Protecting Yourself And Your Business In The Coming Block Chain Era
By Jonathan Anderson, Chief Technology Officer Of IOT Security, Intel Security
In an era of security breaches, privacy violations, and broad digitization of products and services, I expect many blockchain markets to emerge. Financial organizations are already experimenting with blockchain, and supply chains, medical information, legal obligations, and personal identification are just some of the early potential uses. How will this technology impact businesses and individuals, what are the risks, and what should they do to protect themselves?
When participating in a blockchain database, each involved party requires their own private key. Blockchain keys are required for every transaction, writing new information or reading existing records from the database. For example, adding information to a personal medical record, depositing to or withdrawing from an account, signing a contract, or updating the state of a shipping manifest would require this key.
Blockchain keys are required every transaction, writing new information or reading existing records from the database
Businesses and individuals are likely to participate in many different blockchain markets or relationships, each with its own key. Using and storing these keys are vulnerable points that need to be protected.
Like encryption keys, anyone with your blockchain key will be able to act as if they were you. Conversely, if you lose your key, you will not be able to prove your identity or ownership of your related transactions. As a result, these keys need to be securely stored and protected from loss or theft. There are several options for this:
- Print out and store the keys in a secure physical location, such as a fireproof safe or safety deposit box. This method has the advantage of being difficult to steal, but is obviously not very practical for regular use. For critical lifetime keys, such as an individual’s identification or medical records, this method is a viable option of last resort.
- Store the keys in a personal database, such as a password manager or digital wallet. This is a commonly used technique today, and depending on the features of the chosen database, keeps the keys within the owner’s control. Of course, if the access password or key to the database is lost, the keys are unrecoverable.
- Put keys in escrow (encrypted) either with a member of the chain or a trusted third-party, such as the bank, government department (e.g. tax identification), or the dominant supply chain participant (e.g. Walmart). This method has the advantage of being recoverable, assuming suitable demonstration of identity to the escrow holder, but are dependent on the security profile of the escrow organization.
- Split keys into two or more distinct parts, neither of which are useful by themselves, and store the parts in separate locations. This option, which can be used with any of the above methods, adds an additional layer of protection from data loss or security breach.
Whatever method you choose to store your keys, the best time to put them in protected storage is immediately after the key is generated. This ensures that they are not forgotten, and that this important step in the process is not skipped. Over time, you may change your key storage choices, and may choose different options for different types of keys. However, start planning now, so that you are ready when you get your first key. That day is going to be here soon.
Headquartered in Santa Clara, U.S., Intel Security (NASDAQ: INTC) is focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world.