Distributed registries and information security: from which protects the blockchain
The main advantages of the blockchain are transparency of transactions and openness. This is useful when concluding contracts and conducting transactions. All participants in the process are aware of the steps of their partners.
Blockchain is also decentralized, so it’s difficult to compromise the data stored in it. These properties have led to the fact that the technology is widespread in the financial sector. However, the applicability of the blockchain is not limited to cryptocurrencies. Today we are talking about how technology is used to ensure information security.
/ image Michael Pick CC
')
The blockchain becomes an aid to services whose users are concerned about data integrity: IoT, law, medicine, insurance, etc. For example, it was taken out of IBM to transact it. The company has created a cloud service for testing applications in a secure environment.
According to IBM, developers can launch their own blockchain-sandbox in 12 seconds. A minute after that, he will be ready to launch test applications.
Another project in this area is the MIT Enigma solution based on bitcoin blockchain. Enigma allows you to run any code on the encrypted data, while making them "out of reach" for a third party.
Other companies are also looking for security blockchain applications. For example, Humaniq, which plans to use the blockchain in conjunction with artificial intelligence and biometrics recognition technologies to create an identity identification service. The decision will be useful when buying goods in stores, making insurance, even with a simple walk to the bar. A similar authorization solution is offered by Remme.
The Guardtime project uses closed blockchains and replaces RSA digital signatures with KSI (Keyless Signature Infrastructure) signatures. They use hash function cryptography. The company hopes that this will allow to avoid problems in the future, when quantum computers become widespread (they easily solve the factorization tasks on which RSA is built).
The problem of security faces the modern world quite acutely. The number of cyber threats is increasing, including those related to identity theft. According to the analytical agency Cybersecurity Ventures, the annual damage from cybercrime will reach 6 trillion dollars by 2021. In 2015, the damage was 3 trillion. Therefore , the number of funds invested in cybersecurity is also growing - by 2021 it will exceed $ 1 trillion.
Companies use the blockchain, as this technology is able to protect data and make their audit more transparent. Blockchain technologies prevent a whole range of different attacks.
Encrypted connections (for example, HTTPS and TLS) for channel protection rely on the public key certification infrastructure (PKI) and certification authority (CA). Each network participant has a public / private key pair. The private key he keeps in secret. The public key stores the CA.
When a user wants to establish a secure connection (enter the site), he requests the public key of the resource from the certification authority and encrypts the data before sending. To decrypt data, the site uses its private key.
However, in this case, the reliability of the system depends on how well the certification authority is protected. If attackers manage to compromise CA, then they get the opportunity to carry out a man-in-the-middle (MITM) attack. In this case, fake public keys are sent to which hackers have corresponding private keys. With their help, the decryption of the transmitted information.
For example, it recently became aware of a vulnerability in WhatsApp that compromised user privacy. The bug was associated with the reinstallation of keys and allowed attackers to replace them with the MITM attack.
However, in a blockchain-based system, MITM is not realizable. When a user publishes a public key in a blockchain, all network nodes “recognize” this (for example, a bitcoin blockchain has 10 thousand active nodes). This information is written to the block, and the blockchain cryptography protects the integrity of the registry. Therefore, to publish fake keys from attackers will not work - a fake is immediately recognized.
CertCoin is one of the first implementations of PKI based on the blockchain. The project, developed at MIT, excludes certification authorities and uses the blockchain as a distributed registry of domains and associated public keys.
Another example is the company Pomcor. She presented a project that does not exclude CA, but uses a blockchain to store hashes of issued and revoked certificates. This approach gives users the ability to verify the authenticity of certificates. It also optimizes network access, since the key and signature verification is performed on local copies of the blockchain.
Last February, hackers compromised the Linux Mint website and downloaded an infected version of the operating system with a built-in backdoor. Usually, developers provide hash sums for users to verify a copy of the software, but here hackers can publish the hash sums of their version. Therefore, the downloaded OS users did not suspect a fake.
A similar situation can occur with any information distributed on the network. And to know for sure that the data obtained is authentic, it is impossible.
However, on the blockchain, a network participant may publish a hash associated with a separate file, an image of the operating system, and other data that requires protection. In this case, if hackers get to the information and change it, they will not be able to correct the hash sum recorded in the blockchain.
There are already projects that implement this idea. Startup GuardTime suggests using a Keyless Signature Structure (KSI). KSI stores hashes of data and files and verifies copies using hashing algorithms. Thus, the group hopes to replace the authentication process using keys.
GuardTime technical director Matthew Johnson (Matthew Johnson) said that data authentication using blockchains ensures their integrity through mathematical algorithms. DARPA even considers KSI as a solution to protect sensitive military information.
