**2. Blockchain as a secure ledger**

Once blockchain technology has been introduced, the focus is on the fulfillment of the information security properties it provides.

Focusing on data integrity, blockchain ledger is immutable. Every transaction in a block is cryptographically signed by its sender, every block in the blockchain is cryptographically signed by its miner, every block contains a hash of the immediately preceding block and all the participants in the blockchain network reach a consensus about the chain as the shared truth. To alter a single transaction in the blockchain, an attacker should alter each subsequent block accordingly, resolve the consensus challenge of that block and subsequent blocks, and persuade more than 50% of network participants to adopt the new chain. That situation is closeto-impossible, due to the hashing properties and the amount of computational and electrical power required to achieve this goal. Blockchain is tamper-resistant and integrity is the greatest of its merits.

Merkle trees are a fundamental use of hashing in blockchain technologies that have not been mentioned before in the article. Merkle tree summarizes all transactions in a block into a single fingerprint, allowing to verify that all transactions in the block have been included without modification. Below we can find an example of one of these Merkle trees (**Figure 2**).

As we can see above, each leaf in the Merkle tree is a hash of transactional data and hashing is applied recursively over each subset of hashes forming the tree structure. Merkle trees are not only applied to block transactions but sometimes also to the ledger state (the result of the execution of all ledger transactions).

Non-repudiation is another information security property intimately linked to integrity. Since every transaction in the blockchain is cryptographically signed by its sender and the chain is immutable, the sender can never deny having ordered the transaction. However, that sender, in general, cannot be associated with a physical entity, but only with an account (as we will explain when discussing about privacy).

**Figure 2.** *Merkle tree.*

In terms of availability, the distributed character of blockchain network makes it highly available. In addition, transactions on public blockchain networks usually involve a cost to the sender equivalent to their processing and storage consumption. This cost results in a reward for the miner of the block containing the transaction. Furthermore, it protects against Denial of Service (DoS) attacks, since an attack involves a cost proportional to the resources consumed for a potential attacker. For example, in Ethereum MainNet, this cost is reflected in the concept of gas. Gas represents the computational and storage cost of the transaction. At the same time, this gas has a variable cost in Ether, Ether that is obtained by mining or buying it. The availability concept is linked with the anti-SPoF (anti-Single Point of Failure) concept. Preventing a SPoF is usually a mandatory requirement when it comes to critical applications and, which need to offer a high availability rate, and even not-so-critical ones. If this point of failure is exploited, accidentally or intentionally by an attacker, the whole ecosystem breaks down, so it's interesting to be able to use resilient infrastructures, like Blockchain, to avoid this issue.

As for privacy, it is important not to confuse this concept with confidentiality, although they usually come hand in hand. In general, public blockchain networks bind transactions to accounts. These accounts are represented by a public-private key pair and may have a state associated with them, but they are not usually associated with an entity or individual. Only the individual in possession of the corresponding private key can launch a transaction on behalf of the account through a cryptographic signature, but the identity of the individual behind the key pair is unknown. In this way, a high degree of privacy is offered thanks to this pseudoanonymity. Of course, there are identity management frameworks for blockchain, but these frameworks are not part of the core of a classic blockchain network.

One of the strong points of blockchain technologies is the transparency of transactions, a concept that in general is at odds with confidentiality (understood as encryption). Therefore, and except for specific blockchain technologies and private networks, blockchain does not provide encryption capabilities and this, if applies, must be implemented at the application level.

On the other hand, authorization is usually left to the application level in regular non-permissioned blockchain networks, while it can be part of the core of the technology in permissioned blockchain networks.

In short, we can conclude that blockchain is an extremely secure and resilient technology, but in general does not include confidentiality (understood as encryption) among its main objectives.

**77**

**3.2 IoT devices**

*Blockchain Applications in Cybersecurity DOI: http://dx.doi.org/10.5772/intechopen.90061*

recovery point objective.

not slow down your work.

the storage space you require.

mismatch nor contain errors.

