IBM X-Force Red launches blockchain security service
IBM X-Force Red has launched a Blockchain Testing Service to audit and improve the security of blockchains being implemented by the enterprise.
The blockchain, also known as distributed ledger technologies, acts as a peer-to-peer network for the transfer of information -- as well as the exchange of cryptocurrencies -- by way of blocks and computer nodes.
Security
These technologies have now caught the interest of companies for applications far beyond cryptocurrencies.
The ability to securely record data which is difficult to tamper with or retrospectively change can prove valuable in smart contracts, legal services, e-payments, microtransactions, and international roaming apps.
See also: Cloudflare expands government warrant canaries in transparency bid
The enterprise and startups alike are experimenting with how best to apply the blockchain to their infrastructures and products. IBM says that 70 percent of the blockchain implementations the company has observed in recent time rely on off-ledger systems for processes including authentication, data processing, and APIs.
On Tuesday, IBM's cybersecurity team, X-Force Red, said that a new service will focus on blockchain security and will help to secure these "implementations of the fast-growing technology."
TechRepublic: Why businesses fear cyberattacks from ex-employees more than nation states
"Blockchain comes into the tech world with a bit of a different entry point -- its main design point is to build trust and security for the information and processes held within it," IBM says. "This, however, is causing some implementers to assume that security halo extends beyond the blockchain itself."
Both the backend processes of blockchain-based products and ledgers themselves will be tested. Chain code, public key infrastructure, hyper ledgers, apps, and physical hardware are all areas which can be examined.
The cybersecurity team will evaluate:
- How permissions to access/add info to the blockchain are managed;
- Password policies, whether or not two-factor authentication (2FA) has been implemented;
- Public Key Infrastructure (PKI) and digital certificate distribution systems;
- Smart contract security flaws and weaknesses;
- Software supply chain attacks
CNET: At hearing on federal data-privacy law, debate flares over state rules
The service is now operational.
"New technologies often play catch-up with security as they emerge through their early adoption phase. If we look at mobile applications, cloud computing, and even personal computers -- all these innovations needed to adopt policies and techniques for security," said Charles Henderson, Global Head of IBM X-Force Red. "However, while blockchain is a breakthrough for protecting the integrity of data, that does not mean the technology and connected infrastructure are always protected from attackers, which is why
security testing is essential during development and after deployment."