Skip to main content
banner image
venafi logo

Hype Aside: Can Blockchain Really Replace SSL?

Hype Aside: Can Blockchain Really Replace SSL?

Blockchain replace SSL
October 15, 2018 | Guest Blogger: Hywel Curtis

A number of high-profile issues have severely affected trust in Secure Sockets Layer (SSL) technology, leading many people to advocate replacing it wherever possible with Transport Layer Security (TLS) or other technologies. Blockchain is seen by some as having the potential to do just that, but can it really deliver?
 

How much do you know about protecting your machine identities? Find out.  

The SSL cryptographic protocol has been around since the early 90s and has been used in a wide range of systems to enable more secure information exchange. The term SSL is sometimes confused or conflated with TLS, though the two technologies are different in several respects.

SSL works by authenticating information exchange using an encrypted message authentication code (MAC) designed to validate the integrity of an individual message and ensure secure communication over networks or on the web. Unfortunately in recent years serious flaws in aspects of SSL technology have been identified and it is no longer recommended in certain settings by organizations, such as the National Institute of Science, Technology and Development Studies (NISTADS).

While there are several reasons for the demise of SSL as a widely accepted standard, some of the primary issues are mistakes, both real and perceived, by organizations implementing SSL as well as the bodies in charge of offering and maintaining the ecosystem; Certificate Authorities (CA). Although there are thousands of CAs around the world, all of whom have passed a rigorous approval process to set up and offer SSL certificates, the scale of the SSL market means that CAs can hold a disproportionate amount of control in the current system.

When the operations of CAs are then attacked by hackers, or subject to influence by governments or private sector actors, trust in the system is undermined. The distrust of Symantec certificates is a prime example of this erosion in trust. False certificates are not often created due to a CA’s oversight, error or even due to a conscious choice. But when they are, fraudulent certificates can be used to trick individuals into sharing sensitive information while believing they are communicating with a legitimate system – such as their online banking account or an internet payment provider.

Blockchain technology has been cited as a potential solution to fixing such vulnerabilities in the SSL system. The decentralised ledger can be used by individual parties to create unique cryptographic keys that can verify information and ensure secure communication. One example of this is the open-source Namecoin system, which also partially functions as an alternative currency like many blockchain startups. Namecoin is designed to be an alternative to centrally-managed systems that provide identity information for websites and other online assets, even offering a decentralized DNS.

In addition, another startup called REMME is developing a blockchain password replacement system which will be able to identify devices and users with the support of SSL certificates. The REMME system assigns an SSL certificate to an individual device (such as a smartphone or tablet computer) and stores the certificate information using a secure, blockchain-enabled database. This simple solution removes any reliance on an authentication server or password database, two common targets for attack. It can also enable two-factor authentication with the addition of another device.

Although these examples, and various other emerging solutions, are seeking to address the issues that the SSL system faces, they may also ultimately suffer from the very problem they are trying to solve; a lack of trust. The vital role of CAs is to verify that the owner of a certificate is legitimate, and while blockchain may be able to assist with this process, it is trust in the decision-maker that drives trust in the system overall.

If the CA as decision-maker is replaced with a blockchain-enabled system, then it will be important for those involved in building and maintaining that system to clearly demonstrate its stability and decouple from the hype and misinformation around blockchain in general. We regularly see how the value of alternative blockchain currencies are intimately tied to the fate of Bitcoin pricing, and how a successful attack on any currency exchange can affect perception (rightly or wrongly) in the sector as a whole. Any system attempting to decentralize trust in order to provide certificates that can replace SSL technology will need to bear these challenges in mind for the future.

As huge numbers of both new users and machines (due primarily to the growth of Internet of Things [IoT] enabled technologies) come online, the web is set to grow exponentially in the future in terms of the number of devices which will be fully connected and able to act as network nodes. All organizations need to ensure that the machine identities and certificates used to communicate securely with other servers are carefully managed, whether they use SSL or TLS replacement technologies deploying blockchain, hybrid systems such as that being developed by REMME, or the legacy SSL system alone. Management of these certificates is a critical security issue and should not be overlooked in the drive to enhance, or even replace, the existing SSL ecosystem.


Learn more about machine identity protection. Explore now.

 

Related posts

Like this blog? We think you will love this.
Image of ZenDesk sign on front of their headquarters in San Francisco, California
Featured Blog

The ZenDesk Breach and What It Says about TLS Certificates

ZenDesk discovered the breach o

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Guest Blogger: Hywel Curtis
Guest Blogger: Hywel Curtis

Hywel Curtis is an experienced communications consultant and content strategist based in the UK. He specialises in helping businesses in the science and technology sectors around the world to grow and develop through better communication.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat