Blockchain Brings New Frontier for Secure Digital Identity and Authentication
Technology Blockchain might be the key to eliminating the kind of wide-scale data security breaches that are making headlines worldwide and large enterprises are beginning to leverage blockchain technologies for advanced protection of sensitive data.
Blockchain might be the key to eliminating the kind of widescale data security breaches that are making headlines worldwide. For large enterprises where siloed, centralized data is constantly under threat, cutting-edge organizations are leveraging blockchain technologies for advanced protection of sensitive data.
“Decentralized data storage—particularly user authentication data—breaks down the attack surface of centralized databases into individual, independent user credential verifiers,” says Locke Brown, CEO and Co-Founder of NuID. “When you decentralize data storage, you drastically reduce the incentive for attackers.”
The San Francisco-based start-up is at the peak of a new wave of tech companies turning to blockchain technologies for new paradigms in user authentication. While the public tends to associate blockchain with cryptocurrencies, a few cybersecurity companies are leveraging distributed ledger technology as an alternative to the centralized storage of user authentication data such as passwords in large, siloed databases.
Hiding the jackpot from hackers
“Centralized data storage creates an incentive for hackers and attackers,” he says. “An attacker that breaks into one database of, say, thousands of user credentials and other personally identifiable information (PII), gains access to all that data in one place—you have essentially created a massive jackpot.”
NuID is challenging the traditional security paradigm by combining distributed ledger technology with zero-knowledge cryptography to create a state-of-the-art authentication and digital identity solution. Like many companies in cybersecurity and fintech, NuID is leveraging the blockchain-based Ethereum network to test new applications and solutions including user authentication.
“In our case, we consider decentralized authentication to mean that individual user authentication secrets, such as passwords, are distributed across a network of nodes using blockchain technology so there’s no single point of failure,” explains Brown. “By returning credential ownership to individual users, companies no longer need to store and protect user authentication data internally.”
The NuID protocol leverages advances in zero-knowledge cryptography to completely eliminate the need for large, siloed databases, thus redefining the foundational standard for authentication. A “zero-knowledge proof” is a way for a user to prove to a verifier—even an untrustworthy one—that they know something (e.g., a password) without revealing any information about the thing itself.
Reducing security risk with zero-knowledge cryptography
NuID converts user credentials into tiny immutable programs stored on Ethereum rather than on individual devices. “The program is a mechanism that verifies you know your password,” explains Brown. Validation only occurs when successfully unlocking the program originally stored on the blockchain.
The beauty of the process is that users can authenticate from any device. While some companies are building blockchain-based authentication that rely on device-based private keys, the NuID protocol ensures lost or stolen devices do not present the risk of security breach.
“Most solutions right now are patchwork solutions that attempt to protect the current paradigm of database solutions that are really antiquated,” says Brown. “You have all these patchwork solutions built on top of each other. What we’re doing is redefining the foundational standard for how authentication and identity management works today.”
NuID is a member of the Decentralized Identity Foundation and is working to create standards and educate companies in enterprise data security solutions. While this rapidly evolving space is still nascent, forward-thinking companies from global consulting firms to financial service providers are collaborating with start-ups like NuID to create and test new blockchain-based authentication protocols.
“In this modern digital age, data enterprises need to embrace new technologies to keep the trust of their customers, protect their employees, and safeguard their internal systems,” notes Brown. “If you want to build a foundation that giants can stand on, you need to embrace new paradigms.”