KuppingerCole Report
Advisory Note
By Ivan Niccolai

Blockchains and Cybersecurity: Augmenting Trust with Algorithms

From trusted third parties to algorithmic consensus: new cybersecurity opportunities and challenges with blockchains. Blockchains can provide distributed and decentralised improvements to the merely distributed critical systems the internet depends on today, but we cannot yet completely replace trusted third parties and human judgement with algorithms.
By Ivan Niccolai
in@kuppingercole.com

1 Management Summary

Cybersecurity today relies overwhelmingly on centralised systems and trusted third parties. These systems are essential for answering the fundamental ...

Login Free 30-day Select Access Get full Access

2 Highlights

Yet the risks and limitations of centralised systems are well-known and broadly fall under the following categories:

  • They become single points of ...
Login Free 30-day Select Access Get full Access

3 Blockchains and Cybersecurity

The arrival of a decentralized, distributed, tamper-evident, linear, append-only log1 – referred to in this paper simply as “blockchains” – ...

Login Free 30-day Select Access Get full Access

4 Centralised Trusted Systems (Single Points of Failure) Challenges

Centralised, trusted parties have their place in technology and society: barristers, government departments, escrow services (digital or not). Yet unl ...

Login Free 30-day Select Access Get full Access

4.1 Blockchains as Platform and Protocol

Having provided a brief summary of the issues with DNS and CAs, it is useful to return to the network protocols and standards that make the internet p ...

Login Free 30-day Select Access Get full Access

4.2 From Trust Delegation to Algorithmic Consensus

The current systems for ensuring the confidentiality, integrity and availability of information operate much like the principal underlying authenticat ...

Login Free 30-day Select Access Get full Access

4.3 Decentralisation vs Distributed Systems

Tamper-resistant and/or tamper-evident systems exist, often relying on similar proven cryptographic standards in use in blockchain technology such as ...

Login Free 30-day Select Access Get full Access

4.4 Reputation Systems, Identity and Society

Given the obvious benefits of systems without single points of failure, the immediate question arises as to why centralised and trusted systems are ev ...

Login Free 30-day Select Access Get full Access

5 Key Blockchain Cybersecurity Features

The benefits of blockchains are in many cases immature and still emergent except for some notable examples. There is still a lack of clarity around bl ...

To return again to the network protocols and standards analogy, today there exists a number of broadly accepted and well defined standards, yet each v ...

Login Free 30-day Select Access Get full Access

5.1 Examining Blockchains as a Platform and Protocol

While a broad definition of what is meant by blockchains exists, and has been discussed in a previous KuppingerCole research paper7 , to examine cyb ...

The rationale for this research approach is precisely due to the early maturity stage of blockchains, and the tendency for marketing-inflated hype to ...

Login Free 30-day Select Access Get full Access

5.1.1 Decentralised and Distributed

A blockchain is both decentralised and distributed, this is the key feature of a blockchain, there must be no single point of failure, no single point ...

Login Free 30-day Select Access Get full Access

5.1.2 Algorithmic Consensus

Given the absence of privileged points of control, consensus on what has occurred in the system and what is therefore accepted into blockchains’ log ...

Login Free 30-day Select Access Get full Access

5.1.3 Time-Stamping and Chronological Certainty

While it is trivially easy to falsify creation dates when generating PGP keys, blockchains’ log of sequentially-chained, append-only node transactio ...

Login Free 30-day Select Access Get full Access

5.1.4 Tamper-Evident: Permanence, Immortality and Immutability

Lacking single points of failure and control, and the use of a mathematical consensus algorithm, blockchains’ distributed database is append-only. E ...

Login Free 30-day Select Access Get full Access

5.1.5 Privacy, Secrecy and Transparency

The consensus algorithm is also key to allowing independent verification and auditability. Due to this, operations between nodes are visible to all ot ...

Login Free 30-day Select Access Get full Access

5.1.6 Provenance and Authenticity

Although when dealing with human identity, the identity dilemma remains, the nodes on a blockchain each must generate a unique cryptographic key pair ...

Login Free 30-day Select Access Get full Access

5.2 Erroneous Blockchain Comparisons

While the successive sub-sections will deal with unique blockchain features, there are also some comparisons which are unhelpful for the purpose of un ...

