passionate about staying on top of the latest technologies and understanding their place in society. When she is not working, programming, or writing, she is playing tennis, traveling, or hanging out with her good friends in Manhattan or Brooklyn. You can follow her on Twitter or Medium at @lstephanian or via her website.