Unless you’ve been living in Slab City or off the grid for a while, you’ve probably heard this year’s omnipresent buzzword ‘blockchain.’ But perhaps you’re a bit clueless as to what this newer technology entails.In a recent HSBC survey of 12,000 respondents in 11 countries, 80 percent of people could not explain how blockchain works. Don’t worry, you are not hanging in the blockchain rafters alone. I’m one of the 80 percent dangling right along with you and will attempt to simplify this emerging technology under the brass tacks of Blockchain 101.What is Blockchain?Blockchain is a distributed database that maintains a list of records. Each record is called a block, and each block contains the history of every block that came before it.
Authors Don and Alex Tapscott of a book titled Blockchain Revolution describe the blockchain as “an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.”Steve Wilson of ZDNet says the following:“Blockchain is an algorithm and distributed data structure for managing electronic cash without a central administrator among people who know nothing about one another. Originally designed for the crypto-currency Bitcoin, the blockchain architecture was driven by a radical rejection of at (government-guaranteed) money and bank-controlled payments.”Wilson describes blockchain as “a special instance of Distributed Ledger Technologies (DLTs), almost all of which have emerged in Bitcoin’s wake.”The definitions listed above are correct, but all three definitions still tend to leave me (and perhaps you) dangling once again–only this time, we’re all sitting here peering through opaque glasses.From the above definitions, we can surmise that blockchain involves digital ledger technology and that each of these electronic transactions can be broken into blocks [with date, time-stamp, and encryption] and each block links back to previous blocks, making any individual block meaningless by itself.How does Blockchain work?Michele D’Aliessi, Business Development Manager at the European Institute of Innovation and Technology (EIT), posits “blockchain technology is probably the best invention since the internet itself.”D’Aliessi says:“Imagine you and I bet $50 on tomorrow’s weather in San Francisco. I bet it will be sunny, you that it will rain. Today, we have three options to manage this transaction:We can trust each other. Rainy or sunny, the losing one will give $50 to the winner. If we are friends, this could be a good way of managing it. However, friends or strangers, one can easily not pay the other.We can turn the bet into a contract. With a contract in place both parties will be more prone to pay, however, should any of the two decide not to pay, the winner will have to pay additional money to cover legal expenses and the verdict might take a long time. Especially for a small amount of cash, this doesn’t seem the optimal way of managing the transaction.We can involve a neutral third party. Each of us gives $50 to a third party, she then will give the total amount to the winner. But hey, she could also run away with all our money. So we end up in one of the first two options: trust or contract.”D’Aliessi further explains:“Blockchain allows us to write a few lines of code, a program running on the blockchain, to which both of us send $50. This program will keep the $100 safe and check tomorrow’s weather automatically on several data sources. Sunny or rainy it will transfer automatically the whole amount to the winner. Each party can check the contract logic, and once it’s running on the blockchain it can’t be changed or stopped. This effort can be quite too high for a $50 bet, but imagine when selling a house or a company.”Here is a more succinct description where Blockgeeks defines blockchain like this:“Picture a spreadsheet that is duplicated thousands of times across a network of computers. Then imagine that this network is designed to regularly update this spreadsheet and you have a basic understanding of the blockchain.”Blockgeeks further elaborates on blockchain technology with William Mougayar’s Google spreadsheet analogy:The traditional way of sharing documents with collaboration is to send a Microsoft Word document to another recipient and ask them to make revisions to it. The problem with that scenario is that you need to wait until receiving a return copy before you can see or make other changes because you are locked out of editing it until the other person is done with it. That’s how databases work today. Two owners can’t be messing with the same record at once. That’s how banks maintain money balances and transfers; they briefly lock access (or decrease the balance) while they make a transfer, then update the other side, then re-open access (or update again).With Google Docs (or Google Sheets), both parties have access to the same document at the same time, and the single version of that document is always visible to both of them. It is like a shared ledger, but it is a shared document. The distributed part comes into play when sharing involves a number of people.Once you’re inside a shared Google Doc, you can view all updates in real time. Where Google Docs differs, (You can edit and erase entries.) blockchain is supposed to be an immutable ledger that you write to [a block] and once written to [the block] becomes public knowledge—permanent, ironclad, unwavering, and