A security solution using blockchain Technology

Saturday, December 24, 2016

Facing the increasingly fragile network security infrastructure, there is a new but neglected solution to be considered, namely bitcoin, Ethereum, zcash and other open blockchain networks.

To some extent, the open blockchain network is similar to the technology used by traditional infrastructure providers such as domain name service providers. Like centralized DNS server, open blockchain network records important data and protects data from malicious or deceptive interference. For cryptocurrencies, such as bitcoin, these data are the list of cash like transactions between bitcoin users. But open blockchain network can also be used to record all kinds of information, from DNS records to intelligent device entities, to Internet of things user access rights and so on. The most fundamental difference between these networks and legacy systems is the method used to secure these records.

The old pattern of network security is called border security. What needs to be protected? External threats? Make a boundary (wall) and don't put any villains in it. However, the effect of this method is not very good, because the boundary is always invaded. Once inside, attackers can gain full control, steal sensitive data (as shown in credit card hacking and extortion software attacks), or take over strong control (such as nuclear reaction system).

The security method of open blockchain network is totally different from this kind of boundary model. There is no boundary concept in bitcoin protocol. The software that drives bitcoin is open source and can be audited by anyone. Bitcoin transaction messages are transmitted in plaintext at the IP layer, which is visible to anyone, while the network is point-to-point: it is built on a network composed of strangers' computers.

Despite this openness, all bitcoin transactions - the legendary blockchain - have never been blacked out. But blockchain is just a data structure, just a combination of 0 and 1. What is truly revolutionary is the consensus mechanism, which can help all computers in the network reach a consensus on whether to link new data or not.

In the approved blockchain tested by major banks, a direct consensus mechanism is used: only users are allowed to add new data. Basically, this is just another kind of security boundary with the same weakness. As long as the vouchers of member banks are stolen, consensus data can be changed.

Bitcoin, Ethereum and zcash have made totally different innovations. They allow anyone to add data to the blockchain at the expense of the network. It sounds a bit like witchcraft, but it's really just Economics: prove that you're a loyal member of the network by solving the computing intensive equations (what computer scientists call "proof of work"), and then you're allowed to add new blocks to the chain.

The open consensus mechanism does not distinguish identity, voucher or geographical location, they just want to share risks. Therefore, the only way to attack the open blockchain network is to invest in it. In this case, the attack will only hurt its own interests. It is this "proof of work" consensus mechanism that makes bitcoin so firm in the face of cyber attacks, and at the same time, it also pulls the traditional border security mode of Cyber Defense to the courtroom.

It can be imagined that if this borderless network security model is implemented, the attack on dyn in October this year may be blocked. Dyn is a DNS provider, which means it holds a map of domain names and IP addresses. When dyn is attacked and the mapping record is lost, the web address entered in the browser address field cannot be translated into IP address and the web site cannot be loaded.

As with every other DNS provider (and basically most web services), dyn's security model is border security. Build a wall around sensitive data (DNS records in the case of dyn) and pray that the wall will block the attack. However, hackers break through this wall by using the message flood (DDoS attack), and the result is the temporary loss of key Internet data. DNS record is not more complicated than the transaction of special currency: we want to know who has what domain name, and we only hope that the person who currently owns the domain name can transfer the domain name to others.

On the open blockchain network, this key system can easily run outside the security boundary. Open communities of computer users will work together to form decentralized DNS services. Anyone who is willing to help store and confirm DNS data can run relevant software, connect to the peer-to-peer network, download the DNS blockchain copy maintained by the network autonomy, confirm and pass the new record modification request, and then gain some digital currency rewards for providing this public welfare.

It's easy to advocate an unclaimed domain name: ask the network to add your domain name to DNS, and it's point-to-point to buy and sell existing domain names. Any changes to the records may incur costs, just as we would today pay for domain name registration. However, this fee will flow to the open community of the entire network participants, rather than to the pockets of a particular company. Because there is no central failure point, the open blockchain network can resist dyn type hacker events, and each participant has a copy of the domain name mapping record. So that the domain name service from the fear of attack.