Governments should encourage blockchain to protect Internet security

Baozou Comment : Recently, large-scale Internet attacks have continued to occur, which shows the defects of current Internet security technology. However, if the blockchain network is used to protect network security, there will be no such problem, because the blockchain is decentralized and has no single point of failure. Just like the development process of the Internet, although there are challenges, the great value of the blockchain is worth the government's efforts. Various regulatory work should be carried out without damaging the development of blockchain technology.

Translation: Annie_Xu

In October, several well-known websites were hit by a large-scale distributed denial of service (DDoS) attack, including Twitter, Amazon, the New York Times, and Wired media sites. The attack was not aimed directly at these companies, but at Dyn, the company that provided domain name services to these websites. Dyn is one of many vulnerable centralized nodes in the web infrastructure, and the attack on this company allows intruders to terminate large areas of the US Internet at any time. This attack is unprecedented and worrying, and it reminds us that our digital infrastructure is more fragile than we think.

Trump wants our internet to be better, saying he will seriously seek to protect the increasingly vulnerable cybersecurity infrastructure. Now there is an often overlooked solution: open blockchain networks such as Bitcoin, Ethereum and Zcash.

Blockchain open networks are a lot like the technology of traditional infrastructure providers like Dyn. Just like domain name servers, blockchain networks can track important data and protect it from fraud. For digital currencies like Bitcoin, this data is a pile of transactions like cash. But blockchain open networks can also protect all types of information, including domain name records, smart device codes, and access rights for Internet of Things users. The biggest difference between these networks and traditional systems is data security technology.

The traditional Internet security strategy is perimeter security technology. If there is something that needs to be protected and is under external attack, you just need to build a firewall to keep the bad guys out. It turns out that this is not very effective because firewalls cannot avoid vulnerabilities. Moreover, once the attacker enters the network, he can take full control and steal sensitive information (credit cards) or control dangerous weapons (nuclear reactor systems).

The security system of the blockchain development network is very different. The Bitcoin protocol has no firewall, and its underlying software is open source and can be audited by anyone. Bitcoin transaction information is transmitted in IP and can be seen by anyone. It is not encrypted, and the network is also peer-to-peer, and is a network built by strangers' computers.

Despite being open, Bitcoin transactions have never been attacked. But blockchain is just a data architecture. The real revolutionary feature of Bitcoin is the consensus mechanism, which helps all computers in the network jointly decide whether data is valid, whether it can be added to the blockchain, and which data is harmful and needs to be filtered out.

The permissioned blockchains that banks are exploring use a straightforward consensus mechanism: They let authorized users add data. This is another kind of firewall, with all the network security flaws. If you steal confidential information from bank members, you can modify the consensus data.

Bitcoin, Ethereum, and Zcash are truly revolutionary. They allow anyone to add data to the blockchain, as long as they make a significant contribution. It may sound primitive, but that's the economics: you can add blocks to the blockchain by proving you are a responsible user of the network by solving a computationally expensive equation (computer scientists call it proof of work). The open consensus mechanism does not distinguish between identity, confidentiality, or geographic location. Therefore, the only way to attack is to invest, so it can be said that attacking is to harm your own interests. The proof of work consensus mechanism makes Bitcoin very resistant to network attacks, making people see the flaws of the traditional firewall defense model.

Imagine protecting Dyn with this network security model that doesn't require a firewall. It's a domain name provider, which means it stores the information that maps domain names to IP addresses. When Dyn was attacked, the information that should have translated the website information into an Internet address was lost, causing the web page to fail to load.

Like domain name providers, Dyn's security model is a perimeter security system. Build a firewall around sensitive data and then pray that it is not affected by attacks. Hackers can break through the firewall with a large amount of information (DDoS), resulting in the temporary loss of important Internet data. Domain name records are no more complicated than Bitcoin transactions. We want to know who owns the domain name, we just need the person who owns the domain name to transfer it to someone else.

This important network can be easily run outside firewalls, as long as there is a blockchain open network. An open community of computer users can work together to build a decentralized domain name service. Anyone who wants to store and verify domain information can run the corresponding software, connect to the peer-to-peer network, download a copy of the network's domain name blockchain, verify and transmit record modification requests, and receive a small amount of digital currency as a reward. Applying for a domain name is simple, just ask the network to add your domain name in the DNS, and any domain name transaction is peer-to-peer. There is a fee to modify the domain name record, just like we pay domain name registration fees, but these fees go to the open community, not a company. The blockchain open network can resist the attack on Dyn because it has no central point of failure. Every participant has a copy of the record.

Without a target, there is no attack. As Rudy Giuliani, a member of the Trump transition team, said, "a truly holistic solution to Internet security." The next administration should do everything possible to ensure the development of these technologies in the United States. Although the next administration may not be able to implement a blockchain domain name system immediately, the Trump team should understand that open networks such as Bitcoin are potential cybersecurity solutions, even if they may challenge law enforcement and financial regulators at present. Like the early Internet, these tools may cause policy issues, but they are still worth protecting by the government.