The Inner Circle

 View Only

Future of Cyber Security: BlockChain

By Vipul Dabhi posted Aug 27, 2020 05:08:40 AM

  
Future of Cyber Security: BlockChain

Prior emphasizing the details of BlockChain we need to Decode BlockChain and
leverage them further in understanding how they Drive Cyber Security Space

Hashes :

  • Mathematical Function converting data into a finger print of data
  • Can Take Encyclopedia to just a number , turns into an output of a fixed length.

  • Secured Hash Algorithm SHA 256, SHA 384 and SHA 512.

  • Hard to reverse the calculated hash to get the input naive/raw data input.

  • Hash Changes in an Unpredictable way if the input data changes.

  • Hash mismatch indicates Data tampering in Transit.

https://www.tools4noobs.com/online_tools/hash/

Blocks:

  • Blocks are referenced by their hashes which is derived from the contents of the blocks. Each block specifies the block hash it is building on.

  • Ledger of Transaction that refers to Previous Blocks.

  • If the Data and hashes don’t match, indicates tampering of data.

  • Statistics every minutes a Block gets created.

  • The Blocks are connected together in a Linked List Data Structure format.The Hash of previous block is linked as reference in the next block and hence are connected with each other. Hence any change on the block will change the hash followed by the change in the whole connected blocks hence tampering is difficult to achieve in chain of Block.

  • Immutability Aspects: Data is stored for ever in the BlockChain and can not be altered 


How BlockChain empowers Cyber Security

  • Block Identity Theft.

  • Block Data Tampering.

  • Block Distributed Denial of Service Attack.

BlockChain makes Digital Identity a Reality to curb Identity Theft :

Digital Identity is Identity which is stored in Digital format and is complete
identity in itself .Which a User Shares with required Organization when
demanded based on his Consent. Further the Concerned Organization on
receiving the identity verifies the same by matching it with the HASH of the
Repository like Aadhaar etc., if HASH matches it is verified the Identity is shared
by an authenticated person. In this Case the Data is not readily visible and is in
protected mode until verified.


ENTITIES:

 User.
 Data sharing by User by His/Her Consent to the Organization.
 Curbing the Data Sharing Practice by the concerned Organization to other 3rd party without user Consent.

HOW?

 User should be the Complete Owner, means he/She will be the decider
like where their information and what information and with whom it will
be shared.

 Concept of Consent Receipt also known as CR.

 Consent Receipt to be stored in BlockChain.

 Concept receipt details every transaction that has happened between the
concerned/Interacting parties

 For Instance the first part of image has Transaction between User and
Banks for opening an account in which he share data relevant for opening
and account like Unique ID, Photo, Address proof etc.

 So the Consent Receipt will have all the details of key Indicators and is
stored with each participating Entity as well as in BlockChain.

 If Bank tries to share the data to 3rd party legally it has to share it with
consent of User who is the Identity owner, and Consent Receipt will have
transaction from User,bank and 3rd Party.

 Now in case Bank tries to share the data illegally to the 3rd party without
User consent who is the sole owner than its not valid and even if it
happens it will show up mismatch in the transactions and will not be a
correct CR block as for a valid CR Block User Consent is needed. Also it
can be caught in Audit if any forgery is done.

Preventing Data Tampering and Protecting Data Integrity

 Sign Documents and files backed up with private keys.

 Recipients and users can verify the source of the data.

 BlockChain alternatives to document signing replaces secrets with
transparency distributing evidences across many BlockChain.

 Practically impossible to manipulate the data.

 Keyless Signature Structure is a project which store hashes of original
files on the BlockChain, verifies other copies by running hash algorithm
compares the result with one stored on BlockChain.

 Manipulation of data will be quickly detected, original hash exists on
million of nodes.

 US Department of Defence is considering KSI as a potential fit to protect
sensitive military data.

 There is a company named Gem which is helping using BlockChain for
sharing Medical Data across stakeholders following HIPPA compliance
securely because Health Care data is very crucial and has to be shared
confidentially.
Block Distributed Denial Of Service Attack

Distributed Denial of Service is the offering which offered by default in
BlockChain. Lets consider this in Context of Ethereum and Hyperledger, both of
them are diverse set of BlockChain like Public BlockChain and Private
BlockChain respectively.

Denial of Service and Distributed Denial of Service is the aspect under this attack
there is flooding that happens over the server with request and these request are
not legitimate and hence eventually slowdown the response of server to serve
the legitimate requests.

In Ethereum context whatsoever request required to get served has to pay a sum
in form of GAS amount which is smallest form of Ethereum like Paisa for Rupees,
like if want to get our request served a fixed amount based on the operations
which will get performed is decided and has to be paid to get the request
served.So this approach by its very design eradicates the DDOS attack, because
request here will be legit only as they have to pay for it and illegit request will
not pay as there motive is to block.

In The Context of Hyperledger which is a Private BlockChain like a Consortium of
Companies, there is network in which all entities are know in prior and are also
verified by a Certifying Authorities prior getting on-boarded hence the chances
of Ddos is negligible as the Entities of Network are already known and Is private
facing, and in case if it happens its easy to catch the node.


Thanks for reading through my Latest Blog considering the Future of  Cyber Security as BlockChain.

If you liked it please do me favor:


Want to Learn Cloud Based SIEM & SOAR tool >>>>>AZURE SENTINEL

1.Here is the Blog Post reference for Same on Cloud Security:

https://circle.cloudsecurityalliance.org/blogs/vipul-dabhi1/2020/08/03/introduction-to-azure-sentinel-its-implementation

2.HOW CAN YOU MASTER AZURE SENTINEL HANDS-ON
https://www.udemy.com/course/azure-sentinel-hands-on-first-cloud-based-siem-soar/

In this exhaustive course i have given consideration on Hand On from session one.
We will understand how to connect Checkpoint Logs to Azure Sentinel,setting up Syslog Server,
Azure Native Connectors, Sentinel Architecture Design Best Practices both On Premise and Azure Cloud.
0 comments
36 views
placeholder for permalink
Placeholder for comments