Insights & White Papers

Blockchain Applications in Cybersecurity

By Armond Caglar

Business Threat Intelligence

There are numerous applications for blockchain in cyberspace – all of them capitalizing on the fundamental security provided by decentralization and data immutability.

The promise of data immutability and decentralization

Media buzz continues about blockchain and the many ways it will transform key processes of everyday life. Aside from serving as the payment rail for cryptocurrency transactions, we are promised that this distributed ledger can be applied across sectors – from helping the entertainment industry defend against piracy to upending the $15 billion revenue per year title insurance industry. There is little question that blockchain will become ubiquitous, with its valuable core features of data immutability and decentralization.

Whether at conferences or at client sites, we routinely receive questions about blockchain and how the technology can be applied in the cybersecurity space. One way to look at this is from the decentralization perspective, eliminating both centralized control and centralized risk. Blockchain tackles a basic cybersecurity vulnerability by removing the centralized weak point – the human – from the equation. In this way, blockchain and its distributed ledger provide point-to-point data confidentiality and encryption while still ensuring convenience for users. Aside from encryption and authentication, there are many interesting use cases for blockchain in the cybersecurity realm. This article focuses on two of these: a safer domain name system; and ‘Internet of things’ security.

A safer domain name system

The infamous Mirai botnet attack of 2016 successfully exploited the vulnerability of the Internet through an attack on the highly-centralized domain name system (DNS). Claimed by hacking group Anonymous, a DDoS attack on DNS provider Dyn was leveraged, leaving large swaths of the Internet unavailable to users, including the websites of Twitter, Netflix, CNN, PayPal, Visa, and dozens of others.

How can blockchain promote a more secure Internet while also reducing the likelihood of similar large-scale attacks against DNS in the future? The answer is simple: if immutable domain record information is stored on a ledger that is heavily distributed, threat actors will theoretically find it more challenging to identify and exploit single vulnerability points that could result in centralized attacks.

Greater security for the ‘Internet of things’

One mantra we often hear is that opportunistic threat actors always seek the path of least resistance. Our Cybeta team, with their years of experience serving in the special services, can certainly attest to that. The proliferating devices that make up the Internet of things (IoT) – with their insecure web interfaces and insufficient authentication and authorization mechanisms – can serve as an attractive entry point for actors seeking to establish an initial foothold onto remote networks and systems. Some studies suggest that by 2030, there will be over 100 billion installed IoT devices throughout the world, a vast threat surface for individuals and businesses alike. And as powerful tools such as Shodan – the first search engine for Internet-connected devices – demonstrate, it is no longer hypothetical that unauthorized access can be achieved by exploiting IoT through IP-addressable doorbells, thermostats, and cameras. But how can blockchain reduce this extended threat surface?

Using blockchain, real-time security decisions can be made that obviate the need for a central authority on matters relating to IoT. To protect against attacks, some experts have suggested using blockchain to help devices form group consensus and lock down any node that exhibits suspicious behavior. On the issue of data security, since most IoT devices currently depend on a centralized architecture, where data collected by devices is sent to the cloud for processing and analytics before being sent back to the device. Here, the possibility of a single point of failure impacting an entire network also presents very real risk. This is exacerbated by the reality that many billions more devices are expected to come online in the coming decade, exposing scalability limitations and the infeasibility constantly validating every data transaction made by every device. With the sheer number of devices involved, this reliance on centralized authority would therefore render these systems extremely costly and slow – allowing blockchain to play a prominent role.

There are numerous applications for blockchain in cyberspace – all of them capitalizing on the fundamental security provided by decentralization and data immutability. We’re excited to work with our clients to help prepare for this future.

About Liberty Advisor Group

Liberty Advisor Group is a goal-oriented, client-focused and results-driven consulting firm. We are a lean, hand-picked team of strategists, technologists and entrepreneurs – battle-tested experts with a steadfast, start-up attitude. A team with an average experience of 15+ years, that has delivered over $1 billion in operating income improvement and over 300 M&A deals for our clients. Liberty has a proven track record in Business and Technology Strategy, Transformation and Assurance, Data Analytics, Business Threat Intelligence, and Mergers and Acquisitions. We collaborate, integrate and ideate in real-time with our clients to deliver situation-specific solutions that work.

This year, Liberty has been named to the 2019 Best Places to Work in Chicago and to FORTUNE’s list of Best Workplaces in Consulting and Professional Services.

By Armond Caglar