How Can Blockchain Technology Improve Data Security?
Data security has never had a higher profile. Significant growth in cyber crime has seen criminals stealing huge amounts of data from businesses, governments and charities. These hackers are targeting personally identifiable information (PII), financial data and intellectual property that they can use to make a profit.
Additionally, recent ransomware attacks have used loopholes in common operating systems to lock up data and force owners to pay to regain access to their data. The growing threat, combined with the greater focus on compliance, has made data security a key consideration for all businesses.
Blockchain, the technology behind Bitcoin and Ethereum, has the potential to be a key technology in the fight for data security — but what is it? And how does it work? Let’s take a look.
What Is Blockchain?
The blockchain is what is known as a distributed database. A distributed database is a relatively new way of storing information; until recently, databases have been either centralized or decentralized.
Centralized, Decentralized and Distributed Databases — What’s the Difference?
Traditionally, databases are centralized. With a centralized database, there’s just one copy of the data, and that copy is held by one authority. But, if that data is lost, damaged or changed maliciously there’s a problem because there are no other copies to check.
Increasingly, databases have become decentralized, and you see this with information held in the cloud. With a decentralized database, information is held on several different servers. This protects the data from attack because there’s more than one copy.
A distributed database, like Blockchain, is the next step up. In a distributed database there are thousands of copies of the data, each held on a different server (or node). Even if a few servers are attacked or damaged, there is no noticeable effect on the availability or quality of the data.
How Does Blockchain Work?
The blockchain is a time-stamped data record. Information is stored in blocks, which link together in chronological sequence. When a change is made to the data, the user making the change uses his or her encryption key, which creates a digital signature that is included in the block.
Transactions are added when there is consensus. The nodes check the authentication of these changes, and if more than half of them agree that the transaction is valid, it is added to the chain. This happens almost simultaneously across the network.
What this means is that every time a change is made, a time-stamped record of the change is added. Every node has access to this information and can see a complete history of the changes that have been made.
How Can Blockchain Benefit Data Security?
As a distributed database, the blockchain has a couple of key benefits that could aid data security. Let’s take a look at each in turn.
An Unchangeable Data Trail
Data held on the blockchain is considered immutable; it cannot be changed. Once a transaction has been logged it will be held on the chain forever — the ultimate audit trail. Once a change has been made it is almost impossible to change it or erase it, which makes it easy to spot suspicious behavior.
Even if a hacker succeeded in making a change on one node, that change would be rejected by the other nodes. To make the change stick, an attacker would need to change the data on 51 percent or more of the nodes so that there is a consensus. As a typical blockchain is stored on thousands of different nodes, it is not unreasonable to assume that this is impossible.
A centralized database has a single point of failure; if that database is damaged, disrupted or destroyed, the data may not be accessible — perhaps permanently. The distributed nature of the blockchain means that one or many nodes can go offline or be disrupted with no effect.
It would take a very large catastrophe, such as a global internet outage (a scenario that is improbable at best), to truly disrupt the blockchain.
Use Case: Blockchain and Authentication
One possible use of blockchain is for authentication. In this case, a user registers their personal information and password, and these pieces of information are then turned into hashes — fixed-length sets of numbers that are the result of inputting information of any length through a hashing algorithm.
This hash is then stored on the blockchain and validated by the various nodes. When a user requests access, they identify themselves using the information they registered with, and that information is then hashed and checked against the record on the blockchain.
If they get a single piece of information wrong, the resulting hash will be completely different, and the authentication will fail. Because the hashes are stored on the blockchain, they are almost impossible to hack. And the nodes don’t store any of your personal information (only the hash) so that data is safer, too.
This isn't just applicable to online accounts. Startup Civic, for example, is using this approach to provide secure verification of passport information, driver's license data, and more.
- Deloitte.com, "Blockchain & Cyber Security. Let’s Discuss"
- Forbes.com, "How The Blockchain Will Secure Your Online Identity"
- Blockgeeks.com, "What Is Hashing? Under The Hood of Blockchain"