As blockchain matures in the coming decade, decentralization shall creatively destroy centralization. Technologies will work together to create new opportunities. The whole economic landscape will change. The form and shape of the actors, the products/services that are offered, and how they compete will have emergence of invincible shifting. The two main security aspects of blockchain related to this technology shifting are:
- The security and integrity of the blockchain
- Information security technology enhanced with blockchain
Security and Integrity of Blockchain:
As we digitalize, we realize that cryptography is everywhere. Cryptography is a critical infrastructure. We will need to have the capability to migrate the crypto (for example, SHA 1 to SHA 2) without breaking our application. Quantum computing will bring crypto to its knees and, hence, we will need to focus on crypto-agility when we are thinking about the longevity of these platforms.
Blockchains are not immune to attacks, thereby affecting information security and data protection. We have seen a number of attacks on information security in the past. In the confidentiality, integrity, and availability triangle of information security and data protection, blockchain natively gives us integrity and availability and we get confidentiality though hashing. Blockchains are heavily dependent on cryptography, key management, and key protection for data protection. It is highly respected for resilience and the cryptography makes it inherently secured. A few implications for the security of blockchain are:
- Data privacy/consent
- Data trust and transparency
Information Security Technology Enhanced with Blockchain:
There are three elements such as consensus, distributed ledger, and encryption that make the technology come together. Blockchain provides equal access and data security to everyone. We have different levels of transparency and privacy established, depending on the actors involved and how security paradigms are established. There’s a massive opportunity in terms of blockchain security, data protection and data security because of the amount of encryption that goes into the various entities participating in the network and also in terms of transaction flow itself. A few implications for data security enhanced with blockchain are:
- Identity and access management focused on identity sharing and access to information
- Data security
- IoT security
Sharing trusted information (for example, medical records shared among a patient, doctor, and insurance company) and monetizing trusted information is the area where blockchain can be important.
Ensuring the integrity of data and devices, we can maintain the gold copy of data and authenticate the data in case of any changes to ensure blockchain security. We can also store the past version of the devices to track the changes. Through transparency, we can mitigate trust issues. This brings decentralized authority and decentralized PKI. Data transparency can be used for land registry, educational contracts, or digital certificates.
Each data object is hashed and copied into the blockchain ledger, where it goes through consensus and copied to the node after consensus. We now have the immutable record of the data objects and devices. If the object changes, we recompute the hash and compare it with the previous hash to make sure the data hasn’t changed.
Rather than storing the data in blockchain, we use the hash pointer to the data to enable deletion of the data, so that we comply with regulations such as GDPR. Storing hashes instead of data also reduces the size of blockchain. Hashes are significantly smaller than the data itself.
In the future, we will see the growth of data monetization where people are selling information created by IoT devices. We will have a ledger of information shared between participants who don’t trust each other and have some value and information to exchange. As things shape up, current products and services shall be questioned. In a decentralized model, we would see more collaboration and creation of interesting product bundles. Power goes away from the central platform to the edges. Decentralization is fundamentally a new concept and it requires a new security model to evolve.