Another example is Gem , which uses the blockchain to control medical records. Hospitals work with a lot of personal information about patients and have previously been subjected to hacker attacks. According to representatives of the company Gem, the blockchain will help verify the integrity of the data to which a group of organizations has access.
The “task” of distributed network attacks is to limit the bandwidth of a network resource, for example, the infrastructure supporting the company's website. Web servers always have restrictions on the number of requests (processed simultaneously). If the number of calls to the server exceeds the capacity of any infrastructure component, there are problems with the level of service. Moreover, the scale of these problems depends on the purpose of DDoS-attacks.
A massive DDoS attack on the US DNS provider Dyn last October left millions of users without services such as Twitter, PayPal, Netflix, GitHub, and Spotify. A DDoS attack on Dyn was conducted using a giant Mirai botnet that included tens of millions of devices: routers, printers, IP cameras and other gadgets connected to the Internet. Together, they transmitted data to Dyn servers at a speed of 1.2 Tbps. And in October of this year, the Reaper virus began to spread , infecting smart gadgets around the world.
The attack on the DNS provider Dyn shows how single points of failure and centralized systems make the entire Internet infrastructure vulnerable. A more serious scenario for the development of attacks on DNS servers would be to compromise it in order to redirect users to sites with malicious software.
However, you can opt out of the central DNS servers and implement a system in which the “name-IP-address” pairs are registered in the blockchain network and distributed across all nodes. This will ensure transparency and security at the same time. Hackers will not be able to target any one infrastructure by attacking a separate cluster. The data itself will be protected by cryptographic algorithms.
Nebulis is a project that explores the concept of distributed DNS systems that withstand large “flows” of queries. The company uses the Ethereum blockchain and interplanetary file system (IPFS) to register domain names.
The blockchain will also eliminate network costs associated with reading the DNS. "Tax" will be subject to procedures for updating records and making new ones. According to blockchain expert Philip Saunders (Philip Saunders), this will remove the burden on the "skeleton of the Internet."
/ image by Henri Bergius CC
According to a study by F5 Networks, the number of attacks on IoT devices and infrastructure has increased by 280% since the beginning of this year. For the most part, this is due to the proliferation of Mirai malware. Hackers hack the Internet of things devices and use them to conduct DDoS attacks and host the Trojans infrastructure.
At the same time, as noted in the study, the criminals changed the tactics of the formation of botnets and specifically look for gadgets that have known vulnerabilities.
The blockchain promises to protect IoT for the same reasons that it is the heart of cryptocurrencies: confidence in the legitimacy of the data and a clear process of their approval. So says IoT expert Ahmed Banafa (Ahmed Banafa) and a professor at California State University in San Jose. Banafa wrote a popular review of the blockchain's potential for solving IoT security issues.
However, the fact is that simply registering a device on the blockchain is not enough. As Thomas Hardjono of MIT Connection Science says , an infrastructure is needed to control devices and control access to data.
One solution could be the ChainAnchor project, which is being developed at MIT. This is a framework that will be supported by the creators of smart gadgets, data providers and independent developers. The idea is that network members, in exchange for maintaining security, will be able to sell anonymous data from IoT devices. The framework has mechanisms that allow blocking compromised devices, as well as disconnecting legitimate gadgets from the blockchain when the owner changes.
Researchers at the University of New South Wales offer a different approach to IoT security. In their blockchain-protected smart home model there is a “miner”, which replaces the router for managing network transactions. This device manages communications between home IoT devices and the outside world: it authorizes new devices and disables gadgets with suspicious activity. If a component of the Internet of things turned out to be part of a botnet, the block miner will see this and stop sending its packets outside the home network.
Another job based on distributed registries is the IOTA project. It is a cryptographic for microtransactions and is optimized for use on the Internet of things. IOTA Blockchain is created easy to cope with a network of smart devices, whose number in the next ten years, according to some estimates, will grow to 50 billion.
Lightness is achieved through the use of technology Tangle. This is a directed acyclic graph in which there are no directed cycles (paths that start and end at the same vertex). This approach eliminates the centralization of mining, expands the limits of scalability and allows you to work in conditions of unlimited data growth.
The blockchain provides a fundamentally different approach to cybersecurity that extends beyond the hub servers and includes the protection of user data, communication channels and critical infrastructure supporting organizations' business processes.
Vulnerabilities in centralized systems are becoming increasingly apparent as the number of cyber attacks increase. New threats on the Internet will always arise. The blockchains will not become a “silver bullet”, but they will be a powerful tool that engineers can use to increase the reliability of their systems.
PS On our Facebook page we published a digest about the features of blockchain technologies. In it we collected materials from our blog on Habré and the English-language Internet on cryptography and consensus. You can find it by reference .
