Blockchain Buzz

Cybersecurity

Illustration by Michael Glenwood​

Blockchain Buzz
 

​The year was 1960. And Charles W. Bachman was unsatisfied with computers. They were supposed to revolutionize the way companies did business but accessing vital information and making changes was a time consuming—and frustrating—process.

Bachman, then a software engineer at General Electric, and his team came up with a solution to the problem. He created the Integrated Data Store (IDS), the first direct-access database management system, which would allow businesses to link data sets and make changes to them with greater ease.

IDS would change the future of computing, and databases and their management systems are now used in millions of applications around the world for inventory control, employment records, and transactions.

"IDS and its derivative systems are still in use today, supporting a thousand mainframe installations," Bachman wrote in an article for IEEE Annals of the History of Computing in October 2009.

Around the same time that Bachman wrote his article, another piece of technology was invented that is now changing computing in a similar way: the blockchain.

"A blockchain is similar to a database, but rather than being stored in one place and governed by one company or one set of people who run it and administer it, a blockchain is simultaneously run by thousands—or millions—of people around the world," says Michael Perklin, chief information security officer at ShapeShift.io and board member of the CryptoCurrency Certification Consortium and The Bitcoin Foundation. "There is no real, geographic home."

And blockchain technology is poised for a bright future. Research and advisory firm Gartner predicts that the business value-add of blockchain will reach $176 billion by 2025 and be more than $3.1 trillion by 2030.

What is a blockchain? In October 2008, Satoshi Nakamoto created the cryptocurrency known as Bitcoin. To keep track of Bitcoin transactions and verify them, Nakamoto also created another technology—a blockchain.

A blockchain is a database system that allows peers to validate changes made to the system, rather than relying on central authority. One of the easiest ways to explain how a blockchain works is to discuss it in terms of a transaction.

For example, Alice requests that Bob pay her 15 Bitcoins. Her request is broadcast to a network of computers—called nodes. Using cryptography, the nodes make sure the transaction is valid. If it's valid, a new block is added to existing blocks associated with Alice's account to create a chain. Built into these blocks are digital hashes, which make it evident if anyone attempts to alter a block in the chain.

"With a database, it's possible to falsify a record without leaving any trace because, by default, most databases don't have these tamper-evident capabilities—but blockchains do," Perklin says. "So, if I try to alter my balance and say I have 1,000 Bitcoins. I send this update to the world through the replication mechanism; as every other computer in the world starts receiving this message from me, they take a look at the tamper-evident seal on it, and they realize immediately that this is not a valid update and ignore it."

Most other systems, including databases, lack this validation factor.

"By default, databases don't do any checking at all because it's assumed that you have access to that database," Perklin says. "You have an account, you have permission to make a change, it assumed that change is valid, and if you have permission to make it, it'll make it for you."

By contrast, there are no user accounts associated with blockchains. Nodes on the network act as validators, conducting integrity checks to make sure that false information is not added to the blockchain. And this validation process happens within nanoseconds.

Beyond validation, there are other benefits to blockchain technology. For instance, it is more resilient than relying on a central authority.

"The data simultaneously exists on thousands or millions of computers around the world at the same time," Perklin explains. "If one server were to go down, the data is still available to everyone else in the world. By contrast, if something like PayPal were to go offline, nobody can use PayPal until PayPal comes back online."

If one server, or several went out due to a massive Internet outage, a blockchain would continue to work using servers located elsewhere.

How are they used? Blockchains were initially created to facilitate Bitcoin and have also been used to support other cryptocurrencies. Since then, blockchains have been applied to other projects but the technology is still in the early phases of adoption.

One use case is for document validation. Users can employ block-chain technology to verify the integrity of a document to ensure that it has not be altered.

For instance, publicly traded companies release certain financial records to the public every month. If a malicious insider who stole from the company wanted to alter the documents to cover up the crime, the insider could do that after the chief financial officer prepared the documents.

Using software that uses blockchain technology, a chief financial officer could add a time stamp to the prepared financials that would appear in the blockchain.

"This adds a tamper-evident seal that lives in the…blockchain that can attest that at this time and on this day, this was the exact state of the financial affairs," Perklin says. "Now a few days later when bad guys take these financials, alter them, and publish them to the world, if somebody wanted to check the validity they can compare it to what the CFO put in…they will see it has been altered."

This type of timestamping authenticator can also be used to verify video recordings, Perklin says, such as a recording of a police officer using excessive force against a protestor.

"A few months later when they are in court and the recorder is accused of photoshopping the video, they can say, 'No, this time stamp proves that this existed on the day at exactly 3:30 in the afternoon—the time this really happened,'" he explains.

These are just some initial use cases for blockchain and more will come, but one area Perklin says he does not think blockchain technology will be used for is anything involving private information.

"The nature of blockchain is that all the information is public, and every one of those thousands or millions of computers around the world, they can read all the information, so they can validate all the information," Perklin adds. "Now I've lost my privacy. Anything that has a privacy component is not a good fit for a blockchain application."

Others are also skeptical of the potential security use for blockchain technology, including Ron Rivest, institute professor at the Massachusetts Institute of Technology and one of the inventors of the RSA algorithm.

Speaking at the RSA Conference in San Francisco in April 2018, Rivest said that blockchains are being viewed as "security pixie dust" with developers promising that any application will "be made better by blockchain properties."

This is not accurate, Rivest said, citing the example of using blockchain technology for election security in the United States.

"In voting, it would be a bad idea because of the private ballot—and it needs to be centralized," he said, adding that the centralized system is needed to ensure that votes are counted but that the identity of who cast them would remain private.

"Blockchains have limited security properties that may or may not fit what you need," Rivest said.

The U.S. Securities and Exchange Commission (SEC) has also stepped up recently to crack down on companies that are adding blockchain to their name to raise their stock price.

"The SEC is looking closely at the disclosures of public companies that shift their business models to capitalize on the perceived promise of distributed ledger technology and whether the disclosures comply with the securities laws, particularly in the case of an offering," said SEC Chairman Jay Clayton in a statement.

All of this is part of a technology that's just in its beginning phases, similar to what the world saw with the introduction of computers and databases.

"It took decades for people to apply interesting features to that dumb wire between boxes," Perklin says. "I'm sure that in 20 years, we're going to look back at all the different ways companies started using blockchain and think...this was the future." ​