The application of Blockchain technology in IT security is slowly picking up. However, not much is known about the security challenges in Blockchain technology. On this aspect, let’s explore the various security challenges in Blockchain technology…
Blockchain news is seemingly everywhere these days, and for good reason. The technology behind bitcoin holds a lot of promise for all sorts of use cases — some of them having to do with cyber security.
Owing to their distributed nature, Blockchains provide no ‘hackable’ entrance or a central point of failure and, thereby, provide more security when compared with various present database-driven transactional structures. However, creating a realistic secure enterprise baseline for Blockchain is a real challenge for the organizations.
Blockchain-as-a-service allows enterprises test distributed ledger technology. As secure as Blockchain is purported to be, it is not without its problems. That’s because it’s built atop software that serves specific purposes, such as mobile payments, healthcare record exchanges, or even as an electronic bill of lading for cargo shipments. As a result, Blockchain depends on application software and cryptography.
There are hundreds of start-ups developing Blockchain technology that don’t necessarily use tried-and-tested algorithms. Last year in November, hundreds of millions of dollars in Ethereum cryptocurrency, called Ether, was frozen through a coding vulnerability that allowed one user to lockdown up to $300 million in people’s money. Hence, it’s crucial to make sure to test from the security aspect to try to see what happens when you put real data and real connections together.
Debate @RSA Conference
Blockchain technology was perhaps the most controversial topic at the recent RSA Conference in San Francisco. It’s obvious, because distributed ledger technologies is deeply debated in conversations about enterprise security. Over the past several days, some of the brightest minds in the Industry put their heads together to determine where Blockchain technology truly fits into the enterprise, how technological weaknesses can be exploited and whether the risks outweigh the benefits.
In last week’s RSA session titled “Trust as a Service — Beyond the Blockchain Hype,” representatives from Verizon talked about how the telecommunications giant spent a decade creating a billion-event solution to big Blockchain problems such as integrity, attribution and provenance.
Two Samsung engineers shared specific techniques for writing smarter and better code in the session titled “An Overview of Blockchain-Based Smart Contract Security Vulnerabilities.”.
David Huseby and Marta Piekarska of the Linux Foundation emphasized the importance of establishing baseline questions for conceptualizing security innovation in their Tuesday session, “Blockchain — The New Black. What About Enterprise Security?” They also explained the difference between private and permissioned Blockchains.
Cathie Yun, a software engineer at Chain, spoke about considerations which is not necessarily about weaknesses — for enterprise Blockchain use during the session titled “Foundations of Bitcoin, Blockchain and Smart Contracts,” a replay of which is available via RSAC onDemand. She noted that organizations should address the following areas when gathering requirements — Trust model, Administration, Identity, and Confidentiality.
The Road Ahead
Security professionals aren’t buying the suggestion that there’s a magic bullet or an out-of-the-box Blockchain solution that can solve all their security woes. CIOs generally take a cautious approach to emerging technologies, especially something as shrouded in hype as Blockchain.
As enterprise solutions and use cases of distributed ledgers emerge across industries, this technology is still in the early stages of evolution. If this year’s conference is any indication, it’s safe to say that Blockchain will be a trending topic once again at RSAC 2019.