Security Implications of Blockchain
Because there are many ways in which blockchain can be implemented, it is important to evaluate the security of individual uses.
- By Brian J. Dooley
- June 8, 2017
Blockchain provides a secure, distributed ledger system that can deliver an unalterable record of transactions. It comes in different flavors with different capabilities, but its core value
proposition is making a series of transactions secure. This may be through incorporating the data in the chain itself or linking to it on a database or sidechain. The transaction is recorded and
fixed; any addition to the data has to be verified, and previous transactions cannot be altered or removed.
Security is at the heart of this technology through public and private key encryption linked to the transaction ledger. This provides a robust solution to security problems, but it comes at a
cost; there are potential performance issues, validation problems, and other issues that can be expensive in money or resources. Therefore, blockchain is only suited for specific types of use cases.
One of the objectives of blockchain is to provide a system in which transactions can be validated and sequences maintained without the intermediation of a central authority. Disintermediation can
make securing transactions more efficient and allow widely distributed data storage to maintain a single version of the truth. The specific characteristics are, however, highly dependent on the
implementation.
Security and Blockchain
Blockchain provides the following security capabilities:
- Unalterable Data. The chain itself is mirrored. Each block is digitally linked to a hash of the previous block, so neither data nor sequence can be altered.
- Single Version of the Truth. Blockchains exist in distributed copies which are updated with each transaction through a variety of mechanisms that prevent "double spending"
errors.
- Auditable. Because transaction records can be neither altered nor removed, all transactions remain available and accessible to anyone having the credentials to view them.
This greatly eases the audit burden and reduces the need for central intervention.
- Complete Provenance. All transactions and transaction details are recorded and cannot be changed, making it possible to track all actions taken on any connected asset.
- Instant Distributed Transactions. Blockchains are distributed and mirrored. Out-of-sequence transactions are avoided through protocols. There is no need for centralization,
and transactions can be verified across all copies.
- Security by Encryption. Records are secured by encryption and by hashing, making it more difficult to read the chain without permission and impossible to make changes.
Security Use Cases
Blockchain can provide transaction security across a variety of use cases.
- Currencies and Finance. Blockchain is the basis for bitcoin and is a natural choice for transmission of value tokens. This makes it useful as a currency exchange mechanism
and for other financial applications.
- Public and Government Records. Blockchain can be used to secure public records and data such as medical information in a way that records can be shared with appropriate
permission while protecting individual privacy.
- Smart Contracts. Smart contracts are contracts that are enforceable without human intervention; they are programs that execute when stipulated conditions have been met. Such
contracts could provide secure, efficient, and fair contract fulfillment.
- The Internet of Things. IoT has some natural affinities with blockchain, such as creation of a streamed sequence of small transactions. Securing these transactions in a way
that they cannot be altered and can be made readable to selective users provides numerous potential benefits as devices proliferate and security concerns mount.
Varieties in Use
Blockchains can be created in several varieties with different needs and consequences. These include public and private chains, different forms of transaction validation, and different types of
data, such as currencies, contracts, logs, and ledgers. There is considerable freedom in what might be considered a blockchain approach. Experimentation is fostered by a variety of implementation
methods -- most of which are "pluggable" to change components as necessary.
Current systems used in business include Hyperledger, an IBM-backed open source blockchain platform project; Ethereum, a flexible open source blockchain platform designed for business; and many
niche products, including BigchainDB, Corda, Credits, Monax, Multichain, Openchain, and Quorum. There are also a growing number of blockchain-as-a-service offerings available from major providers,
including IBM and Microsoft.
Blockchain offers a highly secure platform suitable for a growing body of uses. The underlying concepts and technologies are relatively common, however, and do not in themselves constitute a new
technology, so the concept is subject to fragmentation. Because there are many ways in which blockchain can be implemented, it is important to evaluate the security of individual uses.
About the Author
Brian J. Dooley is an author, analyst, and journalist with more than 30 years' experience in analyzing and writing about trends in IT. He has written six books, numerous user manuals, hundreds of reports, and more than 1,000 magazine features. You can contact the author at bjdooley.query@yahoo.com.