Known as the technology that underpins the Bitcoin cryptocurrency, blockchain is slowly gaining attention in business circles. What does it actually do, and how can blockchain technology be applied to benefit enterprise IT and security systems?
Blockchain is a system that establishes trust between people, and between machines, according to Joaquin Moreno, the blockchain practice lead at IT and software development company Globant, and founder of bitcoin academy BTCenEspañol. This means it can be used as the basis for finance and company security, he told DCD in an interview.
Blockchain in a nutshell
At its heart, blockchain is the linchpin of a real world solution to a tricky computer science problem, says Moreno. The Byzantine Generals’ Problem envisions five armies poised to launch a coordinated attack on a stronghold, and with a need to exchange messages on an agreed time to commence.
However, the spanner in the works is that one of the army is commanded by an as-yet-unidentified traitor who can be counted on to pass on the wrong information. How does each commander ensure that the details he receives have not been tampered with, and that the other commanders are in agreement?
Satoshi Nakamoto, the mysterious creator of blockchain explains it himself, in an archived post, using the more modern analogy of Wi-Fi cracking as an example.
“Fundamentally, blockchain technology is a database system where information cannot be changed, so the system could be used as a source of trust,” explained Moreno. “By having a system where every participant on it can trust, we have a tool that can help us for the communication, [either] between humans, a human and a machine, or between machines.”
The distributed nature of blockchain eliminates the problem of double spending in financial systems, a crucial feature given the ease by which digital bits can be flipped. This is because consensus with other nodes is required to validate new transactions, and in turn ensures that all nodes are updated with the same version of the blockchain.
Practical applications of blockchain
For most organizations, blockchain is definitely in the experimental phase, but what practical applications might it bring?
It could facilitate secure communication between devices, said Moreno, an especially pertinent application given the growing momentum behind the Internet of Things (IoT). Filament, for example, is a company already using blockchain for wireless networked devices.
IT professionals will be well aware of the ease by which network addresses can be spoofed by cyber attackers. To offer a decentralized and robust resolution of endpoint addresses so that secure communication can be established, Filament relies on blockchain and public notaries to verify the authenticity of name and address bindings.
On the security front, blockchain could be used to detect certain types of unauthorized changes to traditional database, said Moreno. A long-time favorite attack is to inject SQL commands into traditional database systems through insecure web pages, which can either modify existing values in the database, or insert unsanctioned records.
To combat this, Moreno proposed writing all changes into two databases, a traditional one, and another one based on blockchain. He explained: “We create an interface where we compare the information from each one of the database. We simulate a hacking on the traditional database. We know the information in the block chain is a source of trust, we use it as a reference to find any hacking.”
Yet another possible application is the use of blockchain to craft “smart contracts” with the use of code that is stored, verified and executed on a blockchain. The program can itself control blockchain assets, which can either be cryptocurrency or access permissions.
Moreno is working towards the creation of a supporting app that can be downloaded by a guest visiting a workplace. The idea is that entry to the general area of the office compound can be granted by any employee, while a manager is required for access to the secure part of the facility. The code and corresponding permissions are all recorded and executed on a blockchain, guaranteeing its incorruptibility.
“That is something which I think is real, we are working on that, we are doing that,” he said of this project. “A database could be changed, information could be changed, logic [of normal apps] could be changed, with a smart contract, the logic cannot be changed.”
Enhancing the blockchain
While blockchain sounds like the biggest thing since sliced bread, there is at least one area where additional consideration may be necessary. The irony is that while blockchain ensures that all transactions are duly verified and recorded by other nodes, Moreno pointed to how it actually moves the issue of trustworthiness of transactions outside the system.
“You can trust the information itself due to its use of blockchain, but who wrote the information to it? In a traditional database, the person writing the data in is understood to be trusted,” he said. “Different tiers of security mechanisms need to be engineered [for the blockchain]. You have to be very careful about who has access to the blockchain.”
And if there is one area of criticism about blockchain, then it would surely be over the amount of computational processing that it requires. Bitcoin’ blockchain system currently uses processing power equivalent to 154,000 times that of the world’s fastest supercomputer – currently the Sunway TaihuLight in China – when measured in petaflops.
“There are people who say: Hey, we are wasting energy here,” acknowledged Moreno.
Blockchain is still in its infancy, said Moreno, cautioning against attempts to “blockchain everything”.
“We think that blockchain is not a solution for everything. We first need to think about the problem, be clever enough to identify if it can be solved with blockchain, traditional IT, or a new technology,” he summed up in closing. “There is a key for everything. How does blockchain add value?”
To learn more about blockchain and how it is set to redefine the future of IT security, come hear Joaquin Moreno speak at this year’s DCD Converged SE Asia. Held during the Singapore Datacenter Week on 13 to 16 September 2016, business executives, managers and technical professionals directly engaged with IT, data center and cloud infrastructure may attend for free.
You may also qualify if your company operates its own on/off premise data center(s), or if you are a significant end-user of data center and cloud services and you are involved in technology planning, procurement, implementation, and operations. Click here to apply.