Blockchain changing security landscape in banking sector
DUBAI, November 16, 2017
By Sunil Gupta
Blockchain, the technology that is used in the popular cryptocurrency 'Bitcoin', is revolutionary in many ways. It addresses multiple challenges associated with digital transactions, such as double spending and currency reproduction.
Employing blockchain also reduces the cost of online transactions while simultaneously increasing authenticity and security. The upshot is that the need for payment processors, custodians, and reconciliation bodies is eliminated. These benefits are amongst the prime reasons why the technology is being extensively deployed within the banking sector.
But, quite interestingly, the merits of blockchain technology are not limited to securing digital transactions alone. The IT infrastructure that is used to process digital transactions also benefits immensely from blockchain deployment, which offers multiple cybersecurity advantages to banking applications. Here's a look at how this happens:
A blockchain is a series of blocks that records data (financial, in this case) in hash functions with timestamp and the link to the previous block. These blocks are anonymously stored with other stakeholders within a network. This eliminates centralised points of vulnerability which cybercriminals can exploit. Moreover, previous blocks cannot be overwritten in a blockchain and all transactional data is verified with every relevant stakeholder, making data manipulation is extremely impracticable.
Blockchain technology is being used to protect sensitive records and to authenticate the identity of a user. Keyless Security Infrastructure (KSI) stores data hashes on blockchains and runs a hashing algorithm for their verification.
Public Key Infrastructure (PKI), an encryption approach which is particularly vulnerable to man-in-the-middle and DDoS attacks, is therefore deleted out of the equation. Any data manipulation can be easily spotted as the original hash is available on other nodes linked to the system, enabling banks to go beyond asymmetric encryption and caching in public keys.
Simple logins and centralized IT infrastructure are also some of the biggest vulnerabilities that banks face. End-user protection becomes an especially daunting task, given that - despite comprehensive cybersecurity - weak passwords often give cyber attackers an opportunity to penetrate the network infrastructure.
The deployment of blockchains enables authentication of users and devices without password protection; the decentralisation of the network helps in generating consensus between different parties for verification through blockchain-based SSL certificates. The distributed and decentralized nature of the network that verifies the integrity of the transactions and associated account balances makes a successful attack mathematically impossible."
This delinks the human factor from the security of banking operations and provides strong authentication. It also facilitates speedy identification of the point-of-attack in case of a network security incident.
Certain block-less distributed ledgers are additionally enhancing structural security of IoT devices. Devices in such network environments can recognise and interact with each other in a peer-to-peer manner, without the need for a third-party authority. Complemented with two-factor authentication, this offers unprecedented security to the network infrastructure and makes it impossible to forge digital security certificates.
Blockchain technology can also play a pivotal role in securing internal communications, which are prone to data leaks and cyberespionages. End-to-end encryption fails to cover the metadata - something which can lead to leakage of sensitive information. In blockchain-based systems, the metadata used for communications is scattered in the distributed ledger and cannot be collected at one centralised point.
Blockchain has emerged as one of the most disruptive technologies and has minimized the prevailing security issues in financial transactions. As other viable implementations for the technology are being explored, blockchains are coming to fore as top-contenders for solving an array of cybersecurity challenges and providing end-to-end security to banking institutions.
Though blockchain has several advantages over other systems, there are still a few challenges in terms of compliance, regulations and enforcement that will need to be addressed. For example, regulatory issues demand clarity over jurisdictions and how to comply with KYC (Know Your Customer) and AML (anti - money laundering) laws. But, the increasingly growing demand and acceptance by enterprises would help overcome these challenges sooner than anticipated.
About the author:
Sunil Gupta is president and chief operating officer at Paladion, a specialized cyber security company offering end-to-end information security services & solutions.