Is Blockchain the Perfect Defense Against DDoS Attacks?
by Alexandre Francois
Since last year there has been an alarming rise in distributed denial of service (DDoS) attacks. A report published by U.S. technology company Neustar, for example, estimates a 200% increase in DDoS events against their customers in Q1 2019 compared to the same period in 2018.
With conventional security options increasingly challenged by this cyber threat, we explore the possibility that Blockchain technology can provide a more secure option against this type of attack. Let’s take a look.
A Square Peg In a Round Hole
The problem with a DDoS is not that there is an attack. The challenge is that existing security measures are not optimal for dealing with the attacker’s strength. Many of these solutions are not flexible, imposing counter-measures that slow down the systems they are trying to protect and create more issues for the network’s users. It’s because existing DDoS protection operates using centralized architectures. And this is fine when dealing with centralized attacks, but appear inadequate when dealing with decentralized activity. It’s like forcing a square peg to fit in a round hole.
As the term itself implies, a DDoS attack is decentralized in structure. The attacker first takes control of vulnerable computers, then launches the attack simultaneously from these. The problem is made even worse by the fact that more and more non-secure digital devices continuously flood the marketplace. And the emerging Internet of Things (IoT) could be adding millions of TVs, cars, industrial machinery and other connected appliances to the horde of potential botnets available to attackers.
Fighting Fire with Fire
To stave off a decentralized attack, you need a decentralized defense. Blockchain was developed to run within a distributed architecture. Could it deal with a DDoS event? There are not a few who believe so.
Although it was originally built so that transacting parties can exchange assets securely without the need for a third-party facilitator, Blockchain’s potential extends to applications beyond financial sectors. At its core is a decentralized database that can only add new records. It is then distributed to all the other designated nodes on the network. When one copy of the database is compromised, the rest of the network simply cuts it off and proceeds unaffected. Blockchain’s distributed database is the foundation for its immutable ledger, the system that validates and records each transaction.
So by design, it would appear that Blockchain is equipped to face up to and withstand a DDoS attack. For starters, it eliminates the risk of having a single point of failure. It can maintain a list of compromised IPs in its ledger, and this would be resistant to disruption attempts. As soon as a server with the list is compromised, a user can switch to any other node on the network to access a safe copy.
A few cyber security providers are exploring the viability of pooling network and bandwidth resources to rent out to users. In the event of a DDoS, the added computing resources can help offset the effects of the attack. This way, a Blockchain can leverage its resources to neutralize the relentlessness of a DDoS.
The Other Side of the Coin
However, Blockchain faces a number of challenges that could hinder its effectiveness as a solution against DDoS.
First is a global shortage of backend expertise to develop industry-centric applications, as well as a lack of consultants who can connect the technology to specific business processes. In other words, there are not enough people who can capably bring the technology from the conceptual stages to the frontline trenches. This is a particular disadvantage for Blockchain, especially against the kind of overwhelming attacks characteristic of DDoS. It could take some time before solutions can be configured for individual cases. By then, it could be too late.
The technology is also not yet compliant with many existing and new regulations. The EU’s General Data Protection Regulation (GDPR), for example, require that all databases have the Create, Read, Update, Delete (CRUD) operations and that personal information stored in these databases must not leave the EU. The Blockchain database, by design, does not support CRUD, and because it is distributed it cannot guarantee that personal information will not be stored in a node outside the EU. These restrictions could affect how effective it can be against attacks that can originate from anywhere in the world.
Besides these issues, Blockchain will need to work with legacy applications, and this may require extensive and costly modifications to existing systems. Its power and storage requirements could also cause organizations to think twice before adopting the technology.
Addressing these concerns is important to establish Blockchain as a viable weapon against DDoS, regardless of industry or geographical setting.
Blockchain certainly offers intriguing possibilities to defend against the decentralized nature of DDoS attacks. But it is still quite a diamond-in-the-rough that needs to be polished for its potential to be fully realized.
About the Author
Alexandre Francois is a serial entrepreneur and tech enthusiast who believes that knowledge about innovations and emerging technologies should be easily understandable and available to everyone. Walking the talking, he is also the publishing director of Techslang — a tech awareness resource where cybersecurity and IT is explained in plain English.