Professional Documents
Culture Documents
History
The most widely recognized applications of blockchain are Bitcoin and Ethereum,
but Ethereum took a different approach and implemented many of the same
characteristics as Bitcoin but added some more features like smart contracts to
create a platform for distributed applications.
A public blockchain is permissionless. Anyone can join the network and read,
write, or participate within the blockchain.
All the private blockchain solutions will have some form of authorization scheme
to identify nodes/blocks. Hyperledger, R3Corda, Ripple, and Quorum are well-
known private blockchains.
What is Hyperledger ??
Hyperledger Fabric
Hyperledger Fabric is an open-source enterprise-grade permissioned distributed
ledger technology (DLT) or a blockchain platform. Hyperledger is basically used
for businesses to set up private and permissioned networks.
Hyperledger is much more complex than any other blockchain stack available
both in terms of creating a smart contract, creating a network, joining the
network, and make it live.
The fabric has a highly modular and configurable architecture. One of the most
important of the platform’s differentiators is its support for pluggable consensus
protocols that enable the platform to be more effectively customized to fit
particular use cases and trust models. Most of the system components are plug-
and-play in fabric. That means, we can deploy our own CA, Consensus
Algorithms, Nodes, Peers, Etc.
Fabric is one of the better performing platforms available today both in terms of
transaction processing and transaction confirmation latency. Fabric can scale up
to 20000 TPS (source).
One of the key features of any business is that only a valid-user user should enter
that business network. We need to have a component that enables user ids and
their authentication. All the users which are becoming part of this network need to
be authenticated. An entity in Hyperledger fabric which authenticates
called Membership Service Provider(MSP). Not only the users even the peer
that is going to get added needs to be authenticated. Each entity whether its user,
peer, nodes, application everyone needs an authentic entry before they get
themselves register into the system. Each entity needs certification. MSP uses
a Certificate Authority to get certificates and give these certificates to various
entries.
MSP keeps track of who needs to access what and what privileged is given to and
who all can access the network. MSP monitors all security certificates and access.
A Hyperledger Fabric blockchain network can be governed by one or more
MSPs.
Consensus
Here, you may have a question why not PoW or PoS?? Because this is
private networks so we already know who is going to push the blocks
and transactions as they all authorized nodes.
Channels
In Fabric, there is the concept of a channel that doesn’t exist in other blockchains.
In a single blockchain network, we can run multiple networks together. Basically,
it provides a facility to create a sub-blockchain network.
Chaincode(smart contracts)
A smart contract in a hyperledger is known as a chaincode. Henceforth we will
refer to smart contract as Chaincode. As the name suggests it's a contract
between the network organizations, how they will agree to use business logic.
Basically, here we write the business logic.
Chaincode runs in a secured Docker container isolated from the endorsing peer
process. Chaincode manages ledger state through transactions submitted by
applications.
Let's see the chaincode example. Suppose we have data of cars with fields Car-
Name, Model, Owner, and Color. We will write a chaincode using above mention
languages. Here we have to write two methods one is to push data into the
blockchain and another to retrieve it. chaincode APIs provide putState() and
getState() method so we can write contract in efficient way.
Endorsers
We have seen what are endorsers so, in a single organization, we can define
multiple endorsers, based on this we can have a different type of endorsement
policies. Endorsement policy defines how endorsers will endorse a transaction.
Let’s see with an example suppose we have two endorsers peer. We can have a
policy so that any one of them can validate the transaction or we can have a
policy both endorsers need to sign and validate the transaction then only it will be
accepted. Based on endorsement policy our transaction will be accepted or
rejected.
Orderers
These are special types of nodes in hyperledger fabric. also known as ordering
services. The main function of orders is to maintain the ledger state by
distributing blocks to committing nodes/peers.
Orderers maintain the list of organizations that are allowed to create channels.
Orderers also controls basic access for channels, restricting who can read and
write data to them, and who can configure them. Based on our defined policies
only authorized entities can modify a configuration element in a channel.
Summary
Conclusion
One important point to accept is that cybercrime is ever-evolving and lucrative. Thus, no cyber defense system can be
regarded as 100 % secure. A cybersecurity system that is deemed most effective today may not retain its efficacy tomorrow.
