Blockchain could represent the 'next frontier' in cybersecurity as early as 2025, although newcomers should be aware that there are currently significant risks associated with the technology, according to KPN CISO, Jaya Baloo.
Speaking at Infosecurity Europe today, Baloo argued that the distributed ledger tech is already being used by major technology providers like IBM, where it’s being touted as a great way to build trust between parties and devices in the IoT world, and to reduce the risk of collusion and tampering.
There are many other possible use cases offered up by blockchain, thanks to its ability to act almost like a business network, enabling the secure exchange of items in a highly transparent manner, simplifying business processes.
Some of these revolve around the idea of Smart Contracts, which could enable the sale of houses without the need for any intermediaries—cutting out excessive cost, time and bureaucracy, she argued.
Others include identity and authentication; risk management; accounting; and even corporate governance.
However, significant concerns persist, not least the degree to which blockchain software and hardware was designed with information security in mind, she argued.
Other concerns include so-called “double spend attacks”, where a set number of cryptocurrency coins are spent in more than one transaction; Sybil attacks, where hackers try to ensure targets connect to their nodes by flooding the network with their own clients; flaws in crypto implementation; wallets which inadvertently compromise keys; and even crypto-currency Ponzi schemes.
Many of these concerns can be allayed by “correct implementation and monitoring” of the platform in question: for example, Bitcoin monitors for double spending, she explained. However, security challenges persist, as illustrated by continued headline-grabbing incidents.
These include the cautionary tale of Mt. Gox, the world’s largest Bitcoin exchange at the time, which filed for bankruptcy several years ago after alleging hackers stole around $450m worth of the cryptocurrency.
Hackers are also looking to socially engineer targets into exposing their all-important private keys.
“There’s no recourse for people who lose their private keys … if you lose your key it’s gone,” Baloo warned. “Also, stolen Bitcoins are nearly impossible to recover.”
Hundreds of millions of dollars’ worth of Bitcoin have been lost or stolen over the years, and the industry clearly needs to get better at stemming this tide, she argued.
Even over the past few days, stories have emerged which indicate there’s still plenty of work to be done before blockchain enters the mainstream.
Coinbase has been alerting customers to use Google Authenticator for 2FA after reports of “phone porting” attacks designed to compromise user accounts, and the SEC has won a legal battle against two Bitcoin mining companies accused of operating Ponzi schemes to defraud investors.