Blockchain – The Last Line of Defense to Data Security
By Ambab Infotech
Data breaches in today’s time has become very common. With ever emerging technologies, we expect things to happen on the go, with a swipe of a finger. But surely enough, there is a price to pay for this. As it is often said, convenience always trumps privacy, and there’s no way around that fact. Or is there?
The recent breaches like Cambridge Analytica, Equifax, and recently the State Bank of India have exposed the massive threat of data being misused when managed centrally, and by large organizations.
If you have read about these breaches, you might have also heard about blockchain as the cure for every breach. Blockchain technology is often regarded as the golden bullet (or technology) for every data security issues. The question is how can such an infant technology solve such a steep problem. Let us dive a little deeper to debunk some myths and understand some important concepts.
We can categorize the types of breaches into 3 broad categories
- Data breach when hackers attack the central servers and retrieve all the data
- Data Tampering by external or internal elements
- Private or confidential data leak in illegitimate ways
1. Data Breach due to Attack on Central Server
In a traditional client server architecture, all the data is stored at a central server. Organizations like banks and government, often invest a lot of money just to safeguard these central servers. This was the case in the organizations like State Bank of India and Equifax. All the crucial client data is located in a centralized server. This makes the servers a valuable target for the hackers.
These organizations spend millions of dollars to safeguard these servers and claim to have the best possible encryption and firewall around it. But the inherent problem is the centralization in such cases. Even if the data is encrypted, the keys are always within the reach of the server hosting the data. The sheer size of these organization is also a motivation for the hackers to crack any type of firewall protecting the servers.
In addition to the best encryption and firewall practices, there also needs to be a secured process to access the servers and managing it. Even a small deference from these processes can have a very high cost, as seen in the State Bank of India case.
To sum this up, we have the following causes for such an attack:
- Central Ownership
- Dependence on Process Adherence
- Higher gain to cost ratio
How can Blockchain Solve these problems?
Blockchain technology at its core is a distributed technology. The data is stored across hundreds or possibly thousands of computers across the globe. The data is kept in sync by a methodology called consensus. The data on each node is encrypted by the user’s key. This makes it almost impossible to decrypt the data as each user’s data is encrypted using a different key which can be decrypted only after the user plugs in the key.
As the data resides on many computers across the globe, there is enough redundancy in case any of the server goes down, or is hacked. It is almost impossible to hack all the servers at the same time, hence safeguarding against attacks like ransomware.
This also reduces the cost of ownership of the organization as the security and storage of data can be crowd sourced or owned by multiple organizations. The data syncing across all the nodes is automated using well defined protocols, hence removing any need for manual interventions.
2. Data Tampering by External or Internal Elements
As we discussed earlier, the security of the system depends highly on the processes followed by the people managing/administering it. Even after making the perfect centralized system, with the best of firewalls and technology to safeguard from external attacks, the systems have always been prone to insider attacks. What this means is that the data can be tampered by the people having the access to the data. This is very difficult to rule out in the traditional software.
Here we compromise the following
- Confidentiality of the data
- Integrity of the data
How can Blockchain Solve these problems?
As discussed before, blockchain copies data across multiple nodes. Blockchain uses a methodology called consensus to ensure that the data on each node is always up to date and have the same copy of the data. Depending on the consensus methodology used, the attacker can tamper the data only if it owns one third to half of all the nodes in the network. This makes it next to impossible to tamper the data, hence taking care of the integrity of the data.
User’s private data is encrypted using user’s private key, hence making it computationally impossible to decrypt the data without the key. This protects the confidentiality of the data.
3. Private or confidential data leak in illegitimate ways
The most infamous user privacy breach in recent times is the Cambridge Analytica – Facebook case. Aleksandr Krogan had created an application called “This is Your Digital Life”. This app was created for academic purposes and hence Facebook allowed the app to access users’ data. Aleksandr Krogan, then sold this application to Cambridge Analytica, which gained access to all the users of the application and due to Facebook’s design, also gained access to all the accounts connected to them. It was estimated that Cambridge Analytica had access to 50 million Facebook users. Cambridge Analytica used this data to help President Trump’s campaign.
You must be wondering this is a legal issue and how can it be solved a technology like Blockchain. In a decentralized blockchain model, personal data usage, storage and dissemination rights would at all times reside with the person who the data belongs to, making the creator and the possessor of data the only true owner which can be achieved with the help of digital signatures. It will also help create transparency (optional when data is sensitive or confidential) and accurate audit trail regarding data transfer and tracking respectively.
At present in this heavily centralized economy, the central authorities and companies are selling our data without our permission to advertisers. With a decentralized blockchain, we would have greater control over which parties can be involved in the data management and protection/usage, which include consumers, social media giants, retail companies, Internet companies, the federal government and any other regulatory authorities.
Future of Blockchain
Blockchain is the culmination of decades of research and breakthroughs in cryptography and security, and it offers a totally different approach to storing information and performing functions, which makes it especially suitable for environments with high security requirements and mutually unknown actors. Blockchain has eliminated the need for trusted parties to verify the integrity of data.
We can safely establish that blockchain has the potential to provide the data owner the kind of security that would become impossible to breach except by human error (i.e., revealing your private key/password). It can set a new precedent in data security and blockchain would be ubiquitous.