The goal of this article is to illustrate how blockchain technology can create a decentralized, tamper-resistant data ecosystem that mitigates the shortcomings of a centralized structure. The second segment of the article will showcase how decentralization, paired together with blockchain’s other disruptive characteristics, can enable unique data reconstruction capabilities which can act as an ideal line of defense against ransomware.
For the past decades, the enterprise sector has signaled that the existing centralized foundation it has been built upon is showing signs of strains concerning its ability to ensure a secure environment for the ever-increasing quantities of data it needs to store, support and maintain. This certainly raises a series of question marks that should be interpreted by CEOs and CTOs as a call to action because data has become more valuable than any tangible commodity, representing the main object that facilitates the continuous propagation of business operations. But as the foundation is beginning to show signs of fissures that translate in a series of security bottlenecks and friction points, it becomes evident that companies should embark on a transition towards an alternative, a more reliable model, before the entire structure crumbles due to internal and external pressures.
Business and key industries like healthcare, supply chain, and finance are very different from an operational flow and business strategy point of view, but they all share a common aspect, they operate on vast volumes of data that need to be protected. As such, security represents a top priority for any company which operates with a database system, regardless of the field of activity. The problem is that traditional centralized systems are susceptible to attacks. Once an external or internal malicious actor gains access to the database, the data becomes compromised as it can become subject to illicit practices such as internal fraud or ransomware. These types of scenarios can represent a real threat in a data-driven society which can amount to substantial losses and even irreparable damages.
Why decentralization matters
Traditional database systems rely on a central server to host and store all the information. This type of architecture has become somewhat of a liability as it creates a single point of failure that can be exploited by attackers, either through brute computational strength or by an exploitable back door. This is not the case for blockchain. The decentralization mechanism allows a blockchain-based infrastructure to have no single point of failure because it does not rely on a centralized server. Data is hosted and maintained by all the parties involved in the business flow. As such, it is safe to state that decentralization is a characteristic deeply ingrained in the philosophy behind blockchain technology.
In general, decentralization indicates the degree of diversification in ownership, influence, and value in the blockchain. Many people in the blockchain community view decentralization as a quantitative metric which shows how many block producers exist in a given network. On the other hand, some developers have a more qualitative approach, focusing on the hardware aspect, in the sense that affordable computer systems can participate as a node in the network. Decentralization is not a fix binary attribute. It is measured in degrees of decentralization. As such, it is a fallacy to label a blockchain network as being decentralized or not.
Enterprises are usually centralized organizations that typically don’t function on a decentralized architecture. This is mainly because these types of organizations are controlled by a small group of individuals, the management team, and board of directors, who control the majority of ownership in the company and are the decision-makers. Centralization both from an organizational and data storage point of view may seem more suited for their end goals as it gives them complete control. But this is often a false sense of security as it exposes the data of the company to single points of failure attacks.
A company can employ a blockchain solution that fuses the familiar workflow of a traditional database system with the disruptive characteristics of blockchain technology to streamline operations and increase productivity. In this scenario, decentralization and data distribution facilitates the creation of a secure, transparent environment capable of protecting trade secrets and confidential data, while ensuring high levels of availability across multiple company branches. With this type of hybrid solution a company can extend read/write privileges to certain partners, clients or other third parties for a predetermined amount of time to perform an audit check, settle disputes or to conduct analysis, statistics, and analytics, all while completely maintaining control of their data.
Advantages of decentralization
Data systems become fault-tolerant – from a structural design perspective, decentralized systems are composed of multiple hardware components that make it less likely for a company to experience any downtime due to a hardware malfunction. In this scenario, decentralization enhances a company’s logistic and operational performance by increasing the availability of data to satellite offices as well as providing continuity to business operations in case of a failover scenario where the primary database malfunctions or is compromised by an attack.
Enhanced attack resistance – decentralized systems mitigate the single point of failure vulnerability present in centralized structures, while also increasing a system’s resistance to Distributed Denial of Service attacks (DDoS). DDoS attacks are difficult to prevent because they target the Domain Name System (DNS). DNS is a partially decentralized mapping of IP addresses to domain names, very similar to a phone book for the Internet. The problem is that, because it is only partially decentralized, hackers can exploit the centralized segment of DNS, which stores all the valuable data. Concerning this issue, blockchain offers the possibility to fully decentralized DNS, by distributing the content to a large number of nodes, making it significantly more resistant to malicious attacks. By granting domain editing rights only to domain owners, data will be accessed and modified only by verified parties. This blockchain architecture can ensure data protection, making the whole system more tamper-resistant.
Collusion resistance – unlike centralized structures, it is more difficult for participants in a decentralized structure to collude to act in a way that will benefit them in detriment of other participants. This can be a valuable aspect in a consortium of companies because it creates an equal playing field that has an inbuilt system of checks and balances for the actors involved.
Pushing the concept of decentralization even further
Modex BCDB is a middleware software solution designed to help businesses and enterprises make a seamless transition from a centralized database system to a decentralized database that comes with all of the inherent advantages of blockchain: data immutability, integrity, traceability, transparency, and availability.
