is one of the frequently discussed technologies in the recent years. It is changing
the life style and way of thinking of the people. Due to its nature of free
from control of central unit it has impacted in many fields from business to
education and financial organizations. It’s a bunch of features that makes it
like a rising star in the field of technology. But then also we have to concern
about the privacy and confidentiality challenges in this technology.
Keywords – Blockchain, Privacy, Security, Confidentiality
Started from the digital currency blockchain has been applied to
many fields. So it’s very important to think about the privacy rules and
security when planning to accept a blockchain system. Privacy and security is
the matter of great concern in the design of a blockchain. As blockchain deals
with storage and exchange of information, which may be personal information. The
privacy and security rules must be applied to the processing of information via
blockchain. In blockchain, privacy and confidentiality refers that transaction
and details of the nodes are safe.
Blockchain is the latest way of sharing and storing information. This
technology uses different way of storing the data that is different from other
traditional methods. The information is stored in the form of blocks and these
blocks are connected with each other. Newly generated block is to be connected
to its previous block, in this way it makes a chain of blocks. The information
stored in the block is permanent i.e. it can’t be alter or modify. To make any
change in the stored information is a very typical task. Because all
participating nodes must be agree for update.
Fig 1: A block structure
Every block contains a hash of the previous block. A hash is
sequence of numbers and characters. Transparency and verifiability help
to prevent unauthorized changes.
There are many features that make the blockchain technology more
attractive for financial use cases in terms of confidentiality and privacy:
Avoids the need
of a middle-man which can reduce transfer cost.
Supports for digital transactions.
Creates an open ledger, which makes it easier
to share information with in the network.
2. Confidentiality and Privacy versus Security
CIA tried model is followed in an organization to achieve
the data security. CIA stands for Confidentiality, integrity and availability.
Confidentiality means limiting the access to information. That is only
authorized person can access the information. The means of integrity is that
the information is trustworthy and accurate. The information is not modified by
any bad actor. The integrity is the way of maintaining the consistency,
accuracy, and trustworthiness of information over its entire life cycle. The availability means that the information
will be available when required.
Blockchain technology fulfills the requirement of both integrity and
availability, but achieving confidentiality has proven to be more challenging.
Fig 2: CIA triad
The confidentiality and privacy means the data is protected. In terms of blockchain technology, confidentiality and privacy
means that both the transaction and the identities of participating nodes are
protected. To achieve the requirements of any system it
must satisfy the following:
An unauthorized third party
should be able to identify the counterparties to a transaction in a
blockchain until unless the counterparties reveal that information.
Transaction details must be
invisible to the person who is not involved in that particular transaction
until the participating parties not disclose their information.
Integrity means the data that is written to
the blockchain is correct and cannot be subsequently altered:
Only authorized parties can add
the transactions in a blockchain.
Once a transaction is committed
it can’t be denied later.
Every transaction is immutable
i.e. it’s not easy to edit a transaction after completion the transaction
Any transaction cannot be
cancelled or reversed.
Availability of blockchain systems refers to
their ability to withstand outages and attacks:
In a blockchain the information
should be available at all participating nodes without any failure. This
is inherent in blockchain technologies’ distributed nature.
The system must have the
capacity of handling high loads in its working condition.
In a blockchain all transactions are published publically
and they are available for all participating nodes in the system. In most
applications the published transactions are not encrypted. If this information
is important related to someone or its personal data, this creates the
regulatory and legal problems. This problem can be resolved by storing only
encrypted data in the blockchain. But it will create another problem: If the
decryption keys of encrypted information lost, the data may not be recovered in
its original form. Also, decryption key is stolen all the data is forever decrypted in the blockchain since the
data cannot be altered.
In case of a public blockchain ledger is publically
available. Anyone can look at this ledger and see what the
balance of a specific address is. These addresses are pseudononymous — but once
I transact with you I can reasonably guess what addresses are yours — and then
reasonably guess how much money you have! This is bad!
We need to encrypt the information in a transaction to make information
much more private. To add this encrypted information, we need to
add more data to each individual transaction on the network. But it’s not so
easy because it will increase the size of a current transaction.
technology is a good example of security ( in terms of immutability) and
Fig 3: Transaction of Bitcoin
The fig 3 shows detail of a transaction in a Bitcoin blockchain.
From this transaction we can see how the information
in a blockchain is published publically and the addresses of communicating
parties are linked across multiple transactions. The transactions are
publically published, open and transparent. So with the help of this public key
any how someone can get the details of the transaction of a particular body and
his account. In a public blockchain transaction details are not confidential.