The world of bitcoin, blockchain and cryptocurrencies is moving so fast that it is hard to keep up, even if you try to follow current events. Certainly, it has been some wild times lately as the trading prices of these currencies has escalated wildly. This post will review some of my own interests, namely some interesting places where you might want to read up more about blockchains and the intersection of these technologies with IT security.
Probably a good place to start is with my sister newsletter, Inside Bitcoin, researched and written by David Stegon three times a week. Like my own Inside Security newsletter, it comes packed with tons of great content, current events, trading prices of the leading currencies and more. For example, in today’s issue you can find out that soon the electricity used for bitcoin mining will account for the bigger power usage than for people’s homes in Iceland.
If you are looking to learn more about cryptocurrency basics, the VC firm Andressen Horowitz has put together this page of links it calls is Crypto Canon. There are a lot of beginner’s guides about privacy and security and tutorials for developers. Another really great source that goes into details about the actual mechanics of the blockchain protocols can be found in the current issue of the Internet Protocol Journal. Written by Bill Stallings, it is a clear and solid explanation of how the blockchain works to self-authenticate transactions, which are at the core of this brave new world.
If you haven’t gotten enough of a fix, I humbly suggest next taking a look at a blog post that I wrote for the iBoss blog about recent blockchain exploits. Criminals are coming online, stealing funds from digital wallets, attacking currency exchanges, deploying hidden miners and going after initial coin offerings. This latter event is similar to an IPO for blockchain companies, only instead of receiving dollars (or some other real currency), they get cryptocoins, often newly minted. The opportunity for abuse and fraud is limitless, and some companies have already “mysteriously” disappeared after their ICO.
The hidden cryptominers are particularly pernicious. An average exploit can generate $500 a day per PC that has been compromised. Set up a network of a few thousand machines and you are literally creating cash while you sleep.
But blockchains can be used for improving and innovating when it comes to IT security too. Here are a few examples:
- Shocard uses blockchains to provide an identity authentication system so that people can share information with each other securely.
- Hypr is similar, encrypting a user’s credentials but doing so without any centralized authority needed to vouch for them or store the information.
- Microsoft is adding blockchain features so that its Authenticator app can manage all kinds of user identity data and cryptographic keys.
- CertCoinis one of the first implementations of blockchain-based PKI. The project, developed at MIT, removes central authorities altogether and uses the blockchain as a distributed ledger of domains and their associated public keys.
- Guardtime built the identity management platform for the Estonian government and now sells its KSI blockchain-based enterprise security tools. Changes to the network configuration have to be authorized, making it harder for malware to gain access.
- Maidsafe has created an alternative Internet where users are able to run apps, store data, and do everything else they normally do online, but in a more secure environment.
- And IBM and Maersk have built a blockchain-based digital trading system to track shipments of the global logistics company.
We have just seen the very tip of the iceberg when it comes to using these technologies, both for good and evil. Send me your favorite bitcoin/blockchain product or anecdote if you don’t mind sharing.