Blockchain for Authentication

Learn More




The Problem

Centralized authentication systems are lacking in security and diversification

With traditional authentication mechanisms, organizations store personal identifiable information on centrally managed servers and systems. As a result, users must put faith in these organizations to adequately protect their sensitive data.

In theory, this practice is acceptable until these organizations misuse user data, are compromised by insider threats, or are hacked by attackers that target centrally managed authentication systems.




Data Breaches in 2020

$3.5 Billion

Lost to Global Cybercrime in 2019

98%

of IoT Data are Unencrypted

Days Pass Before Most Breaches are Detected



A Potential Solution

A decentralized database relying on cryptography to ensure data integrity

Think of a ledger that maintains multiple copies of itself, all of which automatically update in unison. If one copy is tampered with, all other copies could highlight this discrepancy so that the database could be resynchronized—and therefore secured—before continuing. Not only would this prevent unauthorized access of the database but it also maintains the integrity of the data by ensuring it hasn't been tampered with.


Blockchain Basics

Blockchain technology is essentially a database or ledger that maintains copies of itself that are stored across multiple devices (ie servers, computers, IoT devices) within a specific network. Each of these devices is a node.

The nodes hosting the ledger are distributed to varying extents so that they exist independently of one another. In order for updates to be pushed to the ledger, these nodes must verify the proposed changes. To do so, the majority of the nodes must agree that the proposed changes are legitimate.

Upon verification, the new data is packaged into a block that is crpytographically encrpyted and/or hashed. This secure block is then chained onto the end of the existing blockchain. Note that every block is immutable, meaning it cannot be changed once the block has been added to the chain.

Blockchain Security Features

Crpytographic Keys/Hashs

Only those equipped with a specific private key can decrypt (and encrypt) specific data. In cases where you care more about the integrity of the data as opposed to the content of the data itself, hashing can be used since this mechanism represents the authenticity of the encrypted data (akin to a fingerprint) without having to unencrypt it.

Merkle Trees

The output from one equation is the input for the next equation and so forth. The result is a chain of equations linked together. If any one equation is altered the entire chain is affected. This is the process behind hashing blocks which creates the chain itself & enables immutability.

Distributed Ledger

Centralized ledgers introduce a single point of failure since hacking a part of the network often allows you to breach other parts as well. By distributing the nodes away from a centralized entity it increases the difficulty of hijacking the entire network.

256-Bit Encryption

It would theoretically take the average computer multiple decades just to crack the cryptography algorithm protecting the blockchain.

Immutable History

Every action on the blockchain is recorded and cannot be reformed. An affordance of this immutability is that the integrity of the data is always maintained.

Byzantine Fault Tolerance

To add a block, 51% of the nodes must accept the new data as valid. Consequently, you would need to gain majority control of all the nodes in order to falsify data.

Potential Use Cases

  • Secure User Credentials
    Organizations could vastly improve their security and better protect user login credentials by transitioning away from centralized identity management. Switching to a decentralized model would instantly decrease the risk of an organization’s central database of user login information being stolen during mass data breaches.

  • Manage Digital Rights
    Companies could improve the distribution of software keys and other software products by tying them to specific users on an immutable, decentralized ledger.

  • Reduce Organizational Bandwidth Burdens
    An authentication blockchain eliminates the need for centralized, bandwidth-hungry authentication services by requiring processing requests to be distributed to the end users, ultimately lightening an organization’s bandwidth requirements.

  • Improve Data Retrieval & Big Data Analysis
    Organizations could spend less time wrangling messy, uncleaned raw data when analyzing extremely large datasets since blockchain technology could ensure data purity due to hashing and the decentralized fault tolerance.

  • Secure Internet of Things Devices
    Decentralizing a smart network makes any associated IoT devices less vulnerable to centralized attacks. Therefore, securing both IoT data in motion and at rest.

What Smart People are Saying

Meltem Demirors

Chief Strategy Officer of CoinShares & Lecturer at the University of Oxford

"Blockchain has the potential to redefine the relationship between technology and the individual, and to create a new set of social, political and economic tools that provide privacy, sovereignty and user choice while increasing connectivity, efficiency and access."

Akhil David

Technical Lead at Cognizant

"Over the past decade, Blockchain ... has evolved into one of the world’s biggest technological breakthrough with the potential to impact all industries from financial to supply chains to fabricating industries to educational establishments."

David Shrier

Entrepreneur & Professor at Imperial College London

"The convergence of blockchain with other new-generation technologies could help our existing mechanisms of organising human society keep pace with the changes introduced by the technologies themselves."

Minhaj Ahmad Khan

Associate Professor at Bahauddin Zakariya University, Multan

“Blockchain can be a key enabling technology for providing viable security solutions to todays challenging IoT security problems.”

Paul Fremantle

Visiting Scientist at the University of Stuttgart

“Distributed ledgers and Blockchain technology can be used to enhance the security, privacy and manageability of IoT devices and networks.”

Daniel Minoli

Principal Consultant at DVI Communications

“Blockchains are powerful tools that [go] well beyond basic security applications ... because they are principally mechanisms for global shared trust.”

Alexander Sandor

Master of Computer Science Student at the KTH Royal Institute of Technology

“It is possible to construct protocols with dynamic authentication and distributed logging on Blockchain technology.”

Blockchain Python Playground

Now that its clear what blockchain is, how it works, what it can be used for, let's take a look under the hood to gain a deeper understanding of the technical mechanics that give blockchain its unique affordances. The below example is for an authentication use case, but could be modified for other use cases.

Explore the Code & Try Exercises!

Ethical/Social Implications

Like with any emerging technology, it’s important to consider what blockchain is capable of doing and what the consequences are in the event of widespread adaptation.

  • Energy Consumption
    Blockchain tends to be computationally expensive. A widespread adaptation of blockchain for authentication could result in far greater demand of energy and computational resources.
  • Reliance on Encryption
    Blockchain for authentication is reliant on SHA 256 hashing. If this encryption algorithm were somehow compromised, it could prove difficult to quickly patch the vulnerability due to the requirement of a majority consensus for change adoption.
  • Digital Jurisdiction
    A widely adapted decentralized blockchain network would possibly see nodes all around the planet in various countries. How would procedures be created to ensure the legal operation of these nodes in multiple countries? Are there concerns regarding the equity of this technology if being a citizen of a certain country prevents somebody from using it?

Next Steps

During the course of this exploratory investigation into blockchain technology for purposes of authentication, we began to notice the immense breadth of the topic. The technology itself, its present and future implications; there is simply so much to unpack. We set out to explore this topic, seeing as none of us prior knew much about blockchains outside of their connection to cryptocurrency. With the information we have collected and curated in hand, there are several avenues for further investigation that might be worth pursuing. A technical avenue might be further developing and implementing a blockchain across multiple devices. One could even attempt to further research a particular implementation of a blockchain and conduct of sort of cost-benefit analysis. Ascertaining the practical implications this technology may have in the future.