Blog

Blockchain and the 4th Industrial Revolution

Humankind is approaching a new industrial revolution. Unlike the previous three, it will impact every industry and interact between the digital, physical and even biological worlds while approaching at a neck-breaking speed due to the unprecedented amount of breakthroughs. This revolution is evolving at an exponential rather than a linear pace when compared with previous three.

This revolution can be summarized with data, its connectivity and what they will be used for. The amount and precedence of connectivity will be unmatched and unlike what the Digital revolution (3rd industrial revolution) has offered.  Furthermore, the number of connected devices is expected to grow to a mind boggling number that could reach somewhere between 28-50 billion by 2020, according to estimates published by multiple CEOs as mentioned in IEEE.

Having such a massive number of connected devices also entails that network speeds will be much faster than current networks. For example, “with 5G, users should be able to download a high-definition film in under a second (a task that could take 10 minutes on 4G LTE). Wireless engineers say these networks will boost the development of other new technologies, such as autonomous vehiclesvirtual reality, and the Internet of Things” (2).

In my opinion, Blockchain technology will be the core tech used among all others that will form the basis of the 4th industrial revolution. For example, artificial intelligence and machine learning will remain a challenge if the trust and privacy in gathered data is not present. Machine learning requires a large amount of data about a particular object, person or a thing in order to learn and predict its behavior and make decisions. However, if this data is breached, corrupted or manipulated it will make the job of machine learning a rather difficult one and thus prone to erroneous or even catastrophic decisions. Blockchain solves all aforementioned issues which will enhance the correct development and valuable uses of machine learning technologies. That, in addition to keeping privacy of users as they can contribute data to the blockchain while choosing what to share.

The pillars of the 4th industrial revolution will become a privacy and security nightmare without blockchain. Take for example the privacy concerns of Facebook. Merge that with the upcoming large number of connected devices and other technologies that will make connectivity embedded even biologically. This will produce an AI for every social network, eCommerce website, business and perhaps everyone that profits from data. Without Blockchain, your news feed, email, phone, social profile(s), and potentially smart home appliances will become an ads nightmare. Likewise, cyber criminals will have new and more powerful tools in their disposal. Machine Learning devices, eCommerce tools and algorithms, and autonomous systems can randomly gather information about you that may not represent your genuine interests.

The main pillar of the 4th industrial revolution is data and its connectivity, and the key issue will be how this data will be used and handled by the complicated society we live in. Privacy breaches, the correct use of data (especially by machine learning technologies), and other potential issues will become a far more complicated problem if Blockchain is not embedded with the rest of these technologies. Blockchain is the checks and balances system that ensures other technologies and actors will not use data in ways that are unauthorized by the owner of said data. Blockchain will also enhance these technologies by giving them the necessary and correct data, thereby avoiding data processing waste and enhance the correct and safe autonomous decision making.

Can we Stop Cryptocurrency Hacks?

Blockchain’s promise of transforming numerous industries is inevitable. It will enhance some and disrupt others. The technology, which is the backbone of most cryptocurrencies, is expected to disrupt the global financial system due to decentralization, the elimination of the middleman (banks), the cutting of fees taken by these middlemen, the borderless potential, and the ownership of those assets directed between peers. Despite the benefits, however, crypto hacks remain a problem that can’t be ignored.

Thanks to this innovation, cryptocurrencies have become a major candidate that could pose a significant challenge to the current banking system.

Cryptocurrencies are stored on a decentralized, open and transparent ledger. Ownership is determined by private passphrases acting as a digital signature, which in some cases, are as long as 50 characters.

The personal ownership and responsibility of securing one’s funds, however, has introduced opportunities for cybercriminals to steal from individuals who haven’t taken the proper measures to ensure the safety of their holdings. Strategies such as phishing, hacking cloud-based notes, and/or breaching text files storing the private key on the victim’s device still pose a significant risk to anyone holding digital assets.

Even though cryptocurrencies do introduce far more advantages than the current banking system, they often lack the luxury of employing a central authority to help in retrieving stolen assets.

Vulnerabilities on exchanges account for the vast majority of hacks. This is because exchanges retain ownership of assets on hot wallets, or online wallets.

We have seen numerous hacks on exchanges, leading to the loss of $781 million dollars so far in 2018. Even exchanges which have made notable efforts to improve their security have fallen victim to attacks.

Bitfinex, for example, attempted to safely store private keys on cold wallets, however cybercriminals still managed to breach the system, resulting in significant losses for some customers.

One major issue with losing a private key stored on a cold wallet is that there is no recourse. There is no central authority to blame and, in most cases, no way to recover the funds due to the complexity of the crypto-market’s borderless nature.

Hacking a cold wallet can occur in multiple ways, such as, compromising the device that stores the private key file or impersonating online wallet services such as myetherwallet.com. The use of social engineering often plays a major role in obtaining a users’ private data. In addition to phishing schemes or other social hacks, malicious actors may use man in the middle attacks or supply chain attacks to gain access to a victim’s funds.

