Blockchain technology: The pioneer for digital trust
31. July 2020
Have you made business decisions based on manipulated data in the past? Unthinkable? Well, the numbers say otherwise:
According to a KPMG study(1), 57% of all (Austrian) companies were victims of cyber-attacks in the last 12 months. And 22% of all cyber-attacks were aimed at manipulating data.
Data manipulation is therefore likely. Still nothing to worry about? That is right, after all, manipulated data can be detected early and eliminated as a basis for decision-making. But is that really the case? Eventually, 18% of all Austrian companies told KPMG that they do not know whether they have been victims of cyber-attacks in the past. In most cases it takes more than half a year to detect a cyber-attack.
However, cyber-attacks are not the only source of danger, which often remains hidden. Unintentional transmission errors, incorrect configurations, faulty algorithms (e.g. in the field of robotic process automation) or compromised hardware can also lead to unintentional changes to data. These are all known and common errors, that can occur in any company at any time. In order to be able to rely on the integrity of your data for sensitive business decisions, data changes must be made transparent, tamper-proof and traceable.
This is a necessity that is explicitly highlighted in the international data protection and cyber-security research landscape. The public sector in particular is setting a good example with various pilot projects to ensure data integrity. Electronic identities, company and land registry data, registration registers - nowhere else the integrity of data must be ensured to a greater extent and regularly checked. The technological pioneer was always the same technology: blockchain.
Remember: A blockchain is - simply put - an immutable, decentralized database network with a large number of network nodes without a central instance or server. New database entries are communicated to all network nodes, combined with other database entries into blocks and time-stamped. These blocks are additionally encoded into hash values using a hash function(2). A hash function is characterized by its deterministic nature: The same input always results in the same hash value, while a changed original input results in a changed hash value.(3)
Due to the nature of the applied hash functions any manipulation of the original data input becomes visible. Therfore, the smallest data manipulation leads to a changed hash value. The hash value of a data block also contains the hash
values of the preceding data blocks. Thus, the data blocks are chained together by their hash values, which gives a blockchain its unchangeable and tamper-proof structure. As soon as a data block has been hashed, the newly created datachain is stored locally at each network node. The network participants then communicate with each other and agree on the longest and thus predominant data chain, to which new database entries are then connected. This avoids a single point of failure by design.
So how can the above-mentioned characteristics of blockchain technology provide added value for the integrity of your own data?
With a combination of cyber-resilient on-premise backups and decentralized data anchoring using blockchain technology!
We have realized this combination with Chroniql, our made-to-measure integrity-solution. Through our preconfigured interfaces and our connector framework you can load your data at any time into your personal, on-premise Chroniql database(4). Once your data has arrived there, Chroniql Notarization creates a fingerprint for each record at any given time. This fingerprint is a hash value that is subject to the deterministic laws as described above:
Same Input -> Same Output
Different Input -> Different Output (3)
This fingerprint is now stored in a (permissioned or permissionless) blockchain network. Due to our innovative storage and hashing concept, your data can only be viewed by you, despite a blockchain network with several participants.
If a data record is manipulated, which has been secured by Chroniql in plain text (on-premise) and as a hash value (in the blockchain network), the manipulation shows up in a changed hash value. This comparison between the original data and the hash values is also done by Chroniql on a fully automated basis. The integrity of your data is thus checked 24/7.
Each time someone retrieves the original data set for viewing, the integrity is displayed visually next to the document, to enable the viewer of the document to immediately see whether it is integer or not.
While Chroniql protects the integrity of your data fully automated in the background, you can use Chroniql Analytics to analyze and cluster your data for various compliance and data protection aspects. Chroniql Analytics can thus automatically control storage obligations or deletion requests for you.
Chroniql can be purchased either as a stand-alone package or in combination with our modular Compliance Cloud to manage data protection relevant processes, BCM measures, audit processes and ISMS implementations.
Contact us at any time for a non-binding initial consultation. We will also be happy to provide you with more in-depth technical information after entering into an appropriate contractual confidentiality regime.
(1) KPMG, Cyber Security in Österreich 2020 (Print-Version), source in German.
(2) This is a mathematical algorithm with which a character string of any length (e.g. a 3-page Word document) is converted into a character string with a fixed length (so-called hash value). See FIT, Blockchain: Grundlagen, Anwendungen und Potenziale, source in German.
(3) To be more precise: It is not possible to find a second input with a reasonable effort that results in the same hash value. In the same way, it is practically impossible to find two different inputs that produce the same hash value. See document under (2).
(4) Can optionally be offered as a cloud solution.
About the authors
This contribution is a collaboration of various technical experts from Akarion.