Blockchain is also decentralized, so it’s difficult to compromise the data stored in it. These properties have led to the fact that the technology is widespread in the financial sector. However, the applicability of the blockchain is not limited to cryptocurrencies. Today we are talking about how technology is used to ensure information security.
/ image Michael Pick CC
')
The blockchain becomes an aid to services whose users are concerned about data integrity: IoT, law, medicine, insurance, etc. For example, it was taken out of IBM to transact it. The company has created a cloud service for testing applications in a secure environment.
According to IBM, developers can launch their own blockchain-sandbox in 12 seconds. A minute after that, he will be ready to launch test applications.
Another project in this area is the MIT Enigma solution based on bitcoin blockchain. Enigma allows you to run any code on the encrypted data, while making them "out of reach" for a third party.
Other companies are also looking for security blockchain applications. For example, Humaniq, which plans to use the blockchain in conjunction with artificial intelligence and biometrics recognition technologies to create an identity identification service. The decision will be useful when buying goods in stores, making insurance, even with a simple walk to the bar. A similar authorization solution is offered by Remme.
The Guardtime project uses closed blockchains and replaces RSA digital signatures with KSI (Keyless Signature Infrastructure) signatures. They use hash function cryptography. The company hopes that this will allow to avoid problems in the future, when quantum computers become widespread (they easily solve the factorization tasks on which RSA is built).
What kind of threats does the blockchain protect against?
The problem of security faces the modern world quite acutely. The number of cyber threats is increasing, including those related to identity theft. According to the analytical agency Cybersecurity Ventures, the annual damage from cybercrime will reach 6 trillion dollars by 2021. In 2015, the damage was 3 trillion. Therefore , the number of funds invested in cybersecurity is also growing - by 2021 it will exceed $ 1 trillion.
Companies use the blockchain, as this technology is able to protect data and make their audit more transparent. Blockchain technologies prevent a whole range of different attacks.
Man-in-the-middle attacks
Encrypted connections (for example, HTTPS and TLS) for channel protection rely on the public key certification infrastructure (PKI) and certification authority (CA). Each network participant has a public / private key pair. The private key he keeps in secret. The public key stores the CA.
When a user wants to establish a secure connection (enter the site), he requests the public key of the resource from the certification authority and encrypts the data before sending. To decrypt data, the site uses its private key.
However, in this case, the reliability of the system depends on how well the certification authority is protected. If attackers manage to compromise CA, then they get the opportunity to carry out a man-in-the-middle (MITM) attack. In this case, fake public keys are sent to which hackers have corresponding private keys. With their help, the decryption of the transmitted information.
For example, it recently became aware of a vulnerability in WhatsApp that compromised user privacy. The bug was associated with the reinstallation of keys and allowed attackers to replace them with the MITM attack.
However, in a blockchain-based system, MITM is not realizable. When a user publishes a public key in a blockchain, all network nodes “recognize” this (for example, a bitcoin blockchain has 10 thousand active nodes). This information is written to the block, and the blockchain cryptography protects the integrity of the registry. Therefore, to publish fake keys from attackers will not work - a fake is immediately recognized.
CertCoin is one of the first implementations of PKI based on the blockchain. The project, developed at MIT, excludes certification authorities and uses the blockchain as a distributed registry of domains and associated public keys.
Another example is the company Pomcor. She presented a project that does not exclude CA, but uses a blockchain to store hashes of issued and revoked certificates. This approach gives users the ability to verify the authenticity of certificates. It also optimizes network access, since the key and signature verification is performed on local copies of the blockchain.
Data manipulation
Last February, hackers compromised the Linux Mint website and downloaded an infected version of the operating system with a built-in backdoor. Usually, developers provide hash sums for users to verify a copy of the software, but here hackers can publish the hash sums of their version. Therefore, the downloaded OS users did not suspect a fake.
A similar situation can occur with any information distributed on the network. And to know for sure that the data obtained is authentic, it is impossible.
However, on the blockchain, a network participant may publish a hash associated with a separate file, an image of the operating system, and other data that requires protection. In this case, if hackers get to the information and change it, they will not be able to correct the hash sum recorded in the blockchain.
There are already projects that implement this idea. Startup GuardTime suggests using a Keyless Signature Structure (KSI). KSI stores hashes of data and files and verifies copies using hashing algorithms. Thus, the group hopes to replace the authentication process using keys.
GuardTime technical director Matthew Johnson (Matthew Johnson) said that data authentication using blockchains ensures their integrity through mathematical algorithms. DARPA even considers KSI as a solution to protect sensitive military information.
Another example is Gem , which uses the blockchain to control medical records. Hospitals work with a lot of personal information about patients and have previously been subjected to hacker attacks. According to representatives of the company Gem, the blockchain will help verify the integrity of the data to which a group of organizations has access.
