Blockchain – A new technology with many challenges

Blockchain is a technology framework that was created along with Bitcoin (BTC) in 2008. Blockchain is a distributed digital ledger that is unalterable, distributed and public.  A great way to visualize blockchain can be found at the site BlockGeeks .

Blockchain technology presents great opportunities for business applications based on its resilience, distributed nature, extensibility, data integrity, verification of parties in transactions, no single point of failure, openness and auditability among others.

These characteristics have driven a number of initiatives where this technology its being applied to  attempt to solve many known challenges in cybersecurity. Some of them are:

• Identity: Used of a distributed trust model in order to verify and protect identity data, not simply relying on single database, allowing monitoring and protection from identity misuse and tampering.
• Fraud: By using a distributed structured that is difficult to alter and that has multiple points of verification and increases visibility of transactions, blockchain can be used to fight fraud in financial transactions.
• Passwords: Authentication without the need of passwords based on distributed certificates using blockchain architecture. Prevention of credential reuse, and account take over.
• Communications: A decentralized infrastructure that allows multiple points of verification and application of encryption in messages, signature verification and integrity of messages.
• DDoS: Using blockchain model to use and distribute bandwidth to fight volumetric DDoS attacks is a way to try to reduce costs when defending against DDoS attacks.
• Data Integrity: Many companies including governments are using blockchain technology to protect integrity of data based on multiple verified monitoring entities and features applied to documents and files.

The above blockchain applications look very promising and present a different approach based on a new technology, however blockchain is inextricably tied to cryptocurrencies which have a myriad of criminal incidents all of them involving significant loss of money for investors and end users.  Its popularity is also shrouded in unproven almost metaphysical claims. Things such as solving  world hunger, and all kinds of problems  have been announced with no apparent solid proof but theoretical, conceptual at best and small scale or research white papers.

The blockchain frenzy has come to a point where fill in the blank plus blockchain, almost guarantees a perception of something that will become successful. One example of that is the overnight companies that have added the word blockchain to their name and seen immediate peaks in their stock value.

This technology presents as well a number of known limitations:

• Number of nodes: A number of nodes in a blockchain are needed in order to make it resilient.
• Number of transactions: Some of the implemented blockchain technologies have shown to be insufficient when dealing with a large number of transactions per second.
• Periphery attacks: Although blockchain is immutable and verifiable criminals have found ways of attacking its periphery (Wallets, Applications, Exchanges).
• The half plus one percent problem: Any entity that can achieve more than 50 percent control of a blockchain, can modify it and attempt to manipulate.
• Current implementations in cryptocurrencies are driven by the anonymity level of conducting transactions without associating real persona. This by contrast has also been the main reason why criminals and other malicious actors are driving the use of them. Things such as AML or KYC regulations seem to be very hard to apply to current status quo exchanges which are plagued with allegations of misconduct, fraud and unexplainable “losses” of cryptocurrency.

The blockchain or digital ledger technologies look attractive as a new approach to many known problems however many of these approaches are still unproven, many of them have yet to be tried in real production/large scale environments. It is a technology with many challenges that still need to be put to test and actually pass them. There is no such thing as  “unhackable”, “unmodifiable” in information security.

It is important to view these new technology approaches with caution and to apply objectiveness to its real value. It is definitely possible that successful technology approaches derived from blockchain technology may come to fruition in the next years, as well as possible adaptations to current technology frameworks.  However it is important no to drive the perceived value and usefulness of such a new and yet unproven technology.