Due to its unique agnostic architecture, Modex BCDB comes with a plug and play approach to the blockchain engines and database systems a client can choose for their business. When a company decides to switch to another database system, all the pre-existing database records need to be migrated to the new database. To achieve this, the information needs to pass through the BCDB system and the migration tool. This process can also be performed through a direct migration if the data structure is kept the same.
Modex BCDB supports multiple database engines at the same time. This is a disruptive feature that unlocks a new layer of benefits, as it challenges our perception of business collaboration. In a supply chain scenario built on a blockchain network, a manufacturer can have a node connected to a MongoDB database, and communicate, verify, and trace the inventory of a vendor who uses an SQL database. This is one area where Modex BCDB excels, ensuring inter-database communication between different parties that use different database technologies, over a secure, tamper-proof, blockchain-powered ecosystem.
This layer of flexibility can prove to be invaluable to a consortium network, where multiple companies can synchronize their databases, without requiring to change their database providers. As a result, the system becomes database agnostic, which implies that Oracle, Elasticsearch, Cassandra, MongoDB, Microsoft SQL databases can synchronize with each other. By positioning itself between the client’s application and database, without altering data entries to facilitate communication with different types of databases, Modex BCDB gives all the actors involved access to a secure blockchain ecosystem in which they can conduct business while reducing overhead and friction points.
Rethinking data ownership
Modex BCDB builds upon the advantages offered by a decentralized data storage system to enable a new approach to data ownership, in the sense that each record has its owner. A record is owned by the individual/company that introduces it to the network. This means that in order to access a record introduced by somebody else, you need to forward a request and receive their approval to be able to interact with it. At the subnetwork level, admins can impose full restrictions and completely shut down the network to users that are not in the same region. This aspect can boost security, as it mitigates the risk of mismanagement and erroneous permission. Access can be granted to individuals outside the subnetwork, only after special configurations have been set in place and if data sharing legislation from that region is followed.
An ecosystem where each record has a unique owner can have a disruptive impact across every major industry, especially in healthcare. Managing patient health records in legacy systems have proved time and time again that inefficiencies and data losses are commonplace, and that band-aid solutions are only a temporary remedy for these issues. A blockchain-powered backend application can empower both clinics and patients, by enabling them to interact in a consensus-driven environment, where data ownership is law. Modex BCDB offers a full suite of functionalities and features that enables developers to create a healthcare application that respects the principle of data ownership and pseudonymity.
Our solution allows healthcare clinics to store and access data only from their patients, for a period of time determined by the patient. Accessing health records from patients outside the clinic requires special permission from the record owners. The process is straightforward. A request is made from an API, and the record owner receives a notification informing him that a company wants to access their data, which he can simply approve or dismiss. Access permission is not limited only to read, external parties can request record write access. An application designed in this fashion disrupts the patient-physician interaction, concerning personal data management. Patients grant doctors write access, enabling them to write records such as medical investigations, drug prescriptions, surgical investigations, and so on, on behalf of the patient. Write access can be granted for a limited period, or for an unspecified amount of time, depending on the situation and the desire of the record owner. Another major benefit of this system is that once running, only the end-users, in this case, the patient and physician are directly involved in the process.
Healthcare research institutes are among the prime beneficiaries of a permission-based app. When performing a trial, institutes require a large sample of patients to gather relevant data. Let’s assume that a pharmaceutical research company wants to perform a trial and needs a large sample of people with diabetes. An app built on this type of permission principle can streamline the whole process as it gives clinics access to a large sample. It is a win-win situation because both interests are served, companies get their data (only if consent is received), and patients can be incentivized for participating in the trial. But the most important aspect is the fact that the app will be GDPR compliant. Clinics will never receive patient personal data; their dashboard will display the number of patients, the type of diabetes, prescribed treatment, reaction to medication and so on, data that cannot be used to single out an individual.
The ransomware threat
Despite the growing reliability of digital storage mediums and devices, data loss is still a common occurrence. Losing personal information can be quite an inconvenience for people in general, but the situation escalates considerably in an enterprise context where high volumes of sensitive data and critical information is analyzed and processed daily. In general, data loss can be the result of human error, malicious attacks, power outages, software malfunctions or hardware failure. Regardless of its point of origin, losing sensitive data can put a significant strain on business operations, decrease customer trust and attract legal sanctions for breaching data protection regulations like GDPR, HIPAA, and PCI DSS.
Ransomware is a type of malicious software that prevents users from accessing their system or personal files and demands a ransom payment to regain access. Over the past decades, ransomware has become one of the most prolific criminal business models in the world, because cyber-criminals usually target high profile individuals, corporations and even governmental institutions. Ransomware works by locking a victim’s computer through encryption and demanding a substantial sum of money, usually in cryptocurrency form, most notably Bitcoin (because it is the most valuable crypto and because it maintains a level of pseudonymity) for the decryption key necessary to decrypt the data. Failure to comply with the demands leads to a permanent loss of the data.