Buying a hardware wallet that may have been used before is a prime example of a man in the middle attack. This means the private key is known by someone else. To prevent this, it is important to ensure that a cold wallet has never been used by purchasing directly from a manufacturer and generating a fresh key before transferring funds to the device.

Taking the necessary precautions greatly reduce the chance of losing crypto through hacks, but it’s still not impossible.

Users could still fall victim to supply chain attacks, or instances in which bad actors installed foreign hardware within the device. While no such attack has occurred yet on cold wallets, the famous China chip breach highlights the possibility. This has been confirmed by Ledger in a vulnerability test, revealing the possibility to compromise a device in a which could result in the loss of funds.

There are many strategies that could be enacted to ensure the safeguarding of a wallet either stored on a device or on an offline hardware wallet such as Ledger, however, there needs to be ways to track and retrieve stolen assets if something happens.

Some have suggested that increased oversight on centralized exchanges to prevent hacks, facilitate the tracking, freezing, and retrieval of stolen assets could be a solution. The recent capture of a British hacker by the help of the state of Delaware is a prime example of how a governmental role in the crypto space could help retrieve funds.

Additionally, the development and use of decentralized exchanges could greatly reduce risk for individuals.

Another solution would be for hardware wallet manufacturers to take advantage of the power of blockchain to enhance their security to safeguard from the possibility of supply chain attacks, man in the middle attacks, and insider attacks.

How Blockchain Technology can Enhance Cybersecurity

Cryptography and cybersecurity are embedded in the fabric of blockchain technology. One of the main breakthroughs of blockchain tech is the way information is secured, authenticated, accessed, and transferred. This is different from the currently used systems that keep data stored in one place. Blockchain allows data to be distributed across multiple nodes and encrypted with cryptography. Even though cryptocurrency exchanges are vulnerable to attack, there are virtually no instances where a major blockchain has been hacked. That’s one of the reasons the rise of decentralized exchanges is essential for the security of digital assets which will later facilitate mainstream adoption of this new class of digital assets.

For more about decentralized exchanges, I refer you to “Are Decentralized Exchanges Critical for the Future of Digital Assets?” , and “On Fungibility, Liquidity, and the Importance of Decentralized Exchanges”. The uses and importance of blockchain is far more critical than the transfer and exchange of digital money (cryptocurrencies).

One of the critical areas blockchain is expected to significantly enhance is cybersecurity. Take for example the recent Facebook attack where 50 million user accounts were impacted by a security breach. This of course in addition to the previous vulnerabilities in Facebook privacy practices that allowed the exploitation of private user data that was used for political gains. As famously seen in the Cambridge Analytica scandal (for more about Facebook’s latest troubles, refer to “Facebook’s Latest Scandal Reveals Some Worrying Security Shortfalls”)

The China Chip Breach

No matter how much companies spend on cybersecurity, as long they keep data in centralized servers, hacks will continue, and cybercriminals will still find ways to exploit vulnerabilities in the centralized systems. The recent and largest supply chain attackthat was conducted by China against the U.S is another example. A very tiny chip was used to infiltrate American companies such as Amazon and Apple.

The tiny chip was allegedly planted by Chinese operatives on motherboards of many servers across multiple companies. It was later found by a third party security company in Canada which was hired by Amazon that the chip is not much bigger than a grain of rice. The chip was nested on Elemental’s servers which is a company was acquired by Amazon. Elemental uses Micro Computer Inc. motherboards (which is known as Supermicro) to construct their servers. The servers that were breached by this tiny chip can also be found in the Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. Elemental is just one of a numerous number of Supermicro customers.

The investigation, led by the U.S intelligence community, later revealed that the chips allowed the attackers to create a “hardware” backdoor. Also, the chips seem to have got inserted by Chinese operative at factories run by subcontractors in China. This attack is special in the sense it exploited the hardware which is different from the software-only attacks the world is used to. This by far is considered to be the most significant supply chain attack known to have carried out against American companies.

The implanted microchip manipulates the commands sent by the operating instructions which routes the data as it moves through the motherboard, this essentially achieves the goal of forcing the server to communicate with adversary computer(s). Additionally, it can manipulate the CPU commands to avoid authentication using the password the server requires to grant access. Encryption keys that may be used on other servers but stored on the breached server can be stolen by transferring the keys to the anonymous computer with which the chip allowed the server to communicate.

Stealing secrets and proprietary information from U.S companies, and governments has long-lasting and devastating effects. Essentially causing what is called a frog leap in the advancements of adversary technology. Stealing intellectual property costs the U.S hundreds of billions of dollars every year. The hacks usually occur through social engineering techniques on a certain person of interest by exploiting their personal information using social media, phishing attempts, blackmail or bribes.

Cyber attackers usually use similar methods and techniques. It all boils down to breaching a single point of failure in a company or organization’s cybersecurity protocol. One that, in a sense, can be described as a centralized server which contains sensitive information. Blockchain is a single failure tolerant technology, and if it can be facilitated correctly to protect sensitive information, it could pose a significant challenge to cybercriminals. Blockchain essentially distributes the information on multiple decentralized servers. In addition, the information is encrypted using cryptography, which in turn, is difficult to break. If one server is attacked the nature of the information it has, which is a part of a chain of decentralized nodes, will remain unknown and useless to the attacker.

