Protecting private keys is a big concern
Nicolai Solling, chief technology officer at Help AG, said blockchain and the app running on top of this is based on a set of protocols, which developers need to work with. “As with all other apps, the implementation has sometimes been faulty, and this is where the biggest crypto heists have happened,” he said. “Another element — probably specific to cryptocurrency — is that users have not been aware of how to protect their “wallets” or identification purses on blockchain.
“They gladly installed a wallet on the smartphone and started transacting currencies. People lose access to the data when the phone is lost as the data to recreate the wallet was not secured. People have thousands of dollars in a virtual wallet which may be compromised or easy to compromise.”
The private key of the individual user on the chain needs to be well protected and this is an area where most users have little knowledge of. “If we move to enterprise apps running on private or public blockchains, protecting the private keys of an organisation will be a key concern,” said Solling.
“Typically, you would do this with technologies called HSM (Hardware Security Module), which act as a vault for the private keys.”
According to Tarek Kuzbari, regional managing director at Group iB, quantum computing has a quite interesting perspective when it comes to cybersecurity.
“It will create new opportunities as well as a new kind of threat and risk for people working in that industry,” he said. “The technology is still new and limited to a few and with limited applications. It will take another five to 10 years to become clear what its capabilities are.”
Before there is a successful post-quantum security attack, Alexandar Valjarevic, head of solution architecture at Help AG, said the security community will need to adopt a new set of algorithms, especially what is called “asymmetric crypto”, as old ones will be useless.
Asymmetric crypto uses public and private keys to encrypt and decrypt data.
“No reason to despair — standardisation process is underway with NIST [National Institute of Standards and Technology] and within a few years, we should have a new set of crypto algorithms,” said Valjarevic. “Vendors and solution integrators would then need to adapt current products and solutions, hopefully before the successful post-quantum attack is evident.
“Next 5-10 years will be crucial. Building solutions with adaptability in mind are crucial.”