What is Blockchain Security?

The security of personal data, especially that which is stored online, is a human right. It has failed to evolve and actually been deteriorating in recent years. Blockchain technology has the potential to entirely change this. In this segment of the Lisk Academy we will explore the importance of the topic and ways to achieve it, especially in modern society.

All of our data is stored online. We concede some of our most private information to the platforms that we use on a daily basis and we are often unaware which of our personal data is collected. Many users still conceal some of their most valuable data behind the shockingly weak combination of a username and password, with over half of users openly admitting they use the same password for all of their logins.

Is blockchain secure?

Yes, blockchain is innately secure. It utilises powerful cryptography to give individuals ownership of an address and the cryptoassets associated with it, through a combination of public and private keys, made up of combinations of random numbers and letter. This solves the issue of stolen identity as addresses are not directly associated with users’ identity, whilst also being far harder to compromise. Private keys are even more secure as they are considerably longer. It is in this way that blockchain offers a greater level of security to the individual user as it removes the need for weak and easily compromised passwords and online identities.

However, in general it is particularly rare for an individual to have their identity compromised by being hacked. Rather it is through some of the biggest hacks, on the world's largest companies, that most personal information is obtained by hackers. Countless international companies harvest as much information about their users as possible to increase the effectiveness of their sales teams. Yet this data is nowhere near as secure as it needs to be. These large organisations often fail to secure its databases putting millions of their customers at serious risk. Roughly half of all Americans had their sensitive data compromised, and that was in just one hack.

Examples of recent hacks

LinkedIn 2016 hack – 164 million logins and passwords stolen.

eBay 2014 hack – 145 million users’ accounts breached.

Equifax 2017 hack – 143 million customers have highly sensitive data (social security numbers, credit card numbers, birth dates) stolen.

Global Payments 2012 hack – 110 million credit cards compromised.

JPMorgan Chase 2014 hack – 83 million accounts (mostly small businesses and personal accounts) accessed by hackers.

PlayStation Network 2011 hack – 77 million contact details, logins and passwords stolen.

Home Depot 2014 hack – details of 50 million credit cards lost.

Ashley Madison 2015 hack – 37 million accounts hacked.

Poor security practises are certainly to blame to some extent. Despite overall awareness about the need for rugged cybersecurity many companies, and even government agencies, fail to keep their systems updated, patched and secured. The reasons for it are often miniscule: a single employee failing to update their computer system can put the entire network at risk.

At its core the problem lies in centralisation. Data that is stored in one central point is far more vulnerable to being compromised, which is exactly the opposite to how blockchain technology is built. By being a ledger of information that is distributed across various a P2P network, blockchain ensures the security of data by not having a single point of failure. A hacker would need to attack countless devices at once to collect little bits of data and put them altogether, it is simply not feasible nor possible. Furthermore, decentralisation ensures that even if one of these devices fails, all of the data remains secure elsewhere. This resilience and security have become some of the hallmarks of why blockchain technology is so revolutionary.

Is a private blockchain more secure than a public one?

The practise of building a private blockchain to preserve security is a severely misguided one. It is true that a private blockchain allows for the screening of participants, whereas a public blockchain is essentially accessible to everyone. However, it is this exposure that allows a public blockchain to develop immunity to hacks. For example, Bitcoin is the original public blockchain, having withstood years of relentless hacking without ever being compromised, getting more resilient with every hack that it withstands. This epitomises that public blockchains, much like Lisk’s, are considerably superior than private blockchains.

Does the blockchain get hacked?

No a blockchain itself does not get hacked. The security of blockchain technology should not be confused with news about hacks, such as those carried out on cryptocurrency exchanges. Similarly to normal hacks, the underlying vulnerability allowing for hacks on exchanges stem from centralisation. Despite blockchain technology being decentralized, there are still centralized aspects of it, such as cryptocurrency exchanges. This means that hackers can attack a single point in the hope of gaining access. As such, these hacks have given rise to calls for decentralized exchanges and it is only a matter of time before these become the main platforms allowing people to trade cryptocurrencies.

Such hacks epitomise how important it is for every aspect of blockchain to be as decentralized as possible, as distributed information and assets are definitely more secure.

The security of blockchain has roots in the cryptography that it utilizes however it is the technology’s decentralized nature that provides the foundations for its security. In fact, it is this distribution and decentralization that has got most people excited about the potential of blockchain technology.

Tips for staying secure online

  1. Use a VPN to encrypt and hide your online activity.
  2. Use two-factor authorization (2FA) wherever available, always download a 2FA app rather than using an SMS option.
  3. Use a different password for each account.
  4. Use strong, complex passwords, including numbers, symbols and different cases.
  5. Use a Password Manager. This makes the two previous points considerably easier to do.