Applications of the blockchain technology in cybersecurity

The enterprise sector is quick to embrace innovative emerging technology to unlock new revenue streams, enhance existing operations, uncover and consolidate new business models. At the same time, the internet has become the default foundation not only for the business and industry sector but also for key areas such as healthcare, finance and public services.

Without a doubt, this increasing reliance on technology and the internet has led to an exponential increase in the amount of data generated and stored worldwide. According to Cybersecurity Ventures, the world will store a total of 200 zettabytes of data by 2025, including data stored on public and private IT infrastructures, utility infrastructures, public and private clouds, personal devices as well as IoT (Internet of Things) devices. To clarify and illustrate the dimension of this number, a zettabyte is equal to approximately a thousand exabytes, a billion terabytes, or a trillion gigabytes.

The accumulation of these vast volumes of data indicates the fact that data has become a central component of our society. This point was also highlighted in 2015 by the former IBM Corp.’s Chairman, President and CEO, Ginni Rometty during the IBM Security Summit – “We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true – even inevitable – then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.”

The fact of the matter is that the value of data has come to outweigh that of gold. As a result, cybercriminals seem poised to exploit every gap and opportunity presented by existing systems as well as new technologies in an attempt to hijack and compromise a company’s most valuable asset, its data. This is showcased by cybercriminals’ increasingly complex attack patterns and strategies that target specific valuable information like financial data, health records, personally identifiable information (PII) and intellectual property.

Existing cybersecurity measures seem to act as band-aid solutions that only alleviate or partially prevent an attack from taking place. Maybe instead of focusing on repairing existing security loopholes in current systems, we should consider migrating to a new type of infrastructure that so far has proven to be resilient against cybersecurity pressures – blockchain.

Of course, blockchain does come with its own set of challenges, especially concerning implementation. By itself, the technology is too cumbersome and restrictive to be utilized in a production environment and mastering it can prove to be a challenge even to veteran programmers. To circumvent some of the challenges associated with implementing blockchain and to make the benefits of this technology accessible to SMEs, and governmental institutions, Modex has created its trademark Blockchain Database solution, a technological layer that fuses the advantages of blockchain with a database system, a technology that is already deeply ingrained in every business and industry sector, to create a hybrid software product that makes blockchain easy to use in existing systems, to streamline operations and data security, or to build an entirely new infrastructure from the ground up that has a blockchain engine running in the background.

Blockchain, a new player in the cybersecurity space

Blockchain is a digital, distributed and decentralized ledger of transactions which stores transaction data in structures called blocks. Each block contains transaction data and metadata (a set of data that provides information about the respective block). The advantage of this structure is that each block is constructed upon the previous block, in a chain-like structure (hence the name blockchain), by calculating the hash of the previous block and combining it with the hash of the second block of transactions.

This complex design is what gives the data introduced in the blockchain its immutability and integrity. If a malicious actor attempts to alter the data from a block, every change will be immediately noticed by the system and every other network participant, because it will render all the following blocks invalid. These design choices make blockchain ideal for storing data securely because it is an append-only structure, which means that data can only be introduced into the system, it can never be completely deleted. Any changes made to data that has already been recorded in the blockchain are processed as new transactions, which means that the system keeps an integral audit trail of every piece of information that was introduced in the system.

Since its early days, blockchain technology has managed to stimulate the curiosity of security experts throughout the world with its ability to act as an infrastructure that ensures in-depth information traceability, data immutability and integrity, operational resilience in a system failover scenario, while also mitigating the risks associated with single point of failure scenarios. This set of unique characteristics, features and functionalities fall in line with provisions of the CIA security triad.

What is the CIA security triad?

Action movies aficionados, I’m sorry to disappoint you but the CIA security triad doesn’t refer to an agreement between the US Central Intelligence Agency and a transnational organized crime syndicate. Although, to be fair it has the potential for a B movie script. In information security, the CIA security triad is one of the oldest and most popular organizational models designed to guide information storing policies. Each letter represents a core principle of cybersecurity: confidentiality, integrity and availability. To avoid confusion with the Central Intelligence Agency, the CIA security triad is sometimes referred to as the AIC (availability, integrity and confidentiality) triad.

