Forging a Stronger Blockchain with Identity-based Network Security
Businesses can create immutable, distributed transaction ledgers with blockchain technology. This creates an organized and permanent history for transactions, whether the blockchain is processing product sales or the timing of manufacturing shipments. However, while these records can help protect businesses from fraud, blockchain doesn’t have security measures to prevent large-scale distributed denial of service attacks (DDOS) and other cyber threats.
To make blockchain more secure for commercial applications, researchers from Marist College and BlackRidge Technology developed an identity-based end-to-end security system to protect commercial blockchain data and server-side systems.
Blockchain is a ledger technology that was developed around 2008. The ‘blocks’ of blockchain are time-stamped transaction records where each block contains a piece of the prior block to form a continuous chain of blocks that exist in perpetuity on every device in the network. This unalterable and uniform structure makes transactions transparent and easy to verify.
Blockchain is regarded by many companies as a revolutionary breakthrough for keeping track of transactions, but companies are still figuring out how to use the technology. Identity-based network security could make blockchain secure enough for companies to use in exponentially more applications, including stores near you.
“Many people assume blockchains are somehow inherently secure, perhaps because of their historical applications to cryptocurrency,” said Casimer DeCusatis, PHD, an assistant professor at Marist College. “However, there have been many documented attacks against blockchain-based systems, resulting in significant levels of theft and fraud. As blockchain matures and expands into commercial markets, improved security techniques are essential for widespread commercial adoptions of blockchain to succeed.”
The researchers focused specifically on Hyperledger-based blockchains, which are open source. Though Hyperledger technology often verifies certificates with HTTPS for security, it is still susceptible to a number of different cyberattacks. While HTTPS can secure the transmission of data between a user and a network, it can’t secure a website or network from software vulnerabilities.
Working within this framework, the researchers added in First Packet Authentication™ from BlackRidge, which authenticates the first packet of data transmitted from each traffic source. Any unauthenticated traffic source is dropped by the system.
In addition to First Packet, the research team incorporated identity-based segmentation and traffic separation to distinguish between client and administrative functions. This segmentation includes eight dynamic trust level designations for internal authorized users, which will allow businesses to set separate requirements for users and quickly respond to a threat coming from inside the system. More and more insider threats represent a significant portion of the losses attributed to cyberattacks.
These trust levels help ensure certain Hyperledger blockchain resources are protected for only authorized users, which is especially important as blockchain resources are often hosted in a cloud environment shared by multiple users and companies.
To test their system, the researchers used Marbles, a sample blockchain application created by IBM. The application provides a simulation for the client side, server side and trust level designations.
The figure below diagrams how the system changes the resources users (peers) can access based on their certificate authorities (CA).
Figure 1: Hyperledger blockchain authentication test bed.
In Marbles, the researchers ran multiple tests to assess the security features of their authentication system. When testing it, they found previous software vulnerabilities were closed when enabling First Packet Authentication™.
Similarly, when the research team tested the system against an attack on service, they found it was able to maintain the login security, unlike a standard blockchain network. The system let authorized users login, and redirected unauthorized users attempting to force a login password to a message stating the blockchain site cannot be reached.
Going forward, the researchers want to test their blockchain system in more use cases. They plan to start with use cases around eliminating fraud from philanthropic contributions and the Internet of Things for health care. The team is also creating its own chain code implementations of blockchain to improve applications against additional security vulnerabilities.
Large companies like Amazon and Walmart are investing millions in blockchain technology.1 By using the researchers’ identity network security system, these companies can trust their data with a blockchain that is properly protected against hackers. Once implemented, the system will help businesses expedite and secure transactions, saving them time and money.
For more information on blockchain, visit the IEEE Xplore Digital Library.