It has been said that blockchain technology is the biggest technological advance since the internet itself.
Ironically, it has also been said that blockchain technology is “a distracting fad.” (Hint: This one is wrong.)
No matter who you ask, there is still a tremendous amount of hype surrounding blockchain technology, leaving many of us wondering what blockchain is, what it’s for, and why it even matters in the context of security.
For the record, the opinion of this author echoes the belief that blockchain technology is indeed the biggest technological advance since the internet.
Just to clear a couple of things up before we begin – blockchain is the technology which enables cryptocurrency payments such as Bitcoin, Ethereum, Litecoin, and Monero.
Let’s go back a bit and think about a ledger from ‘olden days’, where the local town banker would fill out the official ledger at the end of each day, indicating who deposited funds to which account, where that money should be deducted from, and how much money still remains in each account. It was a straightforward process, but was tedious, time-consuming, and worst of all – there was only one copy of the ledger, with the accuracy of the ledger relying on the banker’s discipline and attention to detail!
Blockchain technology is simply a distributed ledger, and instead of a banker confirming all those payments that went back and forth throughout the day, this task is handled by a distributed network of computers.
In the case of the human banker, the ledger was centralized (literally, at one location), with the only official copy of the ledger at the bank, in the hands of the banker. So, as soon as the banker said, “Okay, there was a transfer of $50.00 USD from Account 123 to Account 456, and now Account 123 has $50.00 less, and Account 456 has $50.00 more,” the transaction was completed and confirmed.
Blockchain technology operates in a similar manner regarding payments, and since blockchain is a distributed network of computers verifying all of these transactions, as soon as most of the computers on the blockchain can verify the transaction occurred, the ledger is considered confirmed. The remaining computers on the blockchain will validate the ledger as network resources allow.
If the human banker made a mistake or wanted to ‘fudge the numbers’, he could simply write in a different amount or even go back and erase what he had previously written.
Blockchain, in contrast, fixes this vulnerability, prohibiting these types of changes. Once a transaction is confirmed by the computers on the blockchain, that transaction is immutable (i.e., unable to be altered). In other words, when a payment is made, there is no way to go back and ‘erase’ or ‘undo’ the payment.
“Okay, cool – but what does this have to do with cybersecurity?”
Well, there are a few reasons this matters, but in this blog, I only have room to cover one of them – IoT security.
We’ve already established that once a transaction is confirmed on the blockchain, it cannot be altered. If someone tried to alter the blockchain, the network itself would prevent it.
Each transaction on a blockchain contains not only the current transaction data, but also the previous transaction data – all of it. So, when a transaction takes place on the blockchain, the network itself checks the blockchain’s entire history to verify if a transaction is permitted to take place.
The implications for IoT security
What is more unique about blockchain technology is that its capability goes far beyond just financial transactions. In fact, academic researchers and security experts are currently in the early stages of creating an entire blockchain on which IoT devices can operate securely.
Since the blockchain is distributed (i.e., the network is the authority, not a single entity), “blockchain removes this single point of decision-making that leads to failure.”
For the IoT blockchain, instead of the blockchain confirming financial transactions, the blockchain will analyze a new IoT device connecting to the network, inspect that device to ensure it is secure, and then either permit the device to connect or require the device to apply a base set of security configurations prior to connecting.
Additionally, if an IoT device fails to update its security settings, the security updates can be pushed automatically, with no user interaction required.
Did someone say, “Fully automated security that I never even need to think about”?
Now, when someone asks you what you think about the future of blockchain technology, you can share with them what you just learned.
It’s still early, so be patient with those who are not yet on board the blockchain train, but in the next few years, we will likely see tremendous innovations with the technology in the security space, giving us all precisely what we need – a more secure internet.