How blockchain is revolutionizing IT security

Blockchains can help protect information by ensuring the integrity and authenticity of data and files throughout their lifecycle.

Popularized from 2008 with the advent of crypto-currencies (and bitcoin in particular), blockchain technology, better known as blockchain, has been carved out to orchestrate and make virtual transactions more reliable. It revolves around a sort of computerized account ledger distributed through a network. Due to its decentralized nature, a blockchain makes it possible to ensure the integrity and history of transactions. “Each user can verify that an exchange has not been tampered with by comparing their copy of the chain with that of the others,” recalls Pierre d’Huy, IT security consultant at ESN Devoteam.

Besides the cryptocurrencies, blockchain systems are now increasingly called upon to secure other types of virtual assets. “The cases of application are very varied. The Luxembourg Stock Exchange, for example, uses a blockchain to electronically sign the financial documents it publishes. In a completely different area, the cadastre Honduran government uses this technique to time-stamp its modifications, with the aim of avoiding wild real estate projects and ultimately corruption,” says Pierre d’Huy. “In the education sector, there are also projects based on blockchains to ensure the traceability of diplomas and guarantee their authenticity to recruiters.”

Uberizing trusted third parties

More generally, any dematerialized document or any data passing through an information system could benefit from a blockchain to be certified and traced. The objective being, in the end, to provide the content with a certificate capable of protecting it against any unauthorized modification, throughout its life cycle. It is with this in mind that the software publisher Acronis has recently integrated the ethereum blockchain to three of its flagship applications (Acronis Storage, Acronis Backup and Acronis Files Cloud). The American thus intends to uberize trusted third parties. “Certifying the authenticity of a document through a trusted third party costs between 1 and 10 dollars depending on the volume of files concerned. With a blockchain, this costs less than one cent”, calculates Laurent Dedenis, chief growth officer (CGO) of Acronis. “Specifically, we estimated this cost at 0.40 euros per ethereum transaction containing approximately 5,000 certified documents. Knowing that this envelope will continue to drop rapidly.”

Acronis therefore identifies several scenarios for the use of the blockchain in the security of information systems. “In the age of the digital economy, data is required to transit more and more from one company to another: from a customer to a supplier, between partners… With the advent of virtualization and containers, they will at the same time be able to easily switch from one cloud to another. Traceability needs are therefore exploding. Blockchain provides a real solution to these problems, both inexpensive and reliable”, insists Laurent Dedenis. “The blockchain can in particular make it possible to certify that the events recorded in a system have not been corrupted, typically with a view to an audit. Or even to fight against fraud, in the health insurance sector for example, by giving players the ability to share datasets – to ensure that a refund has not been made twice.”

“As soon as it is legally recognized, the blockchain will be able to replace notaries”

There remains a limit: data certified by means of a blockchain are, for the time being, not enforceable in court, as blockchain technologies are not legally recognized (by any country) as a means of electronic signing. . “As soon as this step is taken, the blockchain will be able to replace notaries. This will signal the time for large-scale adoption”, predicts Laurent Dedenis.

To respond to this legal void, Docapost, a digital services subsidiary of La Poste, has taken up the problem in the opposite direction. It offers a solution approved by the Interministerial Service of the Archives of France to certify all the documents attached to transactions carried out via blockchains. “Baptized Blockchain Archiving, our offer allows any file associated with such transactions, contractual or other documents, to acquire legal and probative value. What the blockchain cannot provide at the moment”, summarizes Olivier Senot, director of development new paperless services from Docapost.

A bulwark against piracy?

Regarding the contributions of the blockchain in terms of computer security, another area is often mentioned: the IoT. Faced with the multiplication of hacks of connected objects (often with the aim of using them as a relay to orchestrate attacks against websites), the blockchain is put forward by some as a miracle solution. It could make it possible to provide objects with certificates to communicate with each other without going through a central platform, thus limiting the risk of intrusion. “It is with this in mind that IBM has introduced the blockchain dimension to its Watson IoT offer”, illustrates Pierre d’Huy. “However, it should be noted that storing a chain requires computing capacity, and creating a block on a public blockchain also involves computational resources that are often greater than those of most IoT terminals. It is hard to imagine this type of application for a fleet of thousands of connected lamps, for example. On the other hand, it seems realistic to use it to secure devices with more machine resources, such as network equipment such as routers or switches.”

A lever to limit so-called “man in the middle” or “spoofing” attacks

Blockchain could also meet other IT security challenges. “Its decentralized, anonymous, peer to peer and encrypted could allow it to limit the cases of so-called “man in the middle” attacks (hacking a stream between several servers, editor’s note) or “spoofing” (identity theft, editor’s note)“, considers Sébastien Gest at Vade Secure, a French specialist in email security. The tech evangelist mentions in particular two projects using blockchains to encrypt exchanges between messaging: Cryptamail and Switch. It remains to be seen whether these solutions have a future.”Mail encryption tools, such as PGP, have been around for a long time, but are very little used”, recalls Sébastien Gest.As for antivirus or antimalware publishers, they have not yet found what the blockchain can bring to their products.” Today, no blockchain application allows to evolve in the detection of attacks of malware, ransomware, phishingspear-phishing”, notes Sébastien Gest.

Be careful, the blockchain also has its weaknesses. A blockchain can indeed be broken if a sufficiently large number of machines associated with its network have been compromised. This is what happened in June 2016 to The DAO collective, a “decentralized autonomous organization” implementing the Ethereum blockchain. The attack resulted in the misappropriation of 3 million ETH, the equivalent of $50 million at the time. “A more robust evolution of ethereum was launched in the process. This episode had the merit of showing that the blockchain, like any technology, is not inviolable”, insists Pierre d’Huy.

We would love to thank the author of this short article for this remarkable material

How blockchain is revolutionizing IT security

You can view our social media profiles here and other pages on related topics here.