With fraud, breaches and threats reaching pandemic proportions across the entire digital ecosystem, the blockchain is hyped as an instant fix to resolve security challenges for use-cases spanning financial services, retail, real estate, healthcare and insurance.
The potential is powerful, but the blockchain needs help to be truly secure. Given the high-value and safety-critical nature of some proposed deployments, it is imperative that nothing alters data prior to its placement on the blockchain.
The key issues
The blockchain was created to be completely immutable, so once data is put inside the blockchain it cannot be tampered with. This means data stored within the blockchain itself is highly secure.
Blockchain uses a combination of public and private keys to store and send virtual assets. The public key creates the address of where the assets are stored in the public ledger. The private key (which is also used to derive the public key) is used to sign each transaction a user sends out and prove that the user requesting the transaction does in fact have ownership of the assets.
Anyone can have access to the public key, but as long as the private key remains a secret, the assets are safe. But if a private key is lost or stolen, the assets associated with it are gone forever. Herein lies the fundamental shortfall that undermines the security of blockchain solutions – protecting private keys.
The Wild West
Nowhere is the absence of strong security solutions for the blockchain felt more keenly than the cryptocurrency market.
Hackers have declared open season. In the first nine months of 2018 alone, nearly $1bn of cryptocurrency has been stolen. This marks an increase of close to 250% compared to the whole of 2017. No wonder the UK Treasury has described the market as the ‘Wild West’
Each hack adds to market volatility, undermining consumer and institutional confidence and inherently limiting the potential of this powerful technology.
Does hot property need cold storage?
Security challenges also makes the usage and storage of cryptocurrencies very impractical.
The online storage services offered by the exchanges (known as ‘hot wallets’) are constantly connected to the internet to make assets more readily available, making the vulnerable private keys susceptible to attack. Consequently, many see hot wallets as too risky and store their assets in offline ‘cold wallets’, which can take the form of USB devices or even pieces of paper.
While more secure from hackers, cold wallets limit the usability of cryptocurrencies. What’s more, if a cold wallet is misplaced, or the hard drive corrupted, access to a crypto asset is irrevocably lost. The challenges that come with accessing and using cryptocurrencies compound the perception that they, and blockchain technology in general, are inaccessible and confusing.
Closing the security gap with tokenization
It is apparent that the security challenges, specifically the vulnerability of private keys, must be addressed before the full potential of blockchain technology can be realised.
Multi-signature improves security by introducing additional distributed keys for recovery and authentication. Yet, this still relies on the use of original keys. To meet this critical market gap, multi-signature can be combined with proven tokenization technology.
Tokenization is a process that replaces sensitive credentials—such as private keys for blockchain and crypto assets—with a non-sensitive equivalent token that is unique to each transaction. In doing so, tokenization mitigates fraud risk and protects the underlying value of credentials. This adds a layer of frictionless security that complements the immutability of the blockchain.
A secure foundation
For blockchain technology to be truly transformative, a secure foundation of trust and transparency is needed – starting with a new approach to security. Tokenization technology is an immediately available solution to provide this foundation.
By Jerome Nadel, SVP/GM of Payments and Ticketing and CMO, Rambus
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.