Distributed registry technology has become popular due to the hype surrounding cryptocurrencies.
Many companies developed blockchain solutions, vying to talk about a secure decentralized future, held together with cryptographic signatures, and demonstrated impressive slides with info-graphics and powerful slogans.
Corporations, one after another, published news about the development of a corporate blockchain or cooperation with promising startups.
Now the bitcoin exchange rate has noticeably decreased, and the excitement has subsided, and it has become possible to calmly see how things are with the real use of the blockchain to protect against cyber attacks, focusing on the practical side of the issue.
When the regulators of all countries joined the ranks of defending financial traditions, limiting or banning operations with cryptocurrencies, investing in cryptocurrency became risky, the bitcoin rate went down (screenshot from bitfinex.com )
Note: the lack of hype does not mean that the blockchain suddenly lost its advantages in terms of decentralization, data integrity and transaction transparency. These qualities allow the use of a distributed registry in cyber-security, and this is what is said in the announcements of cryptocompanies and publications of crypto enthusiasts. Let’s look at a few examples of exactly what applications the technology has – in theory and in practice.
According to a Trend Micro research, exploitation of human weaknesses has become the main vector of modern cyber attacks. The popularity of phishing among cybercriminals is explained by its high efficiency and relatively low cost. The main task when creating a fraudulent letter or website is to convince a potential victim of the legitimacy of what is happening, because only in this case will she readily carry out the target action of the attack.
You can confirm the authenticity of a letter in various ways. For example, the Binance cryptocurrency exchange, as such a solution, offers its users to add a special anti-phishing code to letters from the exchange.
A fair question arises: why does the crypto exchange not use blockchain solutions to protect it, preferring a primitive secret code that is relatively easy to fake? There are, for example, blockchain solutions from MetaCert or CloudPhish that use a distributed registry to classify phishing and legitimate URLs.
Checking the URL using a distributed registry allows you to quickly identify phishing resources, but keep in mind that fraudulent sites and domains live from several hours to several days, which reduces the effectiveness of this kind of protection.
Checking sites for legitimacy is already implemented in Google Chrome and Firefox, so the main argument for using the blockchain to protect against phishing is its decentralization. Due to this, attackers will not be able to block the server on which the database of legitimate resources is stored. On the other hand, there are methods that allow you to act on the blockchain, for example, 51% attacks and Double Spending.
Thus, it can be stated that despite the existence of blockchain solutions for protection against phishing, they have not yet received wide distribution due to the lack of obvious advantages.
The number of IoT devices is constantly growing: in 2019, the number of IoT gadgets exceeded 26 billion. According to Gartner, in 2020 they will be 26 times more than people on Earth. Given the ubiquity of the Internet of things in our lives and the increasing reliance on devices, their security is becoming critical.
Meanwhile, the actual situation is poor. Strongly flashed passwords in devices, lack of cryptographic protection and vulnerability of firmware make IoT an ideal target for hacker attacks.
Using the blockchain solves many problems related to the Internet of things, for example, the problem with authentication and connection.
Registering each IoT device in a distributed registry and issuing or eliminating access rights using a blockchain transaction make it possible for all network participants to verify the legitimacy of connections and requests.
As a result, connecting unauthorized devices and intercepting or replacing data using the “man in the middle” attack are a thing of the past. This is how Uniquid’s cloud-based Litecoin-based blockchain platform works. In addition to protection against unauthorized connections, it provides fault tolerance of the authorization process due to the absence of a dedicated server.
Another use of blockchain in IoT / IIoT is supply chain protection. The registry makes it possible to track all stages of production and movement of components of the finished product, medicine or food product, excluding the possibility of theft or fake. But these cases are slightly related to cybersecurity.
Various companies offer blockchain solutions for IoT, but most implementations are experimental in nature.
There are several reasons for such indecision of customers:
- Risks and complexity of using new solutions;
- The requirement to upgrade or replace incompatible equipment;
- The need to refine existing software systems.
Thus, despite expectations, the security of IoT using the blockchain has not yet managed to gain noticeable popularity.
One of the companies offering to use blockchain for protection against DDoS attacks was Gladius startup. The system they developed was designed to decentralize bandwidth to mitigate attacks. It was supposed to create security pools based on the unused bandwidth of network participants, managed using a distributed registry.
Gladius.io now contains an apology stub. This means that the technology for some reason turned out to be unclaimed, or did not demonstrate the necessary effectiveness.
Blockchain has qualities that allow it to be used for cyber defense. However, today the technology does not have a sufficient degree of maturity to move from the category of fashionable novelties to the mainstream.
The blockchain provides excellent information integrity, but does not provide significant advantages in the field of confidentiality and accessibility compared to other technologies.
In addition, the implementation of a distributed registry requires solving issues related to the organization of mining to certify transactions, as well as the development of standards, APIs and frameworks for manufacturers of IoT devices.
Do not forget that, like any technology, the blockchain may contain implementation errors, the operation of which may lead to loss of control over the data entered into the registry.
Based on the foregoing, it can be stated that the blockchain is not a panacea for cyber attacks, and therefore traditional means of protection are still an indispensable component of the information security infrastructure.