Blockchain Authentication

By A.J. Musacchio

What is the Blockchain?

The blockchain in its most basic form is a database. How it takes in and stores information is much different than a typical database. Blockchain, as can be assumed from the name, collects data in groups that are called blocks. Each block has a limit to how much it can store and once it reaches capacity the block will close. This block is then taken and linked to the end of the block that came before it creates a chain. Each individual block has a nonce which is a 32-bit which is used to create a 256-bit hash. Each block creates there nonce and hash-based on the block that came before them. This is part of what makes blockchain to be so secure. The use of chaining and hashing allows for the blockchain to be immutable. Blockchains are also decentralized. This means rather than being run on one system in one spot, blockchains are run over thousands of computers called nodes. Each node interacts with each other and cross-references the chain to ensure no changes are made to the block. If a node does not line up with the others, it will no longer be used.

Current Authentication Protocols

Today there are many kinds of authentication protocols being used and it is always being improved on. Authentication is needed everywhere when talking about computing. From logging on and gaining access to systems we see the progression with things like biometric authentication. When talking about access to items within a system like files, we see a multitude of different protocols. We will primarily focus on Kerberos within this post though. Kerberos authentication uses tickets to authenticate users. Clients will request a ticket from a key distribution center. That center verifies the credentials of the user to ensure it should be able to gain access and will return a ticket for the client to use to gain access. Once this process is complete these tickets can last for a very long time. Kerberos runs on a centralized server within a network. This leaves Kerberos vulnerable to replay attacks or man-in-the-middle attacks. Attackers will communicate with both the client and server gaining credentials and then as a result of that, gaining access to a ticket. Once they gain access to that ticket, attackers will have access to the system for a very long time. This can go on without any detection as well.

How Blockchain can Improve Authentication

Unlike Kerberos, blockchain is decentralized as stated before. All data is stored with nodes and is completely immutable. This could be used as a key distribution center rather than a server. Now how would this reduce the risk of a man-in-the-middle attack though? Blockchain logs all interactions and publicly stores them. This means that when a message is sent to the “Server” it is then stored on the chain and tracked. If any changed destinations or other values are present the blockchain will recognize them due to all nodes cross-referencing. The decentralized nature also splits all communication. This makes it very hard for an attacker to find a place to sniff traffic against a node and carry these attacks out. Another common problem with Kerberos is that it has a single point of failure. When the Key Distribution Center is down or out of service, how does authentication take place? Of course, more servers can be used, and backup servers can be put in place. This can often be very expensive and have a decentralized system is built in to prevent this. If one node is down, there are already many more up to provide authentication.

Other uses for blockchain

Blockchain can be used to verify much more than just authenticating users. DNS is a very important tool we use that can be drastically secured with the use of blockchain. DNS is a very centralized authority with all of its contents being located in the same spot. If an attacker is able to infiltrate a DNS server, an attacker then has the ability to lead victims to malicious sites and infect many people. There are also instances when attackers may intercept traffic and pose as the DNS server. This can have the same effect as when attackers compromise a DNS server and lead victims to malicious websites. Blockchain can solve both problems. If all DNS records were stored on the blockchain, the records would then become immutable, and attackers would not be able to change the information needed for DNS servers to properly send users to the right locations. It also would make it so each server and its information could be verified. This would eliminate the risk of communicating with a fake server as each message is verified. NFTs are very commonly associated with blockchain and can be another great way to validate things. NFTs which stand for Non-Fungible Tokens are unique items that are placed on a blockchain. They cannot be replicated and are verifiable through the blockchain to belong to one person only. We can see the rise of NFTs being used for tickets. This would make tickets traceable to one person. It would also further turn tickets completely digital increasing the accessibility and ease for many ticket holders. This can also be used to verify other things like purchased content in games. This would prevent on content sharing and other workarounds in which people access features they haven’t yet paid for. If they aren’t part of the block, they would not gain access. Online downloads can be verified through the use of blockchain as well. All things that can be downloaded can be uploaded to a blockchain. Before someone downloads it, the file can be compared to what is on the blockchain to ensure it is the right item. This would prevent many fake websites with malicious downloads from infecting people. Elections can be made more secure as well. Rather than pieces of paper, each vote can be placed on the blockchain and be sure there is no tampering involved. These are just a few of the many uses we could see blockchain technology be implemented.

Conclusion

While blockchain is a relatively young technology and still needs to be researched to be fully implemented everywhere in our life, it shows great promise. It provides a secure way to keep track of data and ensure it has not been tampered with. This can be implemented as a way to authenticate and verify many things in our everyday life. It is not meant to just be used with cryptocurrency and associated as something that may not last. Its technological capabilities can provide much more than we know to this day and very well may be the future of many things.

