One of the biggest conundrums with blockchain right now is security. A major facet of a public blockchain (i.e., Bitcoin, Ethereum) is it’s decentralized, replicated digital ledger, which is completely visible to the public, but in which transactions are verified and validated for public/private key-holders. This enables complete transparency of all transactions of validated public/private keys.
While highly decentralized public blockchains which have several thousands of miners, such as Bitcoin and Ethereum are very difficult and cost-prohibitive to hack, we have seen successful hacks and cyber-attacks. In fact, if you’ve kept your eyes on blockchain headlines recently, you’ll know about some hacks in the space, namely in the cryptocurrency space.
These hacks occur with wallets, exchanged and applications that reside on top of the blockchain protocol. Often as a result of poor software development practices.
Of late, with the emergence of multi-forked (fork of a fork of Bitcoin, etc.) blockchains that are not nearly as well decentralized as one would need them to be, we have seen successful attacks carried out on these.
So, if blockchain is built to be naturally secure on its own yet the larger ecosystem has vulnerabilities, what does blockchain security really look like and what needs to change?
What Blockchain Security Currently Entails
Despite these weaknesses and vulnerabilities, blockchain security involves some of the most practical ways to protect information and content from being changed once published on a blockchain. In fact, some industry insiders and tech leaders believe that blockchain can make passwords obsolete.
The Blockchain Itself & Public/Private Keys
Remember how the blockchain works? It’s a series of blocks containing information, content or assets that are completely visible to everyone with the ledger, but only accessible for transactions to those who have a special key-pair to access it. It’s like a unbreakable glass box with a tamper-resistant lock.
In theory, this distribution of information is un-hackable, because there is no disputing what’s in the block, and no one can open it without having the key.
Speaking of keys, everyone who uses a blockchain network has a public and private key. The private key verifies that the holder of the corresponding public key sent a message (also known as authentication). The private key is used to decrypt the message encrypted in the message send by the holder of the public key (also known as encryption).
To illustrate this, think of entering a buzz code at a condo. Entering the buzz code dials the tenant and you confirm yourself to them by letting them know who you are, and if they believe you (authentication), you are let in by the host by them unlocking the door. Once you hear the tick, the door unlocks and you walk in (encryption) - you now have access to that person’s suite and it’s clear that you’re a welcomed visitor.
Two-Step Verification & Account Encryption
Cryptocurrency, in particular, relies on “beefed up” login security, namely in the form of two-step verification (two-factor authentication or 2FA), and encrypted digital wallets.
Two-step verification essentially relies on:
1) Initial details such as usernames and passwords;
2) One-time passcodes or other details (secondary to usernames/passwords) to gain access to an account.
Encrypted wallets offer protection to crypto assets which do not come with these codes by default. They protect accounts from keylogging technology that can pick up a user’s password.
Blockchain Servers and Security Modules
This is where things get a little more “techie”. Blockchain networks require a combination of hardware devices and software applications to ensure that private keys and account data are protected.
One component of this are hardware security modules (HSMs). These devices are dedicated to protecting access data, such as digital keys, passwords and more. They are typically stored in a secured area such as a company’s data center which is inaccessible to all but a few people on staff. To go even deeper, these modules are often contained within other hardware for added protection.