Tech Giant is Applying Blockchain in Cybersecurity

This post is also available in: עברית (Hebrew)

Blockchain adds another layer that isn’t solved by current cybersecurity technologies, claims Oracle, which is trying to bring blockchain into mainstream enterprise and government applications with minimal changes to those applications.

The company is launching a new technology that integrates blockchain into the Oracle database. “The fact that cybercrime skyrocketed last year as COVID-19 and the shift to virtual work and learning swept the globe doesn’t bode well for 2021. It also means that organizations need to take a new approach to securing their data,” explains the company’s Executive VP Juan Loaiza. Blockchain “doesn’t prevent your data from being stolen, it prevents your data from being changed, and particularly being changed without anybody knowing.”

Blockchain technology uses a distributed database that effectively creates a tamper-proof ledger. Once entered, transactions cannot be changed, creating an immutable record that simultaneously exists on every computer belonging to the same network and updates with every transaction. And because the ledger exists everywhere all at once, it is incredibly difficult to hack.

This ability to authenticate transactions of any kind and build trust into systems that record transactions has brought blockchain out from under the shadow of cryptocurrency and into enterprise strategy, according to dxcentral.com. 

Most notably, blockchain addresses two unavoidable problems in all the current systems: hackers and users. The latest generation of Oracle’s converged database released in January introduced Blockchain Tables to give users additional layers of security to build applications that can support a distributed ledger. 

However, new data can still be falsely inserted in an end user’s name by someone using stolen credentials even with Immutable or Blockchain tables. To combat this vulnerability in Bitcoin, for example, all transactions are signed with a private key. 

Oracle allows end-users to cryptographically sign the data they insert using their private key, which Loaiza said is never passed to the database. 

Each end-user registers a digital certificate, which is a public key with the database. This digital certificate allows the database to validate the end-users signature when new data is inserted. In the event that a hacker steals a valid set of credentials without the private key, the signature on the newly inserted data won’t match and won’t be accepted, Loaiza explained.

To ensure the database has received changes, end-users can request that Oracle countersign the newly inserted data. Oracle will then return a crypto-receipt to the user, ensuring nothing on the mid-tier can filter specific data to prevent it from being recorded.