You may have heard, over the last year or two, about the new technological miracle that is the blockchain. It seems that every banker, insurer, manufacturer, artist, lawyer and cybersecurity professional is shouting about blockchain from the highest peak and telling us how it will be used to secure everything against anything for all time, additionally removing those embarrassing blemishes from our skin and freshening our breath at the same time. Clearly some large portion of the blockchain-related content we see in the media is hyperbolic, at best, but it is an important technology nonetheless. Let’s take a look at some of the realities of what we can and cannot do with blockchain in relation to cybersecurity.
First, we should take a step back and talk about what exactly the blockchain is. In essence, the blockchain is a technology which enables us, with a very high degree of certainty, to ensure the integrity of a given piece of information; i.e. assure us that the piece of information is reliable and has not been tampered with, altered or damaged. This is done by distributing the task of ensuring integrity to a decentralized group of participants that individually evaluate and then reach a consensus on the information being consistent with its intended state. This process has been described by some as a distributed digital ledger of transactions or as a public distributed database. Each time a set of records, otherwise known as a block, is added to the ledger/database, it is time-stamped, digitally signed, and linked to the signature of the previous block, forming a chain of blocks, hence the name blockchain. The cryptographic wizardry used to chain blocks together is what protects the integrity and how it differs from a regular database. In order to change any past information after the participant consensus has been reached, information in all subsequent blocks would have to be changed as well, at a huge computational expense and with the changes visible to all the participants, making information in the blockchain practically immutable.
The origin of the blockchain is in the digital currency known as bitcoin. The blockchain was first discussed in Bitcoin: A Peer-to-Peer Electronic Cash System as a mechanism for ensuring that the transactions were traceable and that issues such as the same bitcoin being spent more than once by the same person were not possible. Since then, bitcoin has enjoyed a variety of peaks and valleys in the world of public opinion and others have begun to see additional uses for the blockchain technology that forms the technological backbone for bitcoin.
Cybersecurity of blockchain
As we discussed earlier, blockchain is a great tool for information integrity. In the world of information security, we often discuss issues in the context of the CIA triad: confidentiality, integrity, and availability. Blockchain provides no benefits in the confidentiality and availability areas compared to other technologies, nor do current implementations scale well or behave in a performant manner past a certain point.
Let’s look at the information security risks associated with the use of blockchain technology.
Integrity, the defining attribute of blockchain, could be at risk in case of “mutable” (editable) blockchains. Since blockchain has become a huge buzzword recently, we can see all manner of solutions attempting to incorporate blockchain or bolt it onto the side of an existing product in order to jump on the bandwagon even in cases where information integrity is not the main goal. A good illustration of this desire to incorporate the use of blockchains into additional environments is the advent of mutable blockchains in which any information in a blockchain could be edited by a central administrator; this is an approach that goes entirely cross-purpose to the very fundamental integrity concept without providing benefits over other existing technologies. For the rest of the article we’ll be discussing the original blockchain implementation; immutable blockchains.
One, if not the primary area of concern is the lack of confidentiality. Blockchain is designed to be transparent. The focus on integrity in such a decentralized model requires all the consensus participants to share information. Anything recorded onto a blockchain can be arbitrarily read without any restrictions by all participants. If you need information recorded in a blockchain to be confidential, this could be accomplished through the use of encryption, by minimizing stored information, and through other similar approaches. However, these are bolt-on approaches, the same as would be applied to any other data store, and are not inherent to blockchain technology. Despite this common misconception, blockchain technology does not provide confidentiality and privacy, exactly the opposite is true. When we, techies and cybersecurity practitioners, talk about blockchain being “secure” we are only referring to the integrity aspect. Which creates confusion since secure in the popular vernacular also tends to mean confidential. If our use case focuses on the confidentiality of information, we will likely want to look to other technologies.
Potentially impacting the confidentiality and integrity are also issues in securing the private keys used by the participants, or weaknesses in the cryptographic algorithms used. Those could, and should, be addressed in the same ways and using the same technologies that are typically put in place to address such concerns. Blockchain doesn’t make any of this any easier or harder than other technologies.
A blockchain-specific integrity risk with a potential large scale impact is known as the 51% attack. This attack is often brought up when blockchain security is called into question. In this particular case, if an attacker would control 51% of the computing power of the whole network of participants, the potential would exist for the attacker to “outvote” all of the other participants and reach the “consensus” on its own and therefore impact the integrity of data. Worse yet, calling it the 51% attack is a bit of a misnomer. In reality, the percentage of computing power needed may be much lower, perhaps even as low as 40%. In the case of the blockchain backing a cryptocurrency, such an attack could potentially enable the attacker to spend the same funds twice.
Several attacks have occurred over the last few years in which blockchain-based cryptocurrencies were compromised. Most recently, there have been large cryptocurrency losses from Hong Kong-based Bitfinex in August of 2016 ($65 million US) and Ethereum in June of 2016 ($150 million US). In the case of Bitfinex, the exact issue is still not publicly known, but is believed to be a public key storage issue. Ethereum’s issue was a code flaw that allowed funds to be withdrawn repeatedly without updating the wallet balance. In both cases, these flaws were not issues with the blockchain itself but, as many security problems ultimately boil down to, issues in implementation.
