Concerns about Privacy and Security
Concerns about privacy should be a major consideration in the architecture of blockchains. This is due to the fact that blockchains are designed to store and transmit data on a massive scale. Furthermore, personal data can be shared via the blockchain. As a result, data protection is required. But, as compared to traditional data storage and exchange methods, blockchains offer greater security (Zyskind and Nathan). This is because, unlike previous systems that transmit data through a network of several users, data in this new system only passes through the blockchain, minimizing the possibility of outside influence. Data storage systems that rely on a central server are likewise more insecure than blockchain systems. There are several security benefits that blockchains present. Prime among them is how they help to lock identity theft, how they prevent data tampering and how they thwart Denial of Service hacks.
Protection of Identities
In the protection of identities, blockchains utilize technology stronger than Public Key Infrastructure (PKI) that streamlines the encryption of emails, websites, messaging applications, among other communication channels in traditional centralized systems. PKIs have had a history with security vulnerabilities while being used in Certificate Authorities, such as RSA, that issue logon keys of traditional system users (Zyskind and Nathan). These authorities can be easily compromised by hackers into releasing information concerning user identities. The attacks are so effective that WhatsApp, a messaging application renowned for its stringent security, was a recent victim to them. However, such 'man in the middle' attacks can be averted through the use of blockchains. Implementing key publication on blockchains would close this loophole since applications can confirm the exact identity of the user. This is has already been implemented by services such as CertCoin and Pomcor, which did away with the centralized PKIs in preference of the transparent storage of key hashes in blockchains.
Protection of Data Integrity
Blockchains further increase data security through protection of data integrity. Traditional systems protected the integrity of data by assigning secret keys to users. However, as a network administrator, it's difficult to establish whether data is tampered if one does not know the user's secret key (Zyskind and Nathan). This loophole in maintaining data integrity has been solved by blockchains where several instances of the data exist within the blockchain. In such an implementation, all instances of data are hashed using a similar algorithm and retrieving the data requires confirmation of the similarities of the hashes thereby making it impossible for hackers to access the data without raising alarm. An example of this transparent hashing is the new Keyless Signature Structure. It has moreover been implemented by Gem to control access to health records in the healthcare field.
Protection of Critical Infrastructure
The third way in which the technology can be applied in the scope of security is through protection of critical infrastructure. Centralized systems are vulnerable in protecting such infrastructure (Sompolinsky and Zohar). For example, the singular service providing Domain Name Services was attacked using a DDoS attack that resulted in the temporary failure of major websites including financial outfits such as PayPal. Since blockchains eliminate caching and centralization of critical services, it can successfully protect the services (Sompolinsky and Zohar). However, even with this heightened security, blockchains are subject to certain vulnerabilities.
Vulnerabilities of Blockchains
The most obvious vulnerability that blockchains present is the unencrypted nature of the bitcoin wallet. This, however, has been mitigated by the recent introduction of wallet data encryption. Moreover, data wallets can be accessed through a backup of the wallet's older version (Kiviat). The use of Apple Time Machine, a facility that allows such backups can drain current data wallets through the use of backups, allows hackers to acquire personal data in a blockchain implementation. This is since change of a wallet's password does not reflect the annulling of previous passwords (Sompolinsky and Zohar). Another security issue may regard the possibility of tracking of users' identities through tracing of their coins.
Another security concern that blockchains present is the inability to curb the Sybil attack. This attack happens when a hacker heavily populates the blockchain with puppet clients thereby increasing the chances of an unsuspecting user to connect to the hacker (Bissias, Ozisik and Levine). Once connected to the attacker, the user can be trapped connecting only to nodes created by the attacker, thus predisposing them to attacks such as double-spending since the user will be on a virtually separate network created by the hacker.
Blockchains prevent monopolistic control of the network so as to add security measures. However, an attacker using the Sybil attack and with more than half the network's power can modify the blockchains' transactions (Bissias, Ozisik and Levine). With such monopolistic control, the attacker may have the power to reverse his sent transactions exposing other users to the risk of double spending attacks. He may even prevent the confirmation of users' transactions thereby curtailing their power to access their preferred data. This is especially credible with reference to lightweight nodes as opposed to more secure full nodes. In addition to these potential threats, Interpol in 2015 also demonstrated how bitcoin, which is an implementation of blockchain, could be subverted through the introduction of unrelated data into an existing transaction (Zyskind and Nathan). Therefore, even with the many security leaps that blockchains have presented, these emerging concerns in its security vulnerability should be considered before the implementation of a blockchain system.
Works Cited
Bissias, George, et al. "Sybil-resistant mixing for bitcoin." Proceedings of the 13th Workshop on privacy in the Electronic Society. ACM, November 2014.
Kiviat, Trevor. "Beyond Bitcoin: Issues in regulating blockchain transactions." Duke LJ (2015): 569.
Sompolinsky, Yonatan and Aviv Zohar. "Secure High-Rate Transaction Processing in Bitcoin." Financial Cryptography (2015).
Zyskind, Guy and Oz Nathan. "Decentralizing privacy: Using blockchain to protect personal data." Security and Privacy Workshop(SPW),2015 IEEE. IEEE, 2015.
