Popularized from 2008 with the advent of crypto-currencies (and bitcoin in particular), blockchain technology, better known as blockchain, was designed to orchestrate and make virtual transactions more reliable. It revolves around a sort of computerized account ledger distributed through a network. Due to its decentralized nature, a blockchain makes it possible to ensure the integrity and history of transactions. “Each user can verify that an exchange has not been tampered with by comparing their copy of the chain with that of the others,” recalls Pierre d’Huy, IT security consultant at ESN Devoteam.

In addition to cryptocurrencies , blockchain systems are now increasingly in demand to secure other types of virtual assets. “The cases of application are very varied. The Luxembourg Stock Exchange, for example, uses a blockchain to electronically sign the financial documents it publishes.

Uberizing trusted third parties

More generally, any dematerialized document or any data passing through an information system could benefit from a blockchain to be certified and traced. The objective being, in the end, to provide the content with a certificate capable of protecting it against any unauthorized modification, throughout its life cycle. It is with this in mind that the software publisher Acronis has recently integrated the Ethereum blockchain.to three of its flagship applications (Acronis Storage, Acronis Backup and Acronis Files Cloud). The American thus intends to uberize trusted third parties. “Certifying the authenticity of a document through a trusted third party costs between 1 and 10 dollars depending on the volume of files concerned. With a blockchain, this costs less than one cent”, calculates Laurent Dedenis, chief growth officer (CGO) of Acronis. “Specifically, we estimated this cost at 0.50 USD per ethereum transaction containing approximately 5,000 certified documents. Knowing that this envelope will continue to drop rapidly.”

Acronis therefore identifies several scenarios for the use of the blockchain in the security of information systems. “In the age of the digital economy, data is required to transit more and more from one company to another: from a customer to a supplier, between partners… With the advent of virtualization and containers, they will at the same time be able to easily switch from a cloud to the other. Traceability needs are therefore exploding. The blockchain provides a real solution to these problems, which is both inexpensive and reliable”, insists Laurent Dedenis. “The blockchain can in particular make it possible to certify that the events recorded in a system have not been corrupted, typically with a view to an audit. Or even to fight against fraud, in the health insurance sector for example, by giving players the ability to share data sets – to ensure that a reimbursement has not been made twice.

“As soon as it is legally recognized, the blockchain will be able to replace notaries”

There remains a limit: data certified by means of a blockchain are, for the time being, not enforceable in court, as blockchain technologies are not legally recognized (by any country) as a means of electronic signing. . “As soon as this step is taken, the blockchain will be able to replace notaries. This will signal the time for large-scale adoption”, predicts Laurent Dedenis.

To respond to this legal void, Docapost, a digital services subsidiary of La Poste, has taken up the problem in the opposite direction. It offers a solution approved by the Interministerial Service of the Archives of France to certify all the documents attached to transactions carried out via blockchains. “Baptized Blockchain Archiving, our offer allows any file associated with such transactions, contractual or other documents, to acquire legal and probative value. What the blockchain cannot provide at the moment”, summarizes Olivier Senot, director of development new paperless services from Docapost.

A bulwark against piracy?

Regarding the contributions of the blockchain in terms of computer security, another area is often mentioned: the IoT .. Faced with the multiplication of hacks of connected objects (often with the aim of using them as a relay to orchestrate attacks against websites), the blockchain is put forward by some as a miracle solution. It could make it possible to provide objects with certificates to communicate with each other without going through a central platform, thus limiting the risk of intrusion. “It is with this in mind that IBM has introduced the blockchain dimension to its Watson IoT offer”, illustrates Pierre d’Huy. “Note, however, that storing a chain requires computing capacity, and creating a block on a public blockchain also involves computational resources that are often greater than those of most IoT terminals. It is hard to imagine this type of application for a fleet of thousands of connected lamps for example. On the other hand, it seems realistic to use it to secure devices with more machine resources, such as network equipment such as routers or switches.

A lever to limit so-called “man in the middle” or “spoofing” attacks

Blockchain could still meet other IT security challenges. “Its decentralized, anonymous, peer-to-peer and encrypted character could allow it to limit the cases of so-called “man in the middle” attacks (the pirating of a flow between several servers, editor’s note) or “spoofing” (identity theft, editor’s note)“, considers Sébastien Gest at Vade Secure, a French specialist in email security. The tech evangelist mentions in particular two projects using blockchains to encrypt exchanges between messaging: Cryptamail and Switch. It remains to be seen whether these solutions have a future.”Mail encryption tools, such as PGP, have been around for a long time, but are very little used”, recalls Sébastien Gest.As for antivirus or antimalware publishers, they have not yet found what the blockchain can bring to their products. “Today, no blockchain application can evolve in the detection of malware, ransomware, phishing , spear-phishing attacks”, observes Sébastien Gest.

Be careful, the blockchain also has its weaknesses. A blockchain can indeed be broken if a sufficiently large number of machines associated with its network have been compromised. This is what happened in June 2016 to The DAO collective, a “decentralized autonomous organization” implementing the Ethereum blockchain. The attack resulted in the misappropriation of 3 million ETH, the equivalent of $50 million at the time. “A more robust evolution of ethereum was launched in the process. This episode had the merit of showing that the blockchain, like any technology, is not inviolable”.

5/5 - (1 vote)