We’ve written before about blockchain, the new darling of the cybersecurity world. For the uninitiated, it functions as a decentralized database operating in a large-scale, peer-to-peer fashion that auto-encrypts all of the information in its files as they are updated. At time of writing, no hacker has managed to crack it; thus cybersecurity companies are intensely researching the technology for how it can bolster their platforms.
With that in mind we spoke to Vaughan Emery, CEO of Atonomi, the blockchain-based arm of CENTRI Technology. Atonomi is currently building a cybersecurity platform utilizing the technology to secure the identities of connected devices, which will protect Internet of Things (IoT) devices from social engineering hacks.
Here’s our conversation, edited slightly for readability:
Solutions Review: What role does identity play in social engineering hacks currently?
Vaughan Emery: Spoofed identity is a cornerstone of social engineering hacks. For years, we’ve all had to deal with phishing attacks in which a friend’s email account has been compromised, with all of their contacts receiving bogus emails encouraging them to click on attachments or links that trigger malware behind the scenes. The threat is raised with spear phishing—which involves a more personalized message to increase the sense of familiarity [and thus increases] the likelihood of tricking the email recipient into activating attached malware or divulging passwords and personally identifiable information. Elsewhere, identity theft has become an international problem for the banking and credit card industries.
SR: How can blockchain prevent social engineering hacks? What can blockchain do to stop something that seems on the surface purely a human error?
VE: The inherent immutability of the [the technology] is ideal for establishing proof of identity, and proof of identity is precisely what we need to combat identity-spoofed social engineering.
Blockchain technology won’t be a perfect solution. Even blockchain can’t protect a naïve person from clicking on an email from an alleged Nigerian prince looking for a place to send $5 million. But it should help curtail the use of spoofed emails and other areas in which one person pretends to be another. Similarly, financial institutions incorporating blockchain-based identity could slash the incidence of identity theft-based fraudulent credit card and banking fraud. Blockchain can help us go beyond anonymity to dealing with known and trusted parties.
SR: What can blockchain do to provide individual devices with their own identities? And how does this tie into authentication?
VE: Blockchain is the ideal mechanism for establishing immutable root identity—for individuals and devices. From a device standpoint, consumers will be able to register a device—including unique device identification data—to the blockchain, creating an immutable record of their ownership of the device, and establishing the provenance of the device. The blockchain can also be used to provide an irreversible ledger of all warranty, maintenance, and repair work performed on an aircraft, bulldozer, family car, or any other device.
SR: Experts seem in contention on how this technology can be used for identity management, especially concerning deployment. What do you think of this debate?
VE: When it comes to identity, if something like [this technology] didn’t exist, we would need to invent it. Many people have compared the development of blockchain to the creation of the Internet. Blockchain’s role as an immutable—irreversible—decentralized ledger will provide a foundational element for establishing identity and proof of transactions—financial or otherwise—long into the future.
SR: In your opinion, can blockchain help secure the IoT?
VE: Securing the Internet of Things is one of the great challenges facing civilization. Yes, there are many huge problems facing humanity these days, but securing the IoT is absolutely one of them. Each day more and more of the world’s supporting infrastructure—from regulating the power grid, through controlling manufacturing processes, to managing smart city infrastructure, to the delivery of healthcare, including wearable insulin pumps, pacemakers, and other devices—is controlled by the billions of devices that have already been deployed as the Internet of Things.
Fortunately, blockchain is ideally suited for providing the immutable device identity that is at the foundation of securing the IoT. With blockchain technology, we can first agree on what is true from an identity and transaction standpoint; secondly, decentralize what is at risk, avoiding highly targetable centralized repositories; and finally, provide an immutable record of all that has been entered to the blockchain.
In short, blockchain provides a technological spark that should open a new—and more secure—era of computing.