Blockchain and security
Blockchain and security are often mentioned in the same sentence, as though security is inherent in blockchain. Often the word security is used in this context to imply that the information on the blockchain is protected from being viewed by unauthorized parties.
I guess the problem is that people mean different things by security. Blockchains offer the security of tamper-proof recording of data. Permissioned blockchains offer the possibility of tracking down who made what change, or added what data to the chain, i.e. auditability. And both allow the building of trust through the blockchain consensus protocol in the same way that the rules of, for example, football (soccer in the US) mean that there won’t be more than 22 active players on the pitch during the game.
But because blockchains involve cryptography I see people writing about it as though the data on the blockchain is encrypted. It can be of course, but that’s icing on top of the blockchain cake. It’s not built into the concept of blockchain by default. You can go and explore the most popular blockchain, Bitcoin, and see exactly which address got each block mining reward, and which address transferred what amount to where. That’s how we know that Satoshi Nakamoto has at least 1M bitcoins (and if he/she/they decide to spend it, we will all know instantly).
I’ve taken the security of the data on the blockchain very seriously at my company, Chainfrog, and so it’s baked into our Blockbinder solution. Blockbinder allows you to share data between familiar relational databases over a blockchain, but all the data is properly encrypted before it goes off to the blockchain nodes. So even if a hacker manages to break into one of the nodes, they can’t read what stored there. We’ve added further fine-tuning to allow participants to share data between specific parties — the rest can still see that data was added, but they can’t see who it’s for or what it is. This is done on the blockchain through the sharing of symmetric encryption keys using the participants public-private key pairs.
Of course, if the keys aren’t protected properly on your own database server, all bets are off. But at least there are two layers of protection in Blockbinder — encryption of the data and protection through permissioned access.
And if you’ve found a magical way of putting the genie back in the bottle and removing leaked data from the internet I’d love to hear from you. (As would LinkedIn, Equifax, eBay, Uber, Sony, Verisign, Adobe, … well, the list just goes on and on)
Visit www.blockbinder.com to learn more, or email us at info@chainfrog.com.
About the author
If you enjoyed the article please contribute your grain of sand by sharing / clapping. User engagement is used by Medium to recommend content so if you like the content then giving a clap or share is an extremely helpful way to support me and allow me to spend time on further articles.
These are exciting times and I hope you take something away from my article, feel free to connect with me on my twitter and LinkedIn accounts.☺
It goes without saying that thoughts / opinions expressed in this article are my own, not associated with Chainfrog!
Further Reading:
Other articles I have written about similar subjects.