But at the present moment, when every organization is looking forward to adopting a cybersecurity solution that is Secure,
Vigilant and Resilient, then Blockchain has a lot to offer. Blockchain-powered cybersecurity controls and standards can build
stronger technical infrastructure to protect organizations from cyber attacks. This may also require combining Blockchain
with other deep technologies like AI(artificial intelligence), IoT and ML.
Rethinking Cybersecurity Through
Blockchain
Cybersecurity spending has increased exponentially in the
past decade, with no signs of slowing. Worldwide,
organizations plan to allocate more than $1 trillion
between 2017 and 2021 to protect themselves from online
threats, according to one industry report.1
Despite that staggering investment, criminal hackers are
still exploiting both publicly known and unknown
vulnerabilities, and intercepting device, application, and
network communications. CB Insights calculated that
about 6 billion confidential files were stolen between 2017
and 2018. Other industry research shows that the number
and cost of cyberattacks have increased.
These sophisticated assaults often outwit traditional
security methods, including authentication, key
management, cryptography, and privacy challenges. With
a large percentage of employees working from home due
to the coronavirus pandemic, vulnerabilities are growing in
new ways. So, instead of building more powerful tools,
many businesses are rethinking the systems that created
these vulnerabilities in the first place.
A new cybersecurity approach
Blockchain offers a different path toward greater security,
one that is less traveled and not nearly as hospitable to
cybercriminals. This approach reduces vulnerabilities,
provides strong encryption, and more effectively verifies
data ownership and integrity. It can even eliminate the
need for some passwords, which are frequently described
as the weakest link in cybersecurity.
The principal advantage of blockchain is its use of a
distributed ledger. A dispersed public key infrastructure
model reduces many risks associated with centrally stored
data by eliminating the most obvious targets. Transactions
are recorded across every node in the network, making it
difficult for attackers to steal, compromise, or tamper with
data, unless a vulnerability exists at the platform level.
Another traditional weakness is eliminated through
blockchain’s collaborative consensus algorithm. It can
watch for malicious actions, anomalies, and false positives
without the need for a central authority. One pair of eyes
can be fooled, but not all of them. That strengthens
authentication and secures data communications and
record management.
Although blockchain contains many nontraditional
features, it does take advantage of one of the most
important cybersecurity tools: encryption. The distributed
ledger can utilize public key infrastructure to secure
communication, authenticate devices, validate
configuration changes, and discover confidential devices
in an internet of things (IoT) ecosystem. Through
encryption and digital signatures, a blockchain system can
shield connected thermostats, smart doorbells, security
cameras, and other vulnerable edge devices. A recent
Palo Alto Networks report said that 98% of IoT device
traffic was unencrypted and described it as “low-hanging
fruit for attackers.”2
Also, this technology can be a weapon against distributed
denial-of-service (DDoS) attacks. A blockchain-based
domain name system (DNS) — the protocol for directing
internet traffic — can remove the single point that allows
these attacks to succeed. In 2016, a large portion of the
internet went down because of a DDoS attack on the
servers of one DNS host.3
Blockchain challenges
Organizations from multinational corporations to
governments are clamoring to adopt blockchain-based
cybersecurity, viewing it as the next big thing. But it’s not
as simple as updating an existing toolkit.
This intertwining of blockchain and cybersecurity is still an
evolving approach. Not all research ideas on digital
identities, decentralized storage, securing edge devices,
and smart contracts align with business needs. Without
careful consideration, implementation can become
impractical or even impossible. Here are some hurdles
that organizations may encounter when considering
blockchain as part of their cybersecurity strategy.
Data Privacy
In the public blockchain, anyone can see and retrieve data
in transactions. That’s a concern for businesses that want
to closely control what information is publicly available.
Permissioned blockchain can help mitigate many of those
privacy issues. An enterprise blockchain platform can
create a permissioned network that allows only trusted
parties to participate in or view transactions and to vote on
decisions.
Scalability
Scalability can become a constraint when implementing
blockchain, mostly due to block size and response times.
In this technology, every node stores, processes, and
maintains transactions in a block to ensure security and
privacy. But as the number of transactions increases,
small and medium-sized businesses struggle to
accommodate a growing number of transactions in a
block. Those increases can also slow the validation
process. With limited computing and storage resources,
scalability is at odds with decentralization.
