LSE - Small Logo
LSE - Small Logo

Jerome Nadel

May 16th, 2019

Blockchain’s security weakness lies in the very thing that makes it secure: cryptography

0 comments | 2 shares

Estimated reading time: 5 minutes

Jerome Nadel

May 16th, 2019

Blockchain’s security weakness lies in the very thing that makes it secure: cryptography

0 comments | 2 shares

Estimated reading time: 5 minutes

Blockchain was originally designed as a technology to support cryptocurrency, and its use is expanding beyond its financial roots to benefit organisations across different industries. From enhancing customer experience in day-to-day trade, finance and cross-border payments, to smart contracts and IoT security, blockchain is transforming the way companies do business.

Despite its cryptographic history, organisations should not see blockchain as a silver bullet when it comes to security. Like all technology, it has its own weak points and hackers are increasingly manipulating these weaknesses for their own financial gain.

Unfortunately, the most common weakness in blockchain security lies in the very thing that makes it secure, namely cryptography. Blockchain is open to abuse if the keys aren’t secured. Since the inception of key-based encryption, cyber criminals have been using a host of methods, such as brute force attacks and phishing and social engineering, to get hold of information about private keys from their owners. One of the most notable examples of this resulted in the theft of over $500 million from a Japanese cryptocurrency exchange. It has become so common place that there are even scores of videos on sites like YouTube that provide step-by-step instructions on how to hack private keys.

Given the high-value financial and safety-critical nature of some proposed blockchain use cases, it is imperative that nothing alters data prior to its placement on the blockchain. While multi-signature features will enhance levels of security by introducing additional distributed keys for recovery and authentication of transaction, they still rely on the use of original keys that could be vulnerable to attack. Therefore, multi-signature cannot be used alone and relied upon for exclusive security. This doesn’t mean blockchain should be abandoned; businesses just need to layer additional security, such as tokenisation, on top.

Tokenisation

Initially developed for the financial services sector, tokenisation is a highly secure means of protecting account-based transactions. It works by replacing sensitive information with unique randomly generated alphanumeric numbers known as tokens. An individual’s primary account number, for example, would be replaced with a token, which is then used for an individual transaction. For each subsequent transaction, a new token is generated and used.

Because tokens have no value outside of the specific transaction they are used for, they make an ideal choice for systems where individuals want to minimise the potential exposure or manipulation of sensitive data.

How blockchain and tokenisation can work together

To vastly improve the security of blockchain, the addition of tokenisation will provide a bank-grade, combined solution that can be used regardless of industry or use case.

Unlike the private keys used to authorise blockchain transactions, tokens cannot be used by a third party to conduct transactions if intercepted. By replacing sensitive private keys with a limited use token that can include domain controls for device or channel, tokenisation mitigates fraud risk and protects the underlying value of credentials.

When applied together, blockchain can help to protect the integrity of data-related records showing the transaction process that the token was involved in, while tokenisation can be used to protect credentials, and allow user domain controls to control where and how they may be used. This combination could be used to keep the most sensitive of data, including all forms of personal data from account details to patient IDs and social security numbers inherently secure.

Looking ahead

In the same way cryptocurrencies aren’t going away any time soon, blockchain is here to stay. The current generation of businesses being built on, and around the blockchain are beginning to adopt the necessary technologies and processes, such as multi-signature transactions, and tokenisation to improve the levels of security that consumers expect for a tradable commodity.

However, if businesses truly want to benefit from this technology, better levels of security must be applied by all, not just the few. Once this secure ecosystem is in place, the speed and flexibility of having assets on blockchain is going to transform many types of transactions, and it’s only when this happens that we will start to see wider adoption of blockchain across businesses and entire industries building operations on the blockchain.

♣♣♣

Notes:

  • The post gives the views of its authors, not the position of LSE Business Review or the London School of Economics.
  • Featured image by Blue Coat Photos, under a CC-BY-SA-2.0 licence
  • When you leave a comment, you’re agreeing to our Comment Policy.

Jerome Nadel is the general manager of payments and ticketing, as well as chief marketing officer for Rambus. He is responsible for helping implement Rambus’ open and collaborative culture, both internally and externally. Jerome has expertise in strategic usability and user experience and has extensive international business strategy and marketing experience. Before coming to Rambus, Jerome was at Option NV, where he was the chief experience officer leading the user experience process from research and innovation to implementation, marketing, and sales. Prior to that, he was executive vice president of user experience and marketing at MobiWire, chief experience officer at Human Factors International, marketing VP at Gemplus and chief marketing officer at SLP InfoWare.

 

About the author

Jerome Nadel

Jerome Nadel is the general manager of payments and ticketing, as well as chief marketing officer for Rambus. He is responsible for helping implement Rambus’ open and collaborative culture, both internally and externally. Jerome has expertise in strategic usability and user experience and has extensive international business strategy and marketing experience. Before coming to Rambus, Jerome was at Option NV, where he was the chief experience officer leading the user experience process from research and innovation to implementation, marketing, and sales. Prior to that, he was executive vice president of user experience and marketing at MobiWire, chief experience officer at Human Factors International, marketing VP at Gemplus and chief marketing officer at SLP InfoWare.

Posted In: Leaders | Technology

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.