steadfast.Blockchain SecurityThe possibility of hacking blockchain applications should be a major security concern. Who can forget the August 2016 Bitfinex hack that resulted in the theft of 119,756 ($730,126,883.85) Bitcoins? TechCrunch wrote, “In terms of how the hack happened, it’s still pretty vague. All we know is that the company’s multi-signature accounts were somehow compromised.”Other crucial Blockchain security concerns include:Malicious attacks.The integration with existing network systems.Cryptographic key material management.Quality of the network service.Dave Huseby of Hyperledger says:“Any organization applying blockchain technology to an existing process almost certainly has existing systems that chaincode/smart contracts will have to interact with. Building proper oracles to ensure execution of smart contracts is crucial. Also making sure that all cryptographic key material is properly stored and handled is of great concern. The entire blockchain security rests on the assumption that cryptographic keys will be secured properly. And lastly, since most consensus algorithms are latency sensitive, it is also very important to have the most stable and lowest latency network connections possible.”Protecting against blockchain attacks is vital. I was quite stoked when British Telecommunications PLC (BT) was awarded a patent on October 31, for mitigating blockchain attacks. Go PLC!How Can Blockchain Be Good for Security?Overall, the advantages of blockchain technology to enhance security are pivoting and on the move. We all know the Internet of Things (IoT) has been a hacker’s recreation haul as well as the Achilles heel of security. We only need to creep back in time to October 2016 to realize that the Mirai DDoS attack on Dyn was a wakeup call for vulnerable IoT devices from IP cameras to routers.Chris Wiltz of DesignNews recently wrote an article on “How Blockchain is the Key to a Secure IoT.” In the article, Wiltz featured Ericsson Research , Ben Smeets Arm TechCon 2017 talk on using blockchain as the solution to securing IoT devices:“The solution for Smeets and his team though is not to pile on extra layers of authentication, but rather to distribute them. And that’s where blockchain comes it. Because the blockchain functions via a distributed and encrypted ledger shared across all of a network’s users and devices, it creates a network of authentication that is verifiable and not easily hacked. With blockchain implemented, a device cannot access a network unless it is verified through the entire ledger. In this scenario attacks like Mirai become significantly more difficult, if not impossible, because a hacker would need to modify the entire ledger, and not just the credentials of any one device.”Jill Richmond of Nasdaq breaks down blockchain’s cybersecurity advantages into three key features:Blockchain to block identity theft.Blockchain to prevent data tampering.Blockchain to stop distributed denial-of-service (DDoS) attacks.In her article, Richmond says the following:“Blockchain provides not only traditional endpoint protection, but a holistic approach that includes user identity security, transaction and communication infrastructure security, business security through transparency and auditing and security from malicious insiders, compromised nodes or server failures. These are all addressable with blockchains because security and privacy are central to the protocol, and not an ancillary consideration.”In ConclusionI’m hyped about blockchain technologies. We need change, and we need far more to look forward to then consistently straddling the bad guys ankles only to sink deeper into the “we’re screwed now” mire.We need pioneering [advanced] security solutions that can sever the bad guys ankles to counteract this unabating deluge of failed-security dribblings that are inherent in today’s traditional security solutions.On a parting note, here’s a bit of parting blockchain trivia . . . For any block on the chain, there is only one Genesis block, and blocks on shorter chains are useless and often called “orphan” blocks. Got some blockchain trivia to share? Tweet @teksquisite with the hashtag #niahckcolbMore Blockchain ResourcesBlockchain.info This site contains the latest blocks, transactions per day, transaction search, mempool size, charts & statistics, tutorials, help center, and a learning portal.Becker’s: 15 blockchain terms to knowBlockchain, simplified Kaspersky gives a breakdown on how Bitcoin and blockchain work.Harvard Business Review: How Safe Are Blockchains? It Depends. Explains the security risks in blockchain technology in public and private blockchains.If you understand Hash Functions, you’ll understand Blockchains.View blockchain transactions: Blockchain.info[live] and Etherscan.[Video] Bitcoin Properly: The Blockchain Explained[Video] Gartner: The Blockchain explained Tapscott, Don, and Alex Tapscott. Blockchain revolution: how the technology behind Bitcoin is changing money, business, and the world. Portfolio, an imprint of Penguin Canada, a division of Penguin Random House Canada Limited, 2016.
About the Author: Bev Robb is the security-technology editor at Fortscale.Bev has a BS in sociology and is a sporadic blogger at her Teksecurity blog. She can be found on Twitter and LinkedIn.Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.