A recent paper I wrote. Let me know your thoughts.
Recent advances in information assurance security is helping organizations build their threat defense system through autonomous, decentralized applications built on the blockchain. According to Doug Drinkwater (2018), “The blockchain is a decentralized, distributed electronic ledger built on the model of offering absolute security and trust.” Originally established as the cryptocurrency option Bitcoin, which was a proposed electronic transaction system without relying on trust with the network (Nakamoto, 2008), blockchain applications and protocols allow security vendors and professionals an avenue for propagating security events, analysis, and adoption of security controls without the need for centralized systems or services.
Blockchain technology works with nodes on the Internet. These nodes range from expensive ASIC machines to low-to-medium end computers with one of more graphic cards. The machines confirm secure transactions that are sent through the network by the blockchain users. For any individual transaction to be fully committed, multiple nodes on the network must confirm the transaction. This ensures that the transaction is authentic, and has not been tampered with. Once the transaction is complete, it becomes a permanent, secure part of the blockchain, which is stored within the public ledger. This shared ledger is stored on all equipment that has the ledger wallet installed on it, which can be any computer located throughout the world (Bitcoin Project). With the use of a public distributed ledger system, there is no single instance that can be attacked or modified by a company or attacker, which can take down the blockchain network.
The use of blockchain and distributed ledger technology will have a profound impact on information security in the coming years. Due to its decentralized nature, security applications will become more reliable because one single instance of its network could be attacked, or attempted to be manipulated without having an impact on the rest of the infrastructure. Additionally, through the collective power of the node machines running the blockchain, near real-time information can be broadcast through the network to any location throughout the world in small transactions that the smallest device can process. This will allow low power with minimal CPU resources to join and process blockchain transactions quickly and efficiently.
Multiple security vendors have begun exploring the use of blockchain for information security advancements. The Uppsala Foundation has developed the Sentinel Protocol, which provides security intelligence on the blockchain. The premise of the Sentinel Protocol is to provide collective intelligence by allowing security professionals to add security related events to the blockchain, which will be distributed to all the users of the system. Through this intelligence, end-users will be able to access real-time information regarding events occurring that would affect the security of their systems. Additionally, the application provides a distributed malware analysis sandbox that tests applications and files for malicious code without compromising the corporate systems or network. By using blockchain technology to provide this functionality, corporations will no longer require dedicated environments to deploy this solution, nor have to waste valuable computational power to analyze multiple files (Sentinal Protocol, 2018).
According to Davis Schaatsky (2017), the technology provides a way of recording transactions or any digital interaction in a way that is secure, transparent, highly resistant to outages, auditable, and efficient (Piscini, Dalton, & Kehoe, 2017). Using blockchain technologies within information security complies with all aspects of the CIA triangle by securing private applications through full block data encryption for confidentiality, eliminating data modifications or destruction for integrity, and having no single point of failure and operation resilience for availability (Piscini, Dalton, & Kehoe, 2017).
References
Bitcoin Project. (n.d.). How does Bitcoin work? Retrieved from Bitcoin:
https://bitcoin.org/en/how-it-worksDrinkwater, D. (2018, February 6). 6 use cases for blockchain in security. Retrieved from CSO:
https://www.csoonline.com/article/3252213/security/6-use-cases-for-blockchain-in-security.htmlNakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System. Retrieved from Bitcoin:
https://bitcoin.org/bitcoin.pdfPiscini, E., Dalton, D., & Kehoe, L. (2017). Blockchain & Cyber Security. Retrieved from Deloitte:
https://www2.deloitte.com/content/dam/Deloitte/ie/Documents/Technology/IE_C_BlockchainandCyberPOV_0417.pdfSentinel Protocol. (2018, April 7). Sentinel Protocol: Security Intelligence Platform for Blockchain. Retrieved from Sentinal Protocol:
https://sentinelprotocol.io/Sentinel%20Protocol%20Whitepaper%20English-2.pdf