As the use of blockchain expands into other industries and more trust is put into blockchains for assuring contracts, recording ownership, ensuring the integrity of data, and a thousand other functions, we will begin to see an interesting set of new security issues emerge. We can clearly not make light of the cryptocurrency attacks that have occurred thus far, considering their scale, but they may only be the tip of the iceberg. Consider what might happen in the future when all of the funds, records, proof of ownership, articles of incorporation, and a slew of other documentation belonging to and about a corporation is stored in a blockchain, entirely proofed against alteration. We could very well wake in the morning to discover a similar implementation or loss of public key control had permanently and irrevocably transferred the assets and ownership of our company into the hands of an attacker. Even the most benign of these types of attacks could lead to serious reputational damage for an organization.
It is important to understand that while blockchain provides an excellent solution for information integrity, it is not unbreakable. We should also keep in mind that, while there are ongoing developments in blockchain privacy, there is at the moment nothing inherently secure, in terms of confidentiality, in the use of blockchain technology. Whatever our use case is and however we decide to implement the technology, we have to consider all the information security aspects and embed the appropriate security controls in our implementation. As has always been true in the information security field, there is no such thing as a silver bullet that will solve all of our problems.
Blockchain for cybersecurity
Given the newness of the technology, its current state of flux, and the potential for its misuse, where can we use blockchain in a reasonably safe manner? To come full circle back to the beginning of our discussion, we can benefit greatly from the technology when we use it for information integrity purposes, as it was originally designed and intended for use. One interesting use case is applying strong integrity assurance feature of the blockchain technology to strengthen cybersecurity of many other technologies.
For example, we can use blockchain to ensure the integrity of software downloads such as patches, firmware updates, downloads, installers, and so forth, in much the way that we make use of MD5 hashes today. While the hash that we compare our file download against might be compromised on a vendor website and altered without our knowledge, we can make a comparison against what is permanently recorded in the blockchain with a much higher level of confidence.
Particularly in the world of cyber-physical systems (CPS) (IoT, industrial controls, vehicles, robotics, etc), the use of blockchain technologies has great security potential. To learn more about CPS cybersecurity concerns check my other article: “The World of Cyber-Physical Systems & the Rising Cyber-Kinetic Risks“. In summary, the key difference between cybersecurity for cyber-physical systems and cybersecurity for traditional enterprise IT systems is that for cyber-physical systems the integrity of data is the key concern while the confidentiality in many cases is almost irrelevant. Blockchain technology is just what the doctor ordered to address the key cyber-physical systems security concern.
Given the recent massive DDoS attacks using compromised IoT devices, and the greatly increased level of interest in increasing the security of and around such devices, we could bring blockchain to bear here. We could potentially track the provenance of a given IoT device, or even the components that make up a particular device from a supply chain perspective, as well as the integrity of the embedded software. Individual components could be tracked as they move from suppliers to manufacturers, and ultimately to the customers at the end of the chain. This idea has the potential to become a part of the supply chain cyber and cyber-physical systems security efforts that are of great concern to nation states around the globe, particularly noticeable in the efforts being put forth by the US, China, Russia, India and others in recent years.
Consider the examples of Car Area Network (CAN) hacking that have repeatedly made international media over the last several years. Attackers have been able to compromise nearly all of the major systems in vehicles, taking over vital automotive functions such as acceleration, braking, and steering, many of which can have direct impacts on human safety. In many cases, this is possible because the integrity of the data flowing in and through such systems is almost never validated or assured. We could use blockchain technology to validate the components in use in the vehicle as well as the integrity of data generated by those components, and, potentially, reject spurious inputs entirely.
More generically, information integrity capabilities of blockchain can be used to verify the status of any cyber-physical infrastructure, provide complete provenance of every component of the infrastructure and assure complete chain of custody for all data generated and transmitted through that infrastructure. That level of empirical verifiability is an area where blockchain truly has the potential to shine and that could drive new approaches to cyber-physical systems security providing real-time awareness and detection of any misconfiguration, component failure or data tampering.
To sum up, blockchain is a disruptive technology with huge market potential and even the potential to change society. More interestingly for the purpose of this article, it has the potential to change the way that cyber security and cyber-physical systems security efforts are conducted, and may spawn entire new industries or new segments of existing industries. While the technology surrounding and built on blockchain is presently going through some very painful growth and learning experiences, the potential for good to come from the use of such solutions is very high. As with any new technology, there is a safer set of core functions that blockchain does well, i.e, ensuring integrity. As we move out into the newer and more fringe uses of this technology, we incur a high level of risk for operating in such areas, and open ourselves up to the potential for great reward as well. Security is a balancing act, and blockchain is no exception to this maxim.
Marin Ivezic is a Cybersecurity & Privacy Partner in PwC Canada focused on risks of emerging technologies.