Is the blockchain good for security?
4 April 2016 | 0
For example, banks would send money directly to one another instead of going through a centralised clearinghouse like SWIFT or ACH.
In February, 40 of the world’s largest banks conducted a trial of five blockchain technologies, including Ethereum, a public block chain platform, as well as blockchains from Chain, Eris Industries, IBM, and Intel.
Ethereum claims to take only 17 seconds to process a transaction, while a San Francisco-based start-up, Safe Cash, announced last month that it can process a transaction in under five seconds — and can handle up to 25,000 transactions per second.
According to Autonomous Research, blockchain technology could save the financial system $16 billion (€14 billion) by 2021, or one-third of annual clearing and settlement costs globally. But getting to that point could be extremely difficult, said Larry Tabb, founder and CEO at Tabb Group, in a report released in February.
“Many massive and in some cases what seem to be insurmountable challenges need to be overcome,” he said. “This will take not only years but hundreds of millions if not billions of investment dollars across banks, investors, custodians, and industry infrastructure.”
Larger attack surface
As any company with a big database knows, hackers love going after sensitive information. If a blockchain is used to store confidential contract information or payment data, then replicating the file could potentially offer hackers more places to get their hands on it.
This is not a problem for blockchain data that is meant to be visible to the public. But many investors, for example, would not like others to know that they are taking a position in a particular security, said Tabb.
If the information is meant to be visible, then having multiple copies means that the data is less likely to be lost, said Ping Identity’s Harmon, since there are multiple copies of the records. And if the blockchain contains encrypted information, then it doesn’t much matter whether the peers access the data in a single location or in multiple locations, since the number of access points remains the same.
“If a key is compromised, then it can be used to access the database in a hub-and-spoke model, as well as in a distributed database,” said Harmon. “There is no difference.”
Enterprises do have a lot of flexibility in how they deploy the blockchain, said Nigel Smart, co-founder and adviser at Dyadic Security.
“If you wanted to deploy a block chain in a system like a commercial banking system, you wouldn’t use it the way Bitcoin uses the blockchain,” he said. “The general idea is you can put anything you want on the blockchain. If you want anonymity, you could put that on. If you want public accessibility, you can put that in.”
But not all the proposed applications make common sense, he added. For example, some blockchain proponents suggest that the technology could eliminate escrow accounts.
According to Dan Wellers, digital futures lead in SAP’s marketing division, a company looking to buy, say, a million widgets could put the order into the blockchain, the widget factory would invest in the new plans and machinery needed to make the widgets, and when the order was complete, the contracts would execute automatically.
This is possible, agreed Smart, if the money for the widgets was to be locked away inside the blockchain in Bitcoin or some digital equivalent. Someone else still has to validate that the contract has been fulfilled, but then once it does, the money could leave the blockchain automatically.
“The Bitcoin wallet itself is acting as an escrow system,” Smart said. “But if you’re transferring a large amount of money, if you put it into a traditional escrow account it earns interest, and if you put it in a Bitcoin account it doesn’t earn interest.”
Plus, Bitcoin’s volatlity means that you don’t know whether you’ll end up with the same amount of money as you started with.
A more likely application would involve the sale of virtual goods, Smart said.
For example, the blockchain could contain a song file, and the smart contract to release it once the payment for it has cleared.
“Anything digital can go on the block chain,” Smart said.
Compliance and enforcement
Central clearinghouses do more than just move information around, however.
Even if blockchain technology does prove to have advantages over other modern systems, there are still issues of compliance, regulations and enforcement that will need to be addressed.
For example, centralised utilities often have to comply with rules about what kinds of public access they provide to their systems. Do groups of companies setting up private blockchains have to comply with the same rules?
Other regulatory issues include clarity over jurisdictions and how to comply with know-your-customer and anti-money laundering laws.
There is also a large network effect associated with some platforms. For example, according to Autonomous Research, card networks currently process around 2,000 transactions per second and do so very cheaply, meaning that merchants have little incentive to switch.
Finally, one unintended consequence of full automation is the lack of circuit breakers. The current settlement process provides more opportunity to hit the brakes if something goes wrong.
According to the DTCC, the blockchain not only has fundamental technology challenges related to scalability, latency, performance, and security but many operational problems as well. For example, logging and monitoring are essential for enterprise environments, but have not yet been addressed.
IDG News Service