Is the blockchain good for security?

The blockchain is now being hyped as the solution to all inefficient information processing systems

Overstock was one of the first online retailers to adopt Bitcoin in a big way. Now it's become the first major company to issue stock on a trading platform powered by the blockchain.

The blockchain is a distributed file system where participants keep copies of the file and agree on changes by consensus. The file is composed of blocks, where each block includes a cryptographic signature of the previous block, creating an immutable record.

"Blockchain trading is much more secure than the current system," said Judd Bagley, director of communications at Salt Lake City-based Overstock.com. "The distributed nature of the network that verifies the integrity of the transactions and associated account balances makes a successful attack mathematically impossible."

Overstock used the t0.com stock trading platform, which it owns. Up to a million common shares will be issued on t0.com, and up to a million preferred shares will be issued on the traditional exchanges.

"There may be no software that has been better proven, from a security standpoint, than Bitcoin," Bagley said. "Building a stock trading platform atop such well proven software should leave all parties feeling very confident, from a security point of view."

In addition, he said, settlement times are reduced from three days to 10 minutes, settlement costs are cut by 80 percent, and counterparty risk is eliminated because the cash and assets are accounted for ahead of time and instantly swapped.

Finally, the blockchain is completely transparent, he said, and cannot be changed.

"Put transparency and immutability together and you have a dream scenario for regulators, auditors and compliance officers," he said.

And it's not just stock trading. The blockchain is now being hyped as the solution to all inefficient information processing systems, such as recording of property transfers, escrow services, and even legal contracts.

But Bitcoin isn't without problems. The cryptocurrency has proven to be extremely volatile and popular with criminals. Regular users have lost millions to theft, the FBI is sitting on stockpiles of confiscated Bitcoins, and some of the members of the Bitcoin Foundation, created to legitimate the currency, are now in jail or on the lam. In addition, the Bitcoin system is slow to process transactions and is facing significant scalability issues.

[ BITCOIN ISSUES: How online black markets work ]

Are any of these problems endemic to the blockchain itself? And if you're looking to eliminate an old, inefficient manual or batch-based process, the blockchain may be better -- but is it better than other modern types of data structures?

For example, the blockchain lends itself well to peer-to-peer systems but isn't necessarily a good tool for individual enterprises.

"If you're the only participant, you don't need a block chain -- you just need a database," said Prakash Santhana, director for payments risk and integrity at Deloitte Advisory at Deloitte & Touche LLP

More Bitcoin, more problems

Peter Williams, chief edge officer at Deloitte's Centre for the Edge, calculates that each Bitcoin transaction costs roughly $6 in hardware and energy, and consensus approval of each transaction takes about 10 minutes.

That kind of performance doesn't necessarily compare well to competing technologies.

But some of this is due to the way that Bitcoin uses the blockchain.

"Bitcoin throughput is limited," said Mance Harmon, senior director of labs at Ping Identity. "To increase throughput means that you need a business relationship in place, and more trust between peers."

That is very much possible when a blockchain is used by, say, a limited group of business partners.

For example, banks would send money directly to one another instead of going through a centralized clearinghouse like SWIFT or ACH.

In February, 40 of the world's largest banks conducted a trial of five blockchain technologies, including Ethereum, a public block chain platform, as well as blockchains from Chain, Eris Industries, IBM, and Intel.

Ethereum claims to take only 17 seconds to process a transaction, while a San Francisco-based startup, Safe Cash, announced last month that it can process a transaction in under five seconds -- and can handle up to 25,000 transactions per second.

According to Autonomous Research, blockchain technology could save the financial system $16 billion by 2021, or one-third of annual clearing and settlement costs globally.

But getting to that point could be extremely difficult, said Larry Tabb, founder and CEO at Tabb Group, in a report released in February.

"Many massive and in some cases what seem to be insurmountable challenges need to be overcome," he said. "This will take not only years but hundreds of millions if not billions of investment dollars across banks, investors, custodians, and industry infrastructure."

Larger attack surface

As any company with a big database knows, hackers love going after sensitive information. If a blockchain is used to store confidential contract information or payment data, then replicating the file could potentially offer hackers more places to get their hands on it.

This isn't a problem for blockchain data that is meant to be visible to the public. But many investors, for example, would not like others to know that they are taking a position in a particular security, said Tabb.

If the information is meant to be visible, then having multiple copies means that the data is less likely to be lost, said Ping Identity's Harmon, since there are multiple copies of the records.

And if the blockchain contains encrypted information, then it doesn't much matter whether the peers access the data in a single location or in multiple locations, since the number of access points remains the same.

"If a key is compromised, then it can be used to access the database in a hub-and-spoke model, as well as in a distributed database," said Harmon. "There is no difference."

Join the CSO newsletter!

Error: Please check your email address.

More about CSODeloitteDeloitte & ToucheFBIGoogleIntelLakeOverstock.comPing IdentitySmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place