Confidentiality

According to the National Institute of Standards and Technology (NIST), confidentiality refers to “the property that sensitive information is not disclosed to unauthorized individuals, entities, or processes”.

The most common method to ensure data confidentiality is through encryption, a process through which information is transformed into ciphertext, an unintelligible block of text that can be decrypted only with the correct encryption key. For decades, data encryption has become an important line of defence in the flow of cybersecurity architecture because even if data is intercepted by malicious actors, a complex encryption algorithm can block attackers from deciphering the content of the information.

Although an invaluable tool, how encryption is applied to protect information usually determines the levels of data tamper resistance. The problem is that encryption is mostly used to protect data at rest or in transit, leaving it potentially vulnerable during processing. As encryption mechanisms have evolved, the range of attacks on data has also expanded, ranging from attacks focused on encryption keys, integrity or corruption attacks, ransomware, and data destruction attacks.

Modex BCDB enables companies to tap into the potential of blockchain technology to store their database entries into a secure tamper-proof blockchain ecosystem. The infrastructure of the BCDB system was designed with security in mind. As such, to supplement the security capabilities of a standard blockchain network, Modex BCDB comes with a default data encryption mechanism that removes the need for programmers to write new code to encrypt the data. To enhance user experience and add a layer of flexibility to the BCDB environment, users have the option to enable automatic encryption at the field level.

Integrity

NIST defines data integrity as “the property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing, and while in transit”

Data integrity is an essential component of information security that measures the overall accuracy, completeness and consistency of data throughout its life cycle. The concept of data integrity can be used to describe a state, a process or a function. As a state, data integrity measures the authenticity and consistency of information. As a process, data integrity determines if the information has remained unaltered after it has transited to a new location or after it has been utilized in various operations. Lastly, when viewed as a function, data integrity is closely related to security, namely processes and procedures that maintain information in the same state it was introduced in the system.

Data integrity is commonly imposed through standard protocols and guidelines during the designing stage of a database, data warehouse or any other type of data storage medium. It is conserved through multiple error-checking validation procedures, rules, and principles based on a predefined set of business rules. When evaluating data integrity the following metrics are taken into consideration: accessibility, authenticity, completeness and transparency. Furthermore, depending on the sphere of activity a company activates in, data integrity also calls for ensuring compliance with international regulations that focus on the storage management and processing of sensitive data. Compliant status is achieved by following a series of protocols, guidelines and criteria stipulated in the body of legislation such as the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS). Failure to comply with international regulations attracts considerable financial fines.

Blockchains are highly valued for their ability to guarantee data integrity, and security because they store a digital signature of the information present in the database in interdependent structures called blocks. Unlike databases, blockchain is an append-only structure which means that information can only be added to the network but never deleted. At first glance, this may seem troublesome because it may lead to the accumulation of redundant data, but in fact, this feature acts as a timekeeping mechanism for the data, as it creates an exact historical record of each version of the data, providing useful information like when it was modified, how it was modified and who modified it.

Data integrity is closely linked to data immutability. Blockchain combines cryptography with hashing algorithms, blockchain ensures data immutability, a feature that brings unprecedented levels of trust to the data owned by enterprises. In turn, immutability provides data integrity which drastically simplifies audit processes, while providing proof to stakeholders that the information has not been altered.

In an enterprise context, data immutability significantly reduces overhead, streamlines operations and unlocks new value:

• Data integrity is assured by blockchain’s architecture and data storing mechanism. Once data has been introduced in a blockchain network, it cannot be altered without compromising the entire data chain. Any data discrepancies are automatically detected by the system, which allows companies to pinpoint in real-time any tampering attempts.
  
• Streamlined auditing – as an append-only structure, blockchain provides an indisputable record history of all the data that has been introduced in the network.
  
