Blockchain Explained: How It Works

Posted inInformation Security, Security

Blockchain, distributed ledgers and cryptocurrency are not interchangeable terms. Blockchain has to happen in sequence and partially helps provide data integrity.

Often, people misconstrue what blockchain is. The term “blockchain” has been co-opted. It is not cryptocurrency. Cryptocurrency uses blockchain. There are a number of elements to blockchain, which is sometimes also confused with a distributed ledger. To start, let’s discuss how blockchain and distributed ledger work together for an effective security strategy.

As crazy as this sounds, blockchain is exactly what it sounds like. It’s a literal chain of blocks. This chain of blocks only fits together in one specific way, providing a security benefit.

Let’s back up a little. Everything in security deals with CIA: Confidentiality, Integrity and Availability. Confidentiality refers to keeping information protected from people who don’t need access to it. Availability refers to being able to locate that data when you do need it. Integrity is different, this is typically an assurance from your provider that your data hasn’t been tampered with. It’s AWS or Microsoft Azure or whichever provider you choose to secure your data (we implore you to use cloud services) saying that your data is safe, it’s duplicated, unaltered and untouched. However, aside from their assurances, there’s no 100% way to know for sure if anything has been tampered with.

For example, a hacker could potentially access and tamper with data in a database, give themselves a million dollars, tamper with the logs to remove evidence that those changes were made and that they were in the system, and get  back out.

Enter blockchain. This literal chain of blocks only fit together in one specific way, which is confirmed as each block is added to the chain. When a block is added, there is a chain of data pieces that are hashed together to reduce large sets of data down to a determinable alphanumeric string of determined length that is incredibly unlikely to be duplicated. This string of data can be simply a couple of words, or it can be as long as War & Peace and anything in between. Because of the way it works, when you hash data together, getting the same result twice is rare. So, if you take all the data and data records and hash them together, those hashes have to fit. If someone tampers with one of those records, or even just the last two records, they have to re-hash the data and it’s unlikely to match the rest of the hashes.

Yes, there are different ways to hash data. You could hash everything that’s been in the database or you can hash the last block with the block before it. The former is more cumbersome than the latter, but they both serve the same purpose.

But what if someone goes into the blockchain and hashes and tampers with the record that was preceding it as well as the current record they want to mess with and then alters the hash? Well, there’s another piece to how blockchain is usually implemented. This element distribution makes distributed blockchain an effective superset of distributed ledger. On its own, blockchain would not be hyper-effective because of the example above.

This is why blockchain needs distributed ledger, which is a whole other topic that we will dive into in the next article. 

One key thing to remember about blockchain is that you don’t need to use it for everything, nor should you. There are practical use cases, which include transactional exchanges and semi-transactional contracts which need to happen in a specific order. Blockchain needs to happen in sequence, so applications that do not have a set order will not work. Blockchain is a tool, it’s not the whole toolbox. Tomorrow, we discuss how distributed ledger and blockchain work together to create an effective security strategy for specific operations.

About the Author

PWV Consultants is a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. Founded by 20-year software engineering veterans, who have founded or co-founder several companies. PWV experts act as a trusted advisors and mentors to numerous early stage startups, and have held the titles of software and software security executive, consultant and professor. PWV's expert consulting and advisory work spans several high impact industries in finance, media, medical tech, and defense contracting. PWV's founding experts also authored the highly influential precursor HAZL (jADE) programming language.

Contact us

Contact Us About Anything

Need Project Savers, Tech Debt Wranglers, Bleeding Edge Pushers?

Please drop us a note let us know how we can help. If you need help in a crunch make sure to mark your note as Urgent. If we can't help you solve your tech problem, we will help you find someone who can.

1350 Avenue of the Americas, New York City, NY