Ransomware propagates through malicious email attachments, infected software apps, infected external storage devices, and compromised websites. There have also been cases where attackers used remote desktop protocol and other approaches that do not rely on any form of user interaction.
Scareware refers to rogue security software and tech support scams, where users receive pop-up notifications which state that malware has been detected in the system and that the only way to remove it is to pay up. As the name implies, scareware tries to coerce users to pay up by relying on fear. In most cases, if users don’t take action, they will still be bombarded with pop-ups, but their files will not be harmed.
Screen lockers, commonly known as lockers, are a type of ransomware designed to lock a user out of their computer. When the victim starts their computer, they usually see what looks to be an official governmental seal or the logo of the police department or institution responsible for sanctioning cyber misconduct. The target is informed that unlicensed software or illegal web content has been found on their computer, and is given instructions for how to pay an electronic fine. However, governmental institutions will never lock a user out of their computer, or demand payment for illegal activities. If someone is suspected of piracy or other types of cybercrimes, authorities will only take action through the appropriate legal channels.
Encryption ransomware, also known as data kidnapping attacks, are a type of ransomware where attackers gain access to a user’s data, encrypt it and ask for payment to unlock the data. This type of ransomware is more dangerous because once cybercriminals get a hold of a user’s data, no security software or system restore can return them unless they pay the ransom. The problem is that even if users pay up, there is no guarantee that the attackers will undo the damage.
Mobile ransomware specifically targets mobile devices. Attackers use mobile ransomware to steal data from a phone or to lock it. As with the encryption ransomware, the victim needs to pay a ransom to get their data back or to unlock the device.
Blockchain, a solution for ransomware
Although Bitcoin has garnered the reputation of the go-to cryptocurrency for cybercriminals, blockchain, the underlying technology behind Bitcoin can provide an answer to ransomware. This is because blockchain if used properly, has the potential to completely reshape our perspective on data storage and data manipulation.
Blockchain is a digital, distributed and decentralized ledger of transactions which stores transaction data in structures called blocks. Each block contains transaction data and metadata (a set of data which provides information about the respective block), the advantage of this structure is that each block is constructed upon the previous block, in a chain-like structure (hence the name blockchain), by calculating the hash of the previous block and combining it with the hash of the second block of transactions.
This complex design is what gives the data introduced in the blockchain immutability and integrity. If a malicious actor attempts to alter the data from a block, every change will be immediately noticed by the system and every other network participant, because it will render all the following blocks invalid. These design choices make blockchain ideal for data storage because it is an append-only structure, which means that data can only be introduced into the system, it can never be completely deleted. Any changes made are stored further down the chain, but an admin can always see that when the changes occurred, who made them as well as the previous version of the data.
Decentralization and distribution are core features that further increase blockchain’s tolerance to attacks. Decentralization means that the network does not rely on a central server to host all the data, but distributes it across every network participant, also known as nodes. There are many types of nodes in a blockchain network; full nodes for example store a copy of the entire blockchain. As a result, the entire system doesn’t have a single point of failure. If a node is compromised, admins just have to address the vulnerability which allowed the malicious user to access the network and restore the node to its previous version, or they can simply cut out the node from the network. In case of encryption by ransomware, the attacker would find it impossible to hold all the data hostage, because the entire network is distributed among thousands of users (even more depending on the size of the blockchain), and even if they manage to encrypt a node, admins close the proverbial backdoor through which the attacker entered and restore the node to its previous version.
Modex BCDB enhances a system’s resistance to ransomware threats by taking the concept of data reconstruction beyond the standard blockchain system. Modex BCDB comes with an API through which database admins can perform integrity checks on database records. If the integrity check returns false, it means that some changes were made by mistake in the database, or it was subjected to malicious modifications. The system is able to determine if the database was tampered by comparing the information stored in the database with the hash stored in the blockchain. If they do not match, it means that unauthorized modifications occurred. Through the same API, the database admin can request the system to perform a data reconstruction function to rebuild the modified record from other nodes. To simplify the whole process, Modex BCDB can be configured to automatically reconstruct the data when an integrity check fails. By combining a traditional database system with a blockchain engine, Modex BCDB transforms a centralized system into a decentralized structure that is resistant to ransomware attacks and other cybersecurity threats.
The benefits of decentralization cannot be understated. Of course, by itself, decentralization isn’t a panacea that solves every security issue, but it is certainly a step in the right direction. Besides the obvious benefits that decentralization brings, its real value comes from its ability to facilitate new features and functionalities that can open new opportunities to businesses and industries. Blockchain has been touted for some time as an ideal solution for enabling decentralization, data ownership, and data reconstruction among other disruptive features. But by itself, it seems to be too cumbersome and expensive for companies to implement. As such, a middle of the road approach that combines the familiar functionality of a traditional database system with the innovative features of blockchain seems to provide a viable vehicle for transitioning to a decentralized model.