Regulations
Organizations are still trying to understand how
blockchain’s structure and complexity fit within the
evolving data privacy, compliance, and regulatory
landscape. Europe’s General Data Protection Regulation
(GDPR) and similar laws allow individuals to demand that
their data be deleted; these laws also create a “right to be
forgotten” in certain cases. Since blockchain prevents
parties from modifying or deleting data, the technology
risks violating government rules.
Interoperability
Some blockchain platforms use a varied ecosystem for
their smart contract logic, transaction schemes, and
consensus models. Weak interoperability limits scalability.
From the developer perspective, roadblocks can also be
created from platform misconfiguration, communication
mistrust, specification errors in application development,
and cross-chain smart contract logic problems.
Thankfully, open protocols, multichain frameworks, and
algorithms are taking root in blockchain and mitigating this
issue. Business communications organization GS1 has
published global standards for blockchain interoperability,
and it is working with Microsoft and IBM on incorporating
those standards into their enterprise blockchain
applications. The Enterprise Ethereum Alliance is also
developing business standards.
Technology risks
Blockchain offers several benefits, such as efficiency,
optimization, reduced costs, and improved security.
However, the technology also introduces new risks into
systems when not carefully managed. These risks include:
What is Blockchain?
Blockchain is a shared, decentralized, and digital ledger that
records transactions in the form of blocks. This ledger helps to
store information transparently due to its property of
immutability and access to allowed members only.
Key Blockchain Features:
1. Distributed shared ledger.
2. Immutable records.
3. Decentralized consensus mechanisms.
4. Smart contracts.
5. Cryptographic key pair.
6. Identity and access management.
7. Enhanced security.
8. Peer to peer network.
9. Traceability and transparency in transactions.
10. No central authority or need for trusted third-party
involvement.
Real-Life Application Examples
Following are some prominent examples where Blockchain is
used for Cybersecurity:
1. Barclays (London, England), Traditional Banking: Barclays
have filed a patent to use blockchain to enhance security in
fund transfers. It aims to stabilize cryptocurrency transfers by
using Distributed Ledger Technology (DLT). Thus, blockchain
helps the bank store customer information on a secure
blockchain.
2. CISCO (San Jose, California), IoT: Cisco plans to use
blockchain to secure IoT devices as ledger technology
eliminates single point of failure and encryption helps secure
data.
3. Coinbase (San Francisco, California),
Cryptocurrencies: Coinbase uses encryption to store wallets
and passwords in a secure database. It also undergoes
background checks on employees to ensure that their crypto is
secured.
4. Australian Government (Canberra, Australia): The
Australian government has plans to develop a cybersecurity
network based on DLT. The government has also partnered
with IBM to secure the storage of government documents with
the creation of a blockchain ecosystem.
5. Philips Healthcare (Andover, Massachusetts),
Healthcare: Philips Healthcare has partnered with hospitals all
over the world to create a healthcare ecosystem using
blockchain and AI. This ecosystem will help discover and
analyze various operational, administrative, and medical data.
6. Chinese Military (Beijing, China), Defense and
Military: China’s government and the military are attempting
to secure vital government and military information,
intelligence information using blockchain cybersecurity.
7. Founders Bank (Valletta, Malta), Cryptocurrencies: They
aim to be the world’s first decentralized bank thus being owned
by the buyers and not any central authority. Concepts such as
encryption and distributed ledgers will be used to store and
secure users’ cryptocurrencies.
8. The State of Colorado (Denver, Colorado),
Government: According to a bill passed by the Senate, the
government will consider using Blockchain to secure the
storage of records thus trying to curb the increase in attempted
attacks.
9. J. P. Morgan (New York, NY), Traditional Banking: They
have developed a platform called Quorum which uses
Blockchain to process private transactions. It uses the concepts
of Smart contracts and cryptography to maintain the security of
the transactions.
10. Health Linkages (Mountain View, California): They aim to
use Blockchain to keep patient records secure allowing only
certain personnel to access the records. It will also be used to
maintain a chronological record of major healthcare events
which will help doctors make better decisions.