The blockchain … is not as safe as you think


With fraud, violations and threats reaching pandemic proportions across the digital ecosystem, the blockchain is proposed as an instant solution to solve security problems for use cases that span financial services, retailing, real estate, health and insurance.

The potential is powerful, but the blockchain needs help to be really secure. Given the high value and the critical nature for the security of some proposed distributions, it is absolutely necessary that nothing changes the data before it is placed on the blockchain.

Key problems

The blockchain was created to be completely immutable, so once the data has been entered into the blockchain it can not be tampered with. This means that the data stored inside the blockchain itself is highly secure.

Blockchain uses a combination of public and private keys to store and send virtual resources. The public key creates the address of where the assets are stored in the public ledger. The private key (which is also used to derive the public key) is used to sign every transaction sent by a user and to prove that the user requesting the transaction actually owns the resources.

Anyone can have access to the public key, but as long as the private key remains secret, the resources are safe. But if a private key is lost or stolen, the resources associated with it have disappeared forever. Here is the fundamental lack that undermines the security of blockchain solutions: protecting private keys.

The wild West

Nowhere did the absence of solid blockchain security solutions turn out to be more acute than the cryptocurrency market.

Hackers have declared the season open. In the first nine months of 2018 alone, almost $ 1 billion of cryptocurrency was stolen. This marks an increase of almost 250% compared to the whole of 2017. It is not surprising that the British Treasury has described the market as the "Wild West"

Each change contributes to market volatility, undermining the confidence of consumers and institutions and intrinsically limiting the potential of this powerful technology.

Does hot property need cold storage?

The security challenges also make it impractical to use and store cryptocurrencies.

Online storage services offered by exchanges (known as "hot wallets") are constantly connected to the Internet to make resources more readily available, making private keys vulnerable to attack. As a result, many see portfolios that are too risky and retain their resources in offline "cold wallets", which can take the form of USB devices or even pieces of paper.

While they are safer by hackers, cold wallets limit the usability of cryptocurrencies. In addition, if a cold wallet is not positioned correctly or the hard disk is damaged, access to a cryptographic asset is permanently lost. The challenges arising from access and the use of cryptocurrencies aggravate the perception that they and blockchain technology in general are inaccessible and confusing.

Close the security gap with tokenization

It is evident that security challenges, in particular the vulnerability of private keys, must be addressed before the full potential of blockchain technology can be realized.

Multi-signing improves security by introducing additional distributed keys for recovery and authentication. However, this is still based on the use of original keys. To meet this critical market gap, multi-signing can be combined with proven tokenization technology.

Tokenization is a process that replaces sensitive credentials, such as private keys for blockchain and cryptographic resources, with an equivalent non-sensitive token that is unique to each transaction. In this way, tokenization mitigates the risk of fraud and protects the underlying value of credentials. This adds a layer of frictionless security that integrates the immutability of the blockchain.

A secure base

For blockchain technology to be truly transformative, a secure foundation of trust and transparency is needed, starting with a new approach to security. Tokenization technology is an immediately available solution to provide this basis.

By Jerome Nadel, SVP / GM for Payments and Ticketing and CMO, Rambus

[ad_2]Source link