• Enhanced efficiency – data immutability enables information traceability and record history which can unlock new business momentum and new opportunities in analytics
  
• Ideal settlement ecosystem – data traceability, immutability, integrity, and a complete record history can reduce costly business-related disputes from months and even years, to a couple of days
  

Availability

NIST defines availability as “ensuring timely and reliable access to and use of information” and “the property of being accessible and usable upon demand by an authorized entity”

Data availability refers to the ability of a system to guarantee that valuable data necessary for business operations can always be accessible whenever and wherever needed, even in a disaster scenario where the main system is down. As a metric, data availability measures the degree of accessibility of information by end-users, applications and other IT systems for processing. The mechanisms used to facilitate and safeguard data availability need to operate on a 24/7 basis. A system can be considered highly available when it is capable of sustaining the accessibility and management of data systems even during adverse circumstances for the company such as a cybersecurity attack, system malfunction or natural disaster. This is a critical aspect for any business that operates with high volumes of data because if data cannot be accessed, it is equivalent to not having the data in the first place.

Availability focused attacks aim to disrupt companies’ ability to access their data records. The most common and widespread type of availability attack is ransomware which is a type of malicious software that prevents users from accessing their system or personal files and demands a ransom payment to regain access. Over the past decades, ransomware has become one of the most prolific criminal business models in the world, because cybercriminals usually target high profile financial institutions, corporations, and even governmental organizations. Ransomware works by locking a victim’s computer through encryption and demanding a substantial sum of money for the decryption key necessary to decrypt the data. Depending on the group behind the ransomware, failure to comply with the demands may initially lead to an increase in the ransom and eventually to a permanent loss of the data, or new attacks based on the user base stolen from the previous attack.

The degree of data availability, as well as the overall susceptibility of a system to data availability attacks, is strongly correlated with the type of system data records reside in. The prevalence of siloed, centralized data structures in legacy systems already place enterprises at a disadvantage by giving malicious actors a single target, a single point of failure that disables the whole system if it is compromised. By this rationale, blockchain gives companies a head start through its decentralized and distributed nature.

Decentralization and distribution are core blockchain features that can significantly enhance the security of companies and businesses, making them less susceptible to availability oriented attacks. Decentralization means that the network does not rely on a central server to host all the data, but distributes it across every network participant, also known as nodes. A blockchain network is composed of multiple types of nodes that perform different functions, full nodes for example store a copy of the entire blockchain. As a result, the system doesn’t have a single point of failure. If a node is compromised, sysadmins just have to address the vulnerability which allows the malicious user to access the network and restore the node to its previous version, or they can simply cut out the node entirely from the network.

In case of encryption by ransomware, the attacker would find it impossible to hold all the data hostage because the entire network is distributed among thousands of users (even more depending on the size of the blockchain) and even if they manage to encrypt a node, admins address the vulnerability that allowed the attacker to enter the system and restores the node to its previous version by pulling data from other nodes from the network. It is safe to assume that a blockchain-powered database can be an ideal solution to ransomware or other types of data availability attacks.

Blockchain, a boon for the cybersecurity sector

Safer Domain Name Systems (DNS)

The domain name system (DNS) is a naming database where internet domain names are located and translated into internet protocol (IP) addresses. The domain name system maps the name people use to locate a website to the IP address that a computer uses to locate a website. The problem is that DNS is generally centralized, which means that hackers need to concentrate their efforts into a single place to break into the connection between website name and IP address to disrupt operations and compromise data. A DNS attack paired together with a DDoS attack can put a business in stasis for an extended period of time.

Decentralization and distribution are core features that further increase blockchain’s tolerance to attacks. Decentralization means that the network does not rely on a central server to host all the data, but distributes it across every network participant, also known as nodes. There are many types of nodes in a blockchain network, full nodes for example store a copy of the entire blockchain. As a result, the entire system doesn’t have a single point of failure. If a node is compromised, admins just have to address the vulnerability which allowed the malicious user to access the network and restore the node to its previous version, or they can simply cut out the node from the network. In case of encryption by ransomware, the attacker would find it impossible to hold all the data hostage, because the entire network is distributed among thousands of users (even more depending on the size of the blockchain), and even if they manage to encrypt a node, admins close the backdoor through which the attacker entered and restore the node to its previous version.

