While many in the Internet of Things (IoT) space look to blockchain as a potential enabler of efficiency and interoperability, a number of blockchain’s technological components have the potential to enhance security as well. Some refer to blockchain as the technological architecture that will enable the “Internet of Value” because it supports the integration of financial and operational execution. But achieving the holy grail of a universally interoperable platform for device interactions and value creation requires trust through security. Blockchain architecture holds great potential for enhancing data security. Advancements in cryptography and the distributed nature of blockchain platforms render hacking far more difficult and costly than just hacking into a single database.
Operationally and culturally, security advancements enabled by blockchain foster trust, but such advancements have information technology (IT) and architectural benefits as well. Security must encompass a vast landscape of architecture and processes. For applications involving connected devices and infrastructure, these include protecting data, contracts, files, devices, and networks, as well as maintaining privacy, authenticating identity, preventing theft/spoofing, developing governance for autonomous device coordination and settlement, and of course, designing regulations and compliance into transaction execution.
The Seven Security Configurations to Enable
Below are seven examples of blockchain-enabled security advancements:
- Smart Contracts: Smart contracts are the first line of defense in that they provide the opportunity to write security rules into the execution of the transaction by placing logic (predetermined protocols and programs) directly into the blockchain code.
- Private-Public Key Cryptography: Although not new or unique to blockchain, cryptography and digital signatures, which are an inherent part of blockchain architecture, offer an embedded layer of security compared to traditional database architectures. Data about the transaction must be encrypted, use digital signatures, be cryptographically secured, and accessible only by those in need of immediate read or write access.
- Zero Knowledge Proofs (ZKPs): This cryptographic technique allows two parties to prove that a proposition is true without revealing any information about the event, typically a transaction in the case of blockchain.
- Oracles: This technology simplifies the connectivity between a smart contract or cryptocurrency and external data feeds. Companies use external data feeds to augment their own proprietary data sets. Although this makes for richer data and efficiencies, it introduces significant security risks because it is involving third parties, each with a host of unknowns. For example, oracles can serve as a sort of security lever that maintains certain data “off the chain” entirely, while keeping minimal data on the chain to protect sensitive context.
- Multi-Party Computation (MPC): This process uses an external blockchain to manage access control, identity, and tamper-proof logging. Sometimes called “homomorphic encryption,” this is an emerging practice of using joint peer-to-peer (P2P) networks to run computations on data without decrypting it, maintaining complete privacy of the data.
- Cryptlets: Microsoft recently developed Cryptlets, a set of off-chain code component services that can be written in any programming language and serve as a sort of gateway to allow companies to bring in only trusted data from outside the blockchain system without breaking the security of that system.
- Identity Authentications: This concept uses blockchain to underlie tamper-proof identities, using any variety of the above configurations. It is relevant to security due to its impact on fraud, counterfeiting, identity theft, or even immutable access, despite unstable sociopolitical dynamics.
Careful configurations of the above (and new developments in cyber security) offer advancement opportunities for mitigating the current risk levels within most IT/IoT security departments. Humans will remain a tremendous weakness in any system, given the prevalence of simple phishing attacks, poor password protection, lack of security training and governance, and good old fashioned human error.
Potential Expansion for Security in Device Interactions
Ultimately, blockchain architectures will use a variety of security and cryptographic techniques to prove identity and authenticity, and enforce read/write access rights. So far, no single technique has emerged as the industry standard, although the volume and variety of efforts signal how and why blockchain could augment security in device interactions.