DDoS attacks
The “task” of distributed network attacks is to limit the bandwidth of a network resource, for example, the infrastructure supporting the company's website. Web servers always have restrictions on the number of requests (processed simultaneously). If the number of calls to the server exceeds the capacity of any infrastructure component, there are problems with the level of service. Moreover, the scale of these problems depends on the purpose of DDoS-attacks.
A massive DDoS attack on the US DNS provider Dyn last October left millions of users without services such as Twitter, PayPal, Netflix, GitHub, and Spotify. A DDoS attack on Dyn was conducted using a giant Mirai botnet that included tens of millions of devices: routers, printers, IP cameras and other gadgets connected to the Internet. Together, they transmitted data to Dyn servers at a speed of 1.2 Tbps. And in October of this year, the Reaper virus began to spread , infecting smart gadgets around the world.
The attack on the DNS provider Dyn shows how single points of failure and centralized systems make the entire Internet infrastructure vulnerable. A more serious scenario for the development of attacks on DNS servers would be to compromise it in order to redirect users to sites with malicious software.
However, you can opt out of the central DNS servers and implement a system in which the “name-IP-address” pairs are registered in the blockchain network and distributed across all nodes. This will ensure transparency and security at the same time. Hackers will not be able to target any one infrastructure by attacking a separate cluster. The data itself will be protected by cryptographic algorithms.
Nebulis is a project that explores the concept of distributed DNS systems that withstand large “flows” of queries. The company uses the Ethereum blockchain and interplanetary file system (IPFS) to register domain names.
The blockchain will also eliminate network costs associated with reading the DNS. "Tax" will be subject to procedures for updating records and making new ones. According to blockchain expert Philip Saunders (Philip Saunders), this will remove the burden on the "skeleton of the Internet."
/ image by Henri Bergius CC
IoT Protection
According to a study by F5 Networks, the number of attacks on IoT devices and infrastructure has increased by 280% since the beginning of this year. For the most part, this is due to the proliferation of Mirai malware. Hackers hack the Internet of things devices and use them to conduct DDoS attacks and host the Trojans infrastructure.
At the same time, as noted in the study, the criminals changed the tactics of the formation of botnets and specifically look for gadgets that have known vulnerabilities.
The blockchain promises to protect IoT for the same reasons that it is the heart of cryptocurrencies: confidence in the legitimacy of the data and a clear process of their approval. So says IoT expert Ahmed Banafa (Ahmed Banafa) and a professor at California State University in San Jose. Banafa wrote a popular review of the blockchain's potential for solving IoT security issues.
However, the fact is that simply registering a device on the blockchain is not enough. As Thomas Hardjono of MIT Connection Science says , an infrastructure is needed to control devices and control access to data.
One solution could be the ChainAnchor project, which is being developed at MIT. This is a framework that will be supported by the creators of smart gadgets, data providers and independent developers. The idea is that network members, in exchange for maintaining security, will be able to sell anonymous data from IoT devices. The framework has mechanisms that allow blocking compromised devices, as well as disconnecting legitimate gadgets from the blockchain when the owner changes.
Researchers at the University of New South Wales offer a different approach to IoT security. In their blockchain-protected smart home model there is a “miner”, which replaces the router for managing network transactions. This device manages communications between home IoT devices and the outside world: it authorizes new devices and disables gadgets with suspicious activity. If a component of the Internet of things turned out to be part of a botnet, the block miner will see this and stop sending its packets outside the home network.
Another job based on distributed registries is the IOTA project. It is a cryptographic for microtransactions and is optimized for use on the Internet of things. IOTA Blockchain is created easy to cope with a network of smart devices, whose number in the next ten years, according to some estimates, will grow to 50 billion.
Lightness is achieved through the use of technology Tangle. This is a directed acyclic graph in which there are no directed cycles (paths that start and end at the same vertex). This approach eliminates the centralization of mining, expands the limits of scalability and allows you to work in conditions of unlimited data growth.
Blockchain and the future of cybersecurity
The blockchain provides a fundamentally different approach to cybersecurity that extends beyond the hub servers and includes the protection of user data, communication channels and critical infrastructure supporting organizations' business processes.
Vulnerabilities in centralized systems are becoming increasingly apparent as the number of cyber attacks increase. New threats on the Internet will always arise. The blockchains will not become a “silver bullet”, but they will be a powerful tool that engineers can use to increase the reliability of their systems.
PS On our Facebook page we published a digest about the features of blockchain technologies. In it we collected materials from our blog on Habré and the English-language Internet on cryptography and consensus. You can find it by reference .
Source: https://habr.com/ru/post/341902/
All Articles