Modex BCDB is a software solution that can help companies distribute domain information across multiple nodes. As in traditional blockchain implementations, each node contains a partial copy of the database, or in the case of full nodes, an exact replica of the database. A standard application makes use of an API to write new entries in a database. The API is a type of URL where information is introduced. Modex BCDB embeds a URL to each node. To remove reliance on a single node, users can have a list of URLs that can be switched. This is a useful feature because if a node is compromised, users can switch to another node that contains all the information and continue to write data through its URL as if nothing has happened. This is how Modex BCDB achieves decentralization, a valuable characteristic that removes the dangers posed by centralization and exploitable single points of failure.

Secure data storage

Currently, cybersecurity trends tend to focus mainly on preventing external attackers from accessing, destroying, or corrupting sensitive data. But often than not, an equally devastating type of cybersecurity risks, namely of the internal kind, do not receive the attention they deserve. Internal data leaks are the most common type of data breaches, that usually stems from employees. Although there are occurrences when an employee goes rogue and willfully sabotages the company, most of the time it is purely accidental. Regardless if it was intentional or unintentional, the damages to reputation and profits are the same. In order to mitigate internal data leaks, companies employ strict internal policies, and data access mechanisms to restrict access.

Due to the sum of its beneficial characteristics, and its unique design choice, blockchain emerges as an anti-tamper technology, capable of demonstrating through complex algorithms that the data stored has not been modified by a malicious actor. Blockchain achieves tamper resistance due to its data storing mechanisms and extensive use of cryptography and hashing functions. Hashing is a process through which data input is passed through a hashing function to obtain a hash digest, also referred to as checksum, a string of characters that acts as a unique identifier. In the world of data security, hashing brings a number of major benefits.

Firstly, each input gives a unique hash digest. Even if only one byte is different between two seemingly identical files, the resulting outputs will be completely different. For example, if we take the input “Data” and pass it through the SHA – 256 hashing function (the most popular hashing function in the blockchain world) we will receive the following hash digest, an alphanumeric string of 64 characters: cec3a9b89b2e391393d0f68e4bc12a9fa6cf358b3cdf79496dc442d52b8dd528. If we take the same hash function and pass the input “data”, the hash digest will be drastically different: 3a6eb0790f39ac87c94f3856b2dd2c5d110e6811602261a9a923d3bb23adc8b7.

Secondly, it’s impossible to reverse engineer a hash digest, which means that you can’t determine the original input from the hash digest.

Blockchain is considered to be an anti-tamper technology due to its clever use of hashing. When new data is added to a blockchain, it first gets verified by the system, timestamped and embedded into a data container referred to as a block of transactions, which is cryptographically secured through a hashing function that incorporates the hash of the previous block in the new block to seal them together. This process is repeated for every new data insert to produce an interdependent chain of blocks, where the smallest change in a block will render all of the following blocks obsolete, as their hashes will no longer match.

Information traceability and record history

In a traditional database system, users can perform the standard CRUD operations (create, read, update, delete), four basic functions of persistent storage that constitute the backbone for interacting with any database. Both relational and non-relational database systems are designed to rely on the CRUD operations to enable basic interactivity. The problem with this approach is that database administrators or users with sufficient clearance can access and modify data entries. This is also available for malicious actors who manage to exploit a security vulnerability and gain access to the database which can lead to numerous problems such as data breaches, corruption and even complete loss of data.

Blockchain technology enables companies to strengthen their database security and enhance audit and reporting operations by facilitating information traceability and record history. Blockchain differs from traditional databases because it is an append-only structure, which means that delete and update operations cannot be performed on existing data. As such, companies can employ a pure blockchain network or a hybrid solution like Modex BCDB that fuses the advantages of blockchain technology and the familiarity of a traditional database engine solution that stores all the previous versions of the information in a separate table to simply reporting and audit operations. In Modex BCDB the database displays by default the latest version of the information, but by accessing the record history, users can interact with older versions of the data and perform various operations including integrity checks, data analysis, and even settle disputes if the need arises.

Due to blockchain’s design, data traceability is available without configuring record history. This is because each data insert in a database has its hash stored in the blockchain network. Even a small modification to an input can drastically change the hash of the information. By comparing the two hashes, an admin can easily determine that the information has been tampered with. But because it is impossible to determine the initial input from the hash digest, they will not know exactly how the information was modified in the database.

‍