References

Authentication protocol overview: Oauth2, SAML, LDAP, radius, Kerberos. Authentication Protocol Overview: OAuth2, SAML, LDAP, RADIUS, Kerberos. (2018, June 11). Retrieved April 11, 2022, from https://www.getkisi.com/blog/authentication-protocols-overview

Conti, R. (2022, April 8). What is an NFT? non-fungible tokens explained. Forbes. Retrieved April 11, 2022, from https://www.forbes.com/advisor/investing/cryptocurrency/nft-non-fungible-token/

Hayes, A. (2022, March 5). Blockchain explained. Investopedia. Retrieved April 11, 2022, from https://www.investopedia.com/terms/b/blockchain.asp

Unlike Kerberos, blockchain is decentralized as stated before. All data is stored with nodes andis completely immutable. This could be used as a key distribution center rather than a server.Now how would this reduce the risk of a man-in-the-middle attack though? Blockchain logs allinteractions and publicly stores them. This means that when a message is sent to the “Server” itis then stored on the chain and tracked. If any changed destinations or other values are presentthe blockchain will recognize them due to all nodes cross-referencing. The decentralized naturealso splits all communication. This makes it very hard for an attacker to find a place to snifftraffic against a node and carry these attacks out. Another common problem with Kerberos is thatit has a single point of failure. When the Key Distribution Center is down or out of service, howdoes authentication take place? Of course, more servers can be used, and backup servers can beput in place. This can often be very expensive and have a decentralized system is built in toprevent this. If one node is down, there are already many more up to provide authentication.Other uses for blockchainBlockchain can be used to verify much more than just authenticating users. DNS is a veryimportant tool we use that can be drastically secured with the use of blockchain. DNS is a verycentralized authority with all of its contents being located in the same spot. If an attacker is ableto infiltrate a DNS server, an attacker then has the ability to lead victims to malicious sites andinfect many people. There are also instances when attackers may intercept traffic and pose as theDNS server. This can have the same effect as when attackers compromise a DNS server and leadvictims to malicious websites. Blockchain can solve both problems. If all DNS records werestored on the blockchain, the records would then become immutable, and attackers would not beable to change the information needed for DNS servers to properly send users to the rightlocations. It also would make it so each server and its information could be verified. This wouldeliminate the risk of communicating with a fake server as each message is verified. NFTs arevery commonly associated with blockchain and can be another great way to validate things.NFTs which stand for Non-Fungible Tokens are unique items that are placed on a blockchain.They cannot be replicated and are verifiable through the blockchain to belong to one person only.We can see the rise of NFTs being used for tickets. This would make tickets traceable to oneperson. It would also further turn tickets completely digital increasing the accessibility and easefor many ticket holders. This can also be used to verify other things like purchased content ingames. This would prevent on content sharing and other workarounds in which people accessfeatures they haven’t yet paid for. If they aren’t part of the block, they would not gain access.Online downloads can be verified through the use of blockchain as well. All things that can bedownloaded can be uploaded to a blockchain. Before someone downloads it, the file can becompared to what is on the blockchain to ensure it is the right item. This would prevent manyfake websites with malicious downloads from infecting people. Elections can be made moresecure as well. Rather than pieces of paper, each vote can be placed on the blockchain and besure there is no tampering involved. These are just a few of the many uses we could seeblockchain technology be implemented.Conclusion

While blockchain is a relatively young technology and still needs to be researched to be fullyimplemented everywhere in our life, it shows great promise. It provides a secure way to keeptrack of data and ensure it has not been tampered with. This can be implemented as a way toauthenticate and verify many things in our everyday life. It is not meant to just be used withcryptocurrency and associated as something that may not last. Its technological capabilities canprovide much more than we know to this day and very well may be the future of many things.ReferencesAuthentication protocol overview: Oauth2, SAML, LDAP, radius, Kerberos. AuthenticationProtocol Overview: OAuth2, SAML, LDAP, RADIUS, Kerberos. (2018, June 11).Retrieved April 11, 2022, from https://www.getkisi.com/blog/authentication-protocols-overviewConti, R. (2022, April 8). What is an NFT? non-fungible tokens explained. Forbes. RetrievedApril 11, 2022, from https://www.forbes.com/advisor/investing/cryptocurrency/nft-non-fungible-token/Hayes, A. (2022, March 5). Blockchain explained. Investopedia. Retrieved April 11, 2022, fromhttps://www.investopedia.com/terms/b/blockchain.asp

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s