TDWI Articles

Security Implications of Blockchain

Because there are many ways in which blockchain can be implemented, it is important to evaluate the security of individual uses.

Blockchain provides a secure, distributed ledger system that can deliver an unalterable record of transactions. It comes in different flavors with different capabilities, but its core value proposition is making a series of transactions secure. This may be through incorporating the data in the chain itself or linking to it on a database or sidechain. The transaction is recorded and fixed; any addition to the data has to be verified, and previous transactions cannot be altered or removed.

For Further Reading:

Blockchain and Your Data

Cybercrime and Cybersecurity: The Best Defense is in the Cloud

2017: Five Data Predictions for the New Year

Security is at the heart of this technology through public and private key encryption linked to the transaction ledger. This provides a robust solution to security problems, but it comes at a cost; there are potential performance issues, validation problems, and other issues that can be expensive in money or resources. Therefore, blockchain is only suited for specific types of use cases.

One of the objectives of blockchain is to provide a system in which transactions can be validated and sequences maintained without the intermediation of a central authority. Disintermediation can make securing transactions more efficient and allow widely distributed data storage to maintain a single version of the truth. The specific characteristics are, however, highly dependent on the implementation.

Security and Blockchain

Blockchain provides the following security capabilities:

  • Unalterable Data. The chain itself is mirrored. Each block is digitally linked to a hash of the previous block, so neither data nor sequence can be altered.
  • Single Version of the Truth. Blockchains exist in distributed copies which are updated with each transaction through a variety of mechanisms that prevent "double spending" errors.
  • Auditable. Because transaction records can be neither altered nor removed, all transactions remain available and accessible to anyone having the credentials to view them. This greatly eases the audit burden and reduces the need for central intervention.
  • Complete Provenance. All transactions and transaction details are recorded and cannot be changed, making it possible to track all actions taken on any connected asset.
  • Instant Distributed Transactions. Blockchains are distributed and mirrored. Out-of-sequence transactions are avoided through protocols. There is no need for centralization, and transactions can be verified across all copies.
  • Security by Encryption. Records are secured by encryption and by hashing, making it more difficult to read the chain without permission and impossible to make changes.

Security Use Cases

Blockchain can provide transaction security across a variety of use cases.

  • Currencies and Finance. Blockchain is the basis for bitcoin and is a natural choice for transmission of value tokens. This makes it useful as a currency exchange mechanism and for other financial applications.
  • Public and Government Records. Blockchain can be used to secure public records and data such as medical information in a way that records can be shared with appropriate permission while protecting individual privacy.
  • Smart Contracts. Smart contracts are contracts that are enforceable without human intervention; they are programs that execute when stipulated conditions have been met. Such contracts could provide secure, efficient, and fair contract fulfillment.
  • The Internet of Things. IoT has some natural affinities with blockchain, such as creation of a streamed sequence of small transactions. Securing these transactions in a way that they cannot be altered and can be made readable to selective users provides numerous potential benefits as devices proliferate and security concerns mount.

Varieties in Use

Blockchains can be created in several varieties with different needs and consequences. These include public and private chains, different forms of transaction validation, and different types of data, such as currencies, contracts, logs, and ledgers. There is considerable freedom in what might be considered a blockchain approach. Experimentation is fostered by a variety of implementation methods -- most of which are "pluggable" to change components as necessary.

Current systems used in business include Hyperledger, an IBM-backed open source blockchain platform project; Ethereum, a flexible open source blockchain platform designed for business; and many niche products, including BigchainDB, Corda, Credits, Monax, Multichain, Openchain, and Quorum. There are also a growing number of blockchain-as-a-service offerings available from major providers, including IBM and Microsoft.

Blockchain offers a highly secure platform suitable for a growing body of uses. The underlying concepts and technologies are relatively common, however, and do not in themselves constitute a new technology, so the concept is subject to fragmentation. Because there are many ways in which blockchain can be implemented, it is important to evaluate the security of individual uses.

About the Author

Brian J. Dooley is an author, analyst, and journalist with more than 30 years' experience in analyzing and writing about trends in IT. He has written six books, numerous user manuals, hundreds of reports, and more than 1,000 magazine features. You can contact the author at bjdooley.query@yahoo.com.

TDWI Membership

Accelerate Your Projects,
and Your Career

TDWI Members have access to exclusive research reports, publications, communities and training.

Individual, Student, and Team memberships available.