The Case for Blockchain Tech in Cybersecurity

Blockchain technology can also facilitate secure access authentication especially for individuals with access to sensitive data. Take a simple example of how a digital asset class such as Bitcoin is being accessed using an offline hardware wallet. The bitcoin ownership key (private key) is created and stored offline in isolation. Private keys get used to prove and authenticate the ownership of the decentralized asset in the blockchain.

A similar approach can be used to deploy a decentralized SSL certificate in the blockchain and use a similar private key authentication mechanism to allow access to certain information in this way the SSL certificate is not vulnerable to a single point of failure (i.e. centralized servers). The authentication to the SSL certificate is stored offline which is isolated from the internet.

We are approaching a world where the connectivity of the internet and the amount of data transferred is becoming far more complex and critical than ever before, from machine learning technologies to the internet of things, big data, and artificial intelligence. All of these technologies will facilitate the ease of breaching and stealing sensitive and classified information if centralized servers remain the dominant method to store data. This could cause significant damage to the economy, and perhaps endanger national security. It’s more important than ever for companies and governments to start facilitating the use of blockchain to enhance cybersecurity and defend companies intellectual property and government sensitive and classified information.

Are Decentralized Exchanges Critical for the Future of Digital Assets?

The revolution blockchain promises to bring goes primarily in returning the privacy and sovereignty back to people and cutting out the middleman. A middleman that took advantage of people for ages. Blockchain and its applications such as digital assets (i.e. cryptocurrencies, and tokens) are decentralized, meaning no central authority can manipulate or dictate its rules, or sign and approve a transaction, which is similar to how banks operate. The decentralization of this technology is the main reason it’s a prime candidate for being one of the pillars of the fourth industrial revolution. Because of how Blockchain is constructed, it is near impossible to hack. In addition, Blockchain allows for granting ownership back to users by facilitating peer to peer transactions, which is especially useful for cryptocurrencies. Digital assets exchanges introduce different vulnerabilities making digital assets the new wild west. Hacks from millions of dollars to 100’s of millions of dollars across the globe are possible. The exchange of digital assets is mostly conducted on centralized exchanges, this is a recipe for disaster to exchange decentralized tokens, essentially paralyzing the mainstream adoption of this new class of assets.

If a bank is hacked and consumer(s) assets are robbed, usually the bank pays back the stolen assets to its rightful owner(s), as those assets are technically owned by that bank and both are essentially centralized. However, if decentralized assets get hacked by breaching a centralized server, those assets are more difficult to trace and recover. Centralized exchanges work by storing the private keys to those assets in their servers, that essentially means they own those keys. Therefore, this raises the risk of insider threats in addition to outsider hacks and breaches. Trusting our digital assets in centralized exchanges defies the main purpose of this technology and why it was even developed. Blockchain was built to transform the trust of a centralized authority to the trust of no authority by leveraging computation using decentralized distributed nodes. Essentially that means no one is required to be trusted. Therefore, no single authority is needed.

The development and enhancement of Decentralized Exchanges (DEXes) are essential for the survival of digital assets. Centralized exchanges are the dominant means to exchange decentralized digital assets and, due to the repeated hacks and security breaches, this introduced a lack of trust into the ecosystem. Practical DEXes with the same or better functionality than centralized exchanges may bring in larger trade volumes, and as hacks start to diminish given that decentralized exchanges does not store critical information on centralized servers. This in turns will facilitate the adoption of this new class of assets. DEXes are also a crucial component for an increased degree of fungibility in cryptocurrencies, if you’d like to read more, refer to this article “On Fungibility, Liquidity, and the Importance of Decentralized Exchanges

Even though DEXes are fundamental for cryptocurrencies to survive and eventually thrive they also suffer from multiple problems, such as, their interface not being user-friendly enough, the transaction speed is slow due to validation delays on the blockchain(s). In addition, there is a potential high cost per trade. Take OasisDEX, one of the purest forms of the currently available DEXes. It’s a fully decentralized on-chain model. The exchange orders interact with each other directly through the blockchain. However, it’s expensive and slow, from order cancellation to transferring cryptocurrencies. All of which requires paying gas and waiting for hours sometimes to get block confirmations. On the other hand, another DEX called IDEX  validates transactions using its own smart contracts before submitting them to the Ethereum network. Essentially this allows IDEX to validate every trade before being executed. Also, it can update account balances off-chain after a transaction; therefore, using a feature of a centralized exchange without breaching security.

Multiple platforms claimed they’ve built DEXes; however, until now none has proved how decentralized they are. The main problem is that DEXes still embeds centralized features, and if not they introduce multiple problems such as high gas cost of each trade and slow transaction speed. This may be due to the development of DEXes still in its infancy. The development of DEXes may not introduce fully autonomous features at least for the foreseeable future. However, it’s critical for the DEXes to keep transactions purely peer to peer and stay away from storing the ownership keys (private keys) of digital assets in a centralized fashion. And if at all possible they should also reduce the transaction speed and gas cost of each trade.