Blockchain holds key to safe digital transactions

Blockchain holds key to safe digital transactions

Blockchain has proven its security capabilities and mechanism, says Ian Deakin of Innov8ID

Blockchain technology is driving a significant evolution in the way security for IT and telecommunications is currently being developed.

Over the last number of years, we have seen IT and telecommunications services evolve from dedicated centralised infrastructure, where today these are deployed across distributed virtualised cloud providers. In doing so the traditional controls for managing identity, security and data privacy can present many challenges.

The rise in cybersecurity attacks due to lack of IoT security

The plethora of innovative digital devices and low-cost internet of things (IoT), that typically shipped with default security passwords, are connecting with a broad range of IT services. This presents hackers an easy opportunity to spread malicious software to millions of IoT devices to be recruited into a coordinated distributed denial-of-service attack (DDoS).

We have seen many examples in the news where centralised systems being compromised through denial of service attacks. A DDoS attack floods systems, servers or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch this attack.

Today, most IT security systems are based on central servers, used to identify and authenticate individual connecting IoT devices. As highlighted earlier, any centralisation makes servers inherently vulnerable to potential DDoS and brute force attacks. If this centralised resource is compromised, everything attached and the service it provides will be equally affected.

In 2016, possibly the most severe example of this seen, there was an attack on the internet DNS service provider ‘Dyn’. In this attack, millions of internet digital cameras and DVR players were infected with special malware, known as a “botnet”. These were coordinated into bombarding a server with traffic until it collapsed under the strain. The result brought down the internet across North America, affecting many top internet brands including AirBnb, Twitter, Paypal and Netflix.

Ian Deakin
Ian Deakin

Blockchain Technology Security Foundations

Distributed Ledger Technologies or Blockchain, as they are commonly referred to, are currently being used to power and secure a cryptocurrency market worth over US$250 billion (as of Sept 2019).

Blockchain is a truly distributed system, which has built-in protections against many potential cybersecurity and fraud attacks. The largest blockchain network today, ‘Bitcoin’ has more than 100,000 nodes. In 10 years of operation, its protocol has warded off several attempts made to attack this network. This distributed infrastructure of nodes makes it extremely difficult for successful cyberattack. Multiple blockchain nodes across many different institutions must be attacked to overwhelm the full system.

The foundation for how blockchain provides secure access, based on cryptography functions, uses public-key cryptography. The system uses asymmetric cryptography, also known as public-key cryptography, using public and private keys to encrypt and decrypt data. The keys are simply large numbers that have been paired together but are not identical (asymmetric).

One key is kept secret; it is called the private key used to encrypt messages and ensure the identity of the owner recording information or transacting on the blockchain can be trusted. The other key is called the public key. The public key is used to verify the message sent is from the holder of a specific private key. Public keys are distributed on the blockchain enabling anyone to use them to verify the identity and authenticity of a message or transactions.

This method eliminates the need for personal data, i.e. username/password to be used as a means of authenticated access.

How Blockchain can enhance IoT security

With billions of IoT devices being produced and shipped to consumers globally. Typically manufacturers configure into the firmware default usernames/passwords enabling the devices to be shipped anywhere and be easily installed.

Instead, the manufacturers of these IoT devices can embed into the firmware an unique private key for each IoT device, storing each device identity with its corresponding public key onto a blockchain. This gives each IoT device its own unique trusted identity that can be authenticated by any application using the public key from the blockchain.

Most blockchain private keys use SHA256 hashing to secure transactions. In broad terms, if a supercomputer that can perform 15 trillion calculations per second employed in cracking a hash, it would take more than a billion years to crack the hash of a single blockchain identity. Not only would it take a long time, but the cost to infiltrate a single device would make it very difficult and impractical to recruit the sufficient number of devices to coordinate a DDoS attack using IoT devices.

Instead of having all the IOT device identities and public keys in a central resource, we can use blockchain to distribute the public keys used to authenticate and verify IoT devices. This would allow each service or application provider to host its own node to ensure they have a local copy of the blockchain. This would also prevent a DDoS attack on a central resource attempting to render the service availability.

Conclusion

Blockchain has proven its security capabilities and mechanism over the last ten years. By integrating an IoT device identity and authentications service onto a blockchain will help to mitigate many of the know DDoS attack possibilities we have seen to date.


More on this topic

Cyberwarfare leaves us on the precipiceCyberwarfare leaves us on the precipice

'There's nowhere to live' - Housing crisis stalling cybersecurity jobs boost for Ireland'There's nowhere to live' - Housing crisis stalling cybersecurity jobs boost for Ireland

‘It’s easier now to steal online than from shops’, cybersecurity conference hears‘It’s easier now to steal online than from shops’, cybersecurity conference hears

Easier 'to steal online than to steal stuff from shops', conference hearsEasier 'to steal online than to steal stuff from shops', conference hears

More in this Section

Revenues up at CervicalCheck suit lab firmRevenues up at CervicalCheck suit lab firm

'Taken Down' and 'Operation Transformation' overseas sales help RTE commercial arm increase profits'Taken Down' and 'Operation Transformation' overseas sales help RTE commercial arm increase profits

Online tutoring service aiming to help families who can't afford grinds to scale up operationsOnline tutoring service aiming to help families who can't afford grinds to scale up operations

Protesters climb onto North Sea oil platformsProtesters climb onto North Sea oil platforms


Lifestyle

Cupid must be something of a motoring enthusiast, as he had most definitely steered his way in the neighbourhood when Amie Gould and Shane O’Neill met at the Rally of the Lakes 12 years ago.Wedding of the Week: Cupid steers couple to right track

When it comes to podcasting, all it takes is one idea — and who knows where it can take you.Podcast Corner: Crimes and creatures rule at Cork’s first podcast fest

Claymation meets science fiction in this enchanting film, writes Esther McCarthy.Latest Shaun adventure is out of this world

After breaking through as a character with mental health issues in her hit TV series, Irish actress Aisling Bea is happy to take another step to stardom in a new Netflix comedy with Paul Rudd, writes Ed Power.Aisling Bea and Paul Rudd team up for new comedy

More From The Irish Examiner