Find out more about this emerging cybersecurity practice that helps to close up more network system vulnerabilities
As hackers get more sophisticated, malicious, and greedy with every passing day, it has been a constant and complicated fight for one-upmanship between them and the world’s security experts.
Moreover, geopolitical tensions now routinely spill over into cyberspace these days, causing damage to economies via well-orchestrated cyberattacks.
One way to tackle them is enforcing a no-trust policy (Zero Trust or ZT) on the network, operating system, process, people, or interactions. Another methodology that is gaining ground is Zero-Knowledge Proofs (ZKPs), primarily helping legitimate network users to prove that they hold access to the credentials to a verifier without giving all the information about themselves (including the credential itself) to the verifier. This leads to reduced exposure of fragments of identity data that cybercriminals or insiders can harvest to gain higher access levels or other identity privileges.
When done correctly, ZKPs can help network users improve control over the attributes of their identity while allowing others to verify them and granted the required network access.
Adding DLT to ZT+ZKP
Against a backdrop of ZT and ZKP practices, network administrators can now also leverage blockchain (distributed ledger technology or DLT) to enhance user activity tracking, limit cybercriminals’ attempts to hide their tracks, and enforce immutability in critical areas of identity and access management.
With this three-pronged approach, an organization can make sure hackers cannot change stored credentials; authorization policies; authentication methods; levels of authentications; access tokens; access control lists; or log files.
- In any blockchain-based system, the immutability factor is the biggest strength. Similarly, when used in identity and access management systems, hackers cannot alter anything about the user before, during or after the attack. This helps the enterprise hold users’ ZKPs tightly during user access and prevent user-information-related compromises into the systems.
- Another factor is the distributed nature of the blockchain. By holding immutable user-related data that can activate access to networks in multiple geo-locations the enterprise can control user access from different parts of the world.
- Also, by holding the data in multiple immutable ledgers, organizations can trigger access verification from any ledger that is closest to the access request. By having a private permission blockchain with selective encryption, ZT and ZKP requirements can be managed optimally.
The decentralized, consensus-driven, trustless nature of a blockchain thus makes it resilient to attacks to a great extent.
Being nascent in nature, the use of blockchain in ZT and ZKP must address inherent security concerns.
- One of the issues is the ‘Sybil attack’ where hackers generate fake network nodes to acquire majority consensus and disrupt chain transactions. However, this can be checked through acceptable consensus algorithms and by monitoring nodes’ behavior regularly. Algorithms can be used to create a lot of hurdles to make it ‘almost impossible’ for hackers to attack.
- Similarly, endpoint vulnerabilities have been rated as another concern. Hackers will be watching the user behavior on endpoints like computers and mobile phones to steal the access key to blockchains. However, blockchain experts strongly warn users against saving keys on the laptops or mobile systems as text files.
- There is also another concern called the ‘51% attack’ when one individual or organization (malicious hackers) gains majority control of the network hashes. Again, this can be avoided again by implementing secure consensus mechanisms.
- Similarly, phishing attacks can happen in blockchain, but to a minimal extent browser security is enhanced.
- There have also been cases of routing attacks without blockchain users becoming aware of then. However, use of encryption and secure routing protocols can reduce such attacks. Attacks do happen when the private keys are weak.
Given these potential weak points, is incorporating blockchain into cybersecurity a strong solution to reduce attacks?
Experts with critical experience can easily address these concerns by deploying blockchain networks that can hold these ZKP truths securely. Moreover, it is an emerging technology, and a lot of research is being done to mitigate its own security concerns in order to be helpful to fight major contemporary cybersecurity crimes for the next few decades.