The blockchain revolutionized the sending of money around the globe, but can it also help solve our security problems, too? Experts believe that when applied to other business problems, the decentralized records management technology could make all kinds of transactions safer.
Don Tapscott, author and adjunct professor at the Rotman School of Management, recently co-founded the Blockchain Research Institute with his son Alex. He thinks that the blockchain has the potential to revolutionize security in modern computing applications.
The technology’s promise lies in its ability to keep everyone honest. The blockchain used in the bitcoin electronic currency network first proved this, he points out. It ‘seals’ collections of transactions into the network in the form of blocks, produced every 10 minutes. Computers on the network called miners encrypt that information, making it difficult for anyone else to tamper with.
“If I were to try and make a payment with the same money twice, I’d have to hack that 10-minute block, plus all of the previous blocks, because they’re all interconnected,” he says. “That’s the entire history of commerce on bitcoin. Not just on one computer but millions around the world simultaneously, and all of them using the highest level of cryptography, while its most powerful resource – the miners – are watching me.”
Bitcoin’s blockchain means that people can keep their transactions secure, because everyone has a copy of the blockchain and can check it at any time for anomalies. The blockchain concept can bring security to more than mere financial transactions though, Tapscott continues.
“Blockchains will change applications in areas ranging from retail through to manufacturing and energy,” he says.
Some companies are using blockchain technology to help bring security to supply chains. These business and logistics networks consist of many moving parts and companies. By combining sensors that monitor the state of products en route with blockchain technology that render it tamper-proof, supply chain managers can guarantee the provenance of particular products. Each participant in the supply chain can write details about their activities when handling a product into a distributed ledger. Others can then see them but not alter them.
London, England-based designer Martine Jarlgaard is using blockchain technology to track the journey of broad materials through the supply chain, making product sourcing transparent to ethically-minded customers. This month, San Francisco-based Chronicled launched a temperature locking platform based on disposable sensors that can monitor an item through the supply chain and optionally upload their data to a blockchain to make it immutable.
Others are using blockchain technology to help manage identity information, a task which has always been problematic in centralized models. European trust services provide LuxTrust partnered with Cambridge Blockchain this week to create an identity management system based on blockchain technology, while in Canada, SecureKey envisages the blockchain as the basis for an identity management system involving multiple partners.
In the U.S., Sky Republic is readying what it calls a ‘trusted digital ecosystem’, combining digital ledger technologies with middleware, making it possible to integrate blockchain technology with other software. It wants to use blockchain-based identity management to manage business transactions from contract creation to settlement.
Implementing blockchains properly
Such is the interest in blockchain technology as a security tool that the International Telecommunications Union (ITU) has been investigating the issue. The global standards organization held a workshop in March to identity where it could introduce security standards for the technology.
Blockchain technology may help to bolster security but it won’t be a panacea. Much will depend on its implementation. A report from the European Union Agency for Network and Information Security (ENISA) in January warned that financial institutions using the technology must adopt best practices for information disclosure and other governance procedures when using distributed ledger systems.
Improperly-configured code has led to problems at many bitcoin exchanges, for example, such as BitFinex, the Hong Kong-based exchange that was hacked last August.
As blockchains become more sophisticated and begin using smart contract technology, the opportunities for insecure implementations flourish. The downfall of the DAO, a smart contract-based company that was also hacked, shows how flawed code can lead to insecurities, even if built using a technology designed to be secure.
“The DAO incident wasn’t the hacking of a blockchain – it was the hacking of an application built on a blockchain,” Tapscott concludes. “If you’re going to create a company with no people and it raises $160 million, then you’d better make sure there are no flaws in your software.”