An Unsafe Internet
The Safer Internet Day (February 11) only reminds us that the internet can be a dangerous place: it has little in terms of security features designed to protect the privacy of user data or address the needs of today’s rapidly growing e-commerce industry.
Since the internet was initially meant to serve as a global data-sharing system, its design does not reflect the much broader applications that it is put to today. No one imagined that the internet would seep so profoundly in our daily lives that it would be an essential tool for sectors like banking, commerce, education, healthcare, sensitive communication, manufacturing, oil and gas, transportation, and agriculture.
Hence, there is a lack of in-built security features, and the global community is looking for solutions for a better and safer internet of the future, which can support the growing demand for internet services offered.
A Key Challenge: Privacy
The sensitivity of services offered across the internet means that one of the main areas of concern when it comes to security is data privacy.
Although the internet was meant to be a decentralized network, with no administration and authority holding control over it, today, the space is dominated by a few big tech companies. For instance, firms like Google and Facebook that provide a free service (search engine and social networking, respectively) harvest massive amounts of personal and sensitive data for profit.
In fact, in 2018, Facebook creator Mark Zuckerberg testified before the U.S. Congress regarding how the company had collected information of almost 87 million users was passed to the London-based voter-profiling agency Cambridge Analytica. The data was harvested without users’ permission and used to influence electorate behavior during the 2016 Presidential elections.
Tech giants have access to troves of data, and consequently, to our very personal lives. Companies’ little regard for lawful consent means that they can unfairly manipulate users for their profit.
Blockchain for Internet Security
Since Bitcoin was introduced in 2008, crypto-powered virtual currencies and the blockchain distributed ledger technology behind them have gained significant attention.
Admittedly, much of it is hyped – blockchain is not a miracle cure for pain points across all industries. More than a decade later, it remains a niche technology that faces multiple challenges in an application, such as scalability and regulatory uncertainty.
Nevertheless, it cannot be denied that the tech that underpins crypto holds the promise to be ‘world-changing,’ ‘transformative,’ and even ‘revolutionary.’ Its disruptive potential has prompted businesses and governments to explore blockchain-based solutions to solve the problem of an unsafe internet.
Here’s how blockchain can help:
One of the most touted features of blockchain is its decentralization. As a distributed ledger technology, blockchain operates on an entirely distributed model whereby there are multiple nodes that check each other. Such a system can protect data securely as it is resilient to cyber-attacks like malware and DDoS.
InterPlanetary File System (IPFS): One project which aims to employ a peer-to-peer protocol to make the web faster, safer, and more open is IPFS.
It plans to surpass HTTP and use blockchain to replace centralized storage of data with nodes. Therefore, no single entity would control users’ private data, and it would also be protected against attacks (including DDoS and Code injection) and censorship.
The platform functions much like a BitTorrent network – users become nodes and are incentivized through Filecoin crypto payments for storage and bandwidth used. According to its website, IPFS aims to create the web of tomorrow by:
- Efficiently distributing high volumes of data without duplication, making the internet proficient and inexpensive.
- Storing all versions of data, permanently preserving humanity’s history, and enabling data mirroring.
- Delivering a technology that realizes the internet’s true vision: to be an open, flat, and equalizing platform without consolidation of control.
- Providing a network with persistent availability that enables connectivity in developing/underdeveloped nations and during crises like natural disasters.
Orchid: Orchid is an Ethereum-based open source software that aims to offer users better digital privacy by harnessing blockchain technology to create a decentralized and surveillance-free internet protocol. Operating on a “permissionless” network, the platform employs Web 3.0 tech to provide ‘open and accessible internet for everyone,’ everywhere.
Orchid was founded in 2017 and launched its product; the first-ever incentivized P2P privacy network in December last year. Essentially, the system combines the advantages of VPN and Tor in an app that allows users to privately and anonymously browse the internet with a pay-as-you-go account of OXT (Orchid’s Tokens).
Orchid lets providers sell their excess bandwidth to users and helps clients find nodes through ‘stake weighted random selection,’ which is implemented as a smart contract function. The system is maintained through economic incentives and nano-payments, making it extremely cheap for users when operated on a large scale.
Therefore, the peer privacy network holds the potential to act as a layer of smokescreen protecting data on the internet.
Blockchain has inherent traceability, which allows smart contracts and transactions to be publicly, transparently, and immutably recorded. It is, therefore, an ideal way to store critical data so that it remains forever accessible, incorruptible, and transparent. All changes made can be easily tracked, thereby reinforcing data integrity. Hence, blockchain offers a novel way of securing private data and public records against cyberattacks.
In addition to transparency and traceability, blockchain tech has the unique ability to encrypt all the data, all the time instantly.
Public blockchains are precisely that: public. Data stored on the public ledger is clearly visible by default. Therefore, since all nodes have a copy of the ledger, data confidentiality cannot be preserved.
However, data can be encrypted so that only those with a key can access it. Stakeholders issue an asymmetric pair of keys and exchange their public keys outside the network. Messages are encrypted using the senders’ private key, which essentially acts as a signature. Subsequently, recipients can decrypt messages by using their private key in combination with the senders’ public key (shared earlier, out the blockchain network).
(Source: Platform 6)
Due to the chains’ shared validation and distributed setup, archives can be stored securely and accessed from anywhere. This makes blockchain an ideal for corporations, government agencies, as well as communication applications for private citizens.
Multiple entities are working to build blockchain-based systems that offer significantly improved privacy in peer-to-peer confidential communications.
For example, PegaSys introduced its commercially licensed Ethereum platform – PegaSys Plus – that offers a database encryption plugin. The feature secures the privacy and confidentiality to the information stored on a blockchain by making it resilient to spying. PegaSys, a leader in the enterprise Ethereum space is committed to broader adoption of Ethereum and the Blockchain technology by pushing the limits of Distributed Ledger Technology (DLT) to meet commercial demands. They believe that blockchain can be used to build a more secure and trustworthy infrastructure for enterprise systems.
Additionally, the Defense Advanced Research Projects Agency (DARPA) – the research wing of the U.S. Department of Defense – is harnessing DLT to create a more efficient, robust, and secure platform as a part of its Digital Modernisation Strategy for the next five years.
Identity authentication has been a struggle since the online infrastructure developed. In the economic sector, for instance, financial conglomerates are employed for validation and authentication purposes despite their high costs.
Blockchain’s distributed setup offers an opportunity to employ Public Key Infrastructure (PKI) in a much more resilient manner. Users can register their digital identities through key-pairs through key attributes like name, social security number, national identity number, and biometric information. Since this data is stored in verified hashes by reliably identifiable blocks, users can essentially use it to self-authenticate themselves easily when asked for proof of identity.
As the world gets ‘smarter,’ blockchain could act as the predominant authentication provider, simplifying complex identification processes across industries.