Login Free 30-day Select Access Get full Access

6 Potential Blockchain Cybersecurity Applications

What are some potential use cases of blockchains in cybersecurity, and what blockchain characteristics in particular do these use cases leverage? Immu ...

Having identified in the previous section the key features of blockchain technology, it is now possible to examine possible blockchain applications ho ...

Login Free 30-day Select Access Get full Access

6.1 Domain Name System

The security issues with DNS have been discussed at length in section 2. A blockchain-powered, distributed DNS could provide significant benefits by p ...

Login Free 30-day Select Access Get full Access

6.2 Public Key Infrastructure

Another key vulnerability outlined previously is the internet’s PKI infrastructure. Like DNS, gaining access to the root CA’s private key grants a ...

Login Free 30-day Select Access Get full Access

6.3 Identification and Authentication

Identification is the act of finding out whether someone (or something) is really the person (or thing) he (it) claims to be. Authentication, in contr ...

Login Free 30-day Select Access Get full Access

6.3.1 User Identity Management

People might be identified by their DNA or fingerprints – which works as long as you know that the DNA or fingerprint belongs to someone. But even t ...

Login Free 30-day Select Access Get full Access

6.3.2 Identity of the Internet of Things (IDoT)

Existing tamper-resistant hardware identification technologies are already very mature. While trusted computing platforms (TPM) exist today, tradition ...

Login Free 30-day Select Access Get full Access

6.4 Privilege and Configuration Management

Hardware assets such as computers, network equipment down to the smallest embedded devices from sensors to smartcard readers do not encounter the same ...

Login Free 30-day Select Access Get full Access

6.5 Real-Time Security Intelligence

Thanks to the use of blockchains in privilege and configuration management, blockchains can become a key component for enabling Real Time Security Int ...

Login Free 30-day Select Access Get full Access

6.6 Auditing and Forensics

Just as devices can be protected from unauthorised tampering, the audit and log data of critical systems can be signed using blockchains’ time-stamp ...

Login Free 30-day Select Access Get full Access

6.6.1 Internal Auditing

Internal auditing of critical information systems would greatly benefit from blockchains’ tamper-evident properties. Even public blockchains could b ...

Login Free 30-day Select Access Get full Access

6.6.2 Cross-organisational Auditing

Auditing requirements which mandate the use of external auditors, or the need to provide demostrable information integrity assurances to an external p ...

Login Free 30-day Select Access Get full Access

7 Blockchain Cybersecurity Challenges

While blockchains offers undeniable opportunities for improving current cybersecurity challenges, no new technology is without its own set of challeng ...

Login Free 30-day Select Access Get full Access

7.1 Identity and Trust

Although blockchain-powered DNS or PKI solutions solve the single point of failure risk of the current centralised approach and thereby greatly reduce ...

Login Free 30-day Select Access Get full Access

7.2 Access Control

Largely due to these concerns over identification, there has been much interest in access-restricted blockchains, often referred to as private or perm ...

Login Free 30-day Select Access Get full Access

7.3 Data Structures and Privacy

Powering blockchains’ tamper-evident log are chained hashes known as Merkle trees10 , this very mature algorithm was invented in 1979 and is not uni ...

Login Free 30-day Select Access Get full Access

7.4 Incentives

The democratic nature of algorithmic consensus-based, decentralised systems is not without its own set of unique cybersecurity challenges. All partici ...

Login Free 30-day Select Access Get full Access

7.5 Performance and Consensus

The main blockchain security challenges surround the correct selection of proof-of-work consensus algorithms. Merkle trees are widely used because of ...

Login Free 30-day Select Access Get full Access

7.6 Unique Risks of Decentralised and Distributed Systems

If single trusted nodes can no longer be trusted, it must be ensured that, in the case of private blockchains, there is a large enough number of geogr ...

Login Free 30-day Select Access Get full Access

8 Conclusions and Recommendations

Just like with any other technology platform, blockchains is not a one-size-fits-all replacement of all existing centralised systems. To compare block ...

Login Free 30-day Select Access Get full Access

9 Acronyms

Acronym Term
APT Advanced Persistent Threat
B2B Business to Business
C2C Customer to Customer
CA Certifica ...
Login Free 30-day Select Access Get full Access

Copyright

©2020 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded back in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top