by Jamie Holmes
Everyone should have concerns about cybersecurity as there are many fronts in this battle. Hackers are increasingly targeting not just people’s credit card details but also other personal details and critical infrastructure more often than you would think. The worst fear is that terrorists could take out a nuclear plant, causing a disaster like Fukishima. Corporations also target people’s data in order to improve sales and expand their customer base. Mass surveillance means that someone might always be listening. Demand for services that ensure cybersecurity will grow rapidly in the years to come and blockchain technology is making multiple advances in addressing these concerns.
Guardtime has recently announced its intention to use its own blockchain to secure the UK’s energy infrastructure, including nuclear power plants and electricity distribution grids, as well as national flood defences, in partnership with Future Cities Catapult. CEO of Guardtime, Mike Gault, decided to base some of his operation out of Estonia, capitalizing on the talented pool of cryptographers. The key problem he was able to solve was how to protect the integrity of data without keeping secrets to verify whether such data is correct.
The blockchain used by Guardtime, although inspired by Bitcoin, differs from virtual currency blockchains; it is based on Keyless Signature Infrastructure (KSI), which improves on the scalability and settlement time. This system relies on the integrity of the hash function to ensure integrity of data, allowing it to identify three attributes of data: first, proof of time, i.e. when the asset was actually registered on the Blockchain; second, identity, referring to where the asset was first recorded; and third, authenticity, referring to whether or not the data has been tampered with.
The integrity of data the in system, not the confidentiality of data, was attacked at Iran’s Natanz nuclear facility by Stuxnet, a malicious computer program, back in 2013. By using KSI digital signatures, Guardtime’s blockchain monitors the integrity of digital assets and detects unauthorized changes in software and configurations. Also, by providing a complete chain of the history of the data that is generated and transmitted, a breach can be acted upon in real-time. This is how the technology will prevent attacks such as Stuxnet from hitting critical civilian infrastructure networks in the UK.
The technology which Guardtime is employing is already used to secure Estonian IT systems and can be independently verified without having to trust the administrators of the system. Estonia now registers marriages, health records and other sensitive information on a blockchain. Guardtime’s KSI Blockchain is best suited to cybersecurity, telecommunications and data management where its industrial capacity sets it apart from other blockchain providers. A move away from public key cryptography means that it is secure against potential threats in the future, such as quantum computing, as hash functions are immune. Also, their offering comes at a time when the nuclear power industry has come under scrutiny with regards to cybersecurity.
Another venture is taking a similar approach, aiming to solve the biggest problem in telecommunications; trusting third-parties with sensitive data. BitMessage is an open-source project that has revamped Bitcoin’s block-and-transfer system to decentralize and automate encrypted communication. The novel feature is transactional mixing, making it extremely difficult to eavesdrop even if the encrypted data has been captured. Once the project has been brought out of alpha testing, we could see it replace email and other forms of instant messaging. The software is only available on desktops at present but could soon expand to mobiles and other portable devices.
Enigma is also based on the Bitcoin’s blockchain and was developed by the MIT to create a marketplace where users can sell the rights to encrypted data without providing access to the underlying data itself. This project is set to bring ‘perfect secrecy’ to the blockchain by breaking data into pieces and mathematically guaranteeing that each of these pieces is masked, random and completely secure.
Enigma has already caught the attention of banks, who want to be able to store, analyse and share data without it being revealed to other parties. Their white paper gives an illuminating example of how it can be used to reduce costs and offer a new income stream for customers. A pharmaceutical company looking for patients in clinical trials would be able to scan genomic databases for candidates. With guaranteed privacy and autonomous control, more consumers will feel comfortable selling their data. This will allow greater data-sharing between companies and lead to more value being created by businesses. However, Enigma needs to reach critical mass before the network can start working securely. To help expand the network and gain users, every time someone requests a computation from the Enigma network, they pay a bitcoin fee. The largest fraction of this fee goes to the nodes in the Enigma network as a reward for storing and processing the user’s encrypted data.
BitMessage directly addresses concerns held by many about the overarching power of corporations and governments to snoop on private data. Projects such as Enigma will allow consumers to capitalize on the explosion of ‘Big Data’ and put more control into what personal data corporations can and cannot access. Finally, the KSI Blockchain illustrates how a blockchain can be made resistant to decryption through quantum computing and how to achieve scalability for industrial use. In short, Bitcoin has inspired, and will continue to inspire, some exciting applications that will revolutionize cybersecurity.