**3.1 General-purpose devices**

related to the integrity of the data.

literature.

following features:

**3. Blockchain for backup and recovery**

Having shown to the reader the blockchain capabilities as a secure ledger, this section wants to analyze blockchain as a support tool to implement backup and recovery strategies. We have chosen this use case because it shows in a different way another use of blockchain, far from the common ones which usually appear in the

One of the most innovative applications of blockchain technologies is to use it by secure storage and recovery systems. A Backup & recovery system usually has the

• **Continuous/Automatic data backup**: It ensures that the changes you make to your files are simultaneously copied to the storage location. This lets you recover even the most recent changes in case of data loss, thus lowering your

• **Incremental backup**: This is a type of backup where only the changes are copied, not the full file. This reduces the time taken for copying data and does

secondary storage to reduce the downtime of an application.

& Recovery systems are being extended to cover these devices too.

• **Instant recovery**: This feature allows a backup snapshot to run temporarily on

• **Data deduplication**: It eliminates duplicate data record blocks while data is transferred to the backup storage location. This reduces the network load and

• **Error-free copy**: Data backup software features also ensure that the data copied from a source and stored at the backup server are the same and do not

Historically, backup and recovery procedures were applied mainly to generalpurpose devices in the enterprise environment. The number of incidents grows daily, and the consequences are increasingly alarming as, for example, security holes in IP cameras [6], DDOS attacks generated from the Mirai botnet [7, 8] known as Dyn Attack or event take control of a vehicle [9]. Due to these problems, Backup

From the point of view of general-purpose systems, the main challenge that blockchain is expected to solve is the control data from tampering attacks; directly

We could find proprietary solutions that offer blockchain backup services at an enterprise level, see [10]. This solution provides mechanisms to ensure that legal documents existed on certain dates or to certificate authenticity of medical records.

Most IoT systems are managed through firmware so ensuring the integrity and authenticity of the firmware update of the devices is a complex and critical task that must be carefully addressed. In addition, it may happen that multiple devices

*Computer Security Threats*

In terms of availability, the distributed character of blockchain network makes it highly available. In addition, transactions on public blockchain networks usually involve a cost to the sender equivalent to their processing and storage consumption. This cost results in a reward for the miner of the block containing the transaction. Furthermore, it protects against Denial of Service (DoS) attacks, since an attack involves a cost proportional to the resources consumed for a potential attacker. For example, in Ethereum MainNet, this cost is reflected in the concept of gas. Gas represents the computational and storage cost of the transaction. At the same time, this gas has a variable cost in Ether, Ether that is obtained by mining or buying it. The availability concept is linked with the anti-SPoF (anti-Single Point of Failure) concept. Preventing a SPoF is usually a mandatory requirement when it comes to critical applications and, which need to offer a high availability rate, and even not-so-critical ones. If this point of failure is exploited, accidentally or intentionally by an attacker, the whole ecosystem breaks down, so it's interesting to be able to use resilient infrastructures, like Blockchain, to avoid

As for privacy, it is important not to confuse this concept with confidentiality, although they usually come hand in hand. In general, public blockchain networks bind transactions to accounts. These accounts are represented by a public-private key pair and may have a state associated with them, but they are not usually associated with an entity or individual. Only the individual in possession of the corresponding private key can launch a transaction on behalf of the account through a cryptographic signature, but the identity of the individual behind the key pair is unknown. In this way, a high degree of privacy is offered thanks to this pseudoanonymity. Of course, there are identity management frameworks for blockchain, but these frameworks are not part of the core of a classic blockchain network. One of the strong points of blockchain technologies is the transparency of transactions, a concept that in general is at odds with confidentiality (understood as encryption). Therefore, and except for specific blockchain technologies and private networks, blockchain does not provide encryption capabilities and this, if applies,

On the other hand, authorization is usually left to the application level in regular

In short, we can conclude that blockchain is an extremely secure and resilient technology, but in general does not include confidentiality (understood as encryp-

non-permissioned blockchain networks, while it can be part of the core of the

**76**

this issue.

**Figure 2.** *Merkle tree.*

must be implemented at the application level.

tion) among its main objectives.

technology in permissioned blockchain networks.
