Passwords are supposed to secure our information, but even the most trustworthy of companies don’t always stand against the forces of evil in the online world. For example, did you know that the latest hack attack on LinkedIn caused credentials of 117 million users of the professional networking site to be put up for sale online? REMME has found a way to prevent attacks like this from ever happening and stop attackers from obtaining private information by using blockchain.
Blockchain: The Introduction
What exactly is a blockchain? A blockchain is a secure technology that uses a distributed database instead of locating, storing, and maintaining data in a single location. It’s decentralized database capability allows for addressing security concerns raised by numerous password confirmation tools available today. If a hardware failure occurs on a centralized database, it may cause all the data to be lost. This doesn’t happen to a distributed database, which makes it a very secure way to store sensitive information.
By design, blockchains are resistant to data modification. Once the data is recorded, it cannot be altered. This makes them an efficient tool for recording transactions between two parties in a verifiable and permanent way.
Blockchain features guarantee users secure passwords and take into account the important role of human nature in creating passwords. However, only a few companies use its potential to tackle the subject of password-related issues.
Cyber Crime Trend
In 2016, the attack on Yahoo! lead to around one billion Yahoo user accounts being compromised. Cybercriminals were able to obtain names, passwords and other personal details, such as telephone numbers and answers to security questions. Sadly, this wasn’t the first hacker attack on Yahoo! Afterward, loads of DIY-guides on how to hack a Yahoo!-account were posted and are still online.
The findings of security companies only confirm this unfortunate trend. In 2016, Verizon reported that 65% of confirmed data breaches involve weak, default or stolen passwords. It’s much less then compared to the 95% in 2015, but still, the company states that the real problem, which accounts for 90% of all security incidents, are people. Numerous users fall for phishing attacks, attempts to obtain sensitive information such as usernames, passwords, and credit card details disguised as credible requests. According to Verizon, 23% of people open phishing emails, half of them even open attachments.
At this time, global level of cyber attacks is far greater than the number of tools to fight them effectively. Reports show that cyber crime is a growth industry that costs the global economy about $400 billion annually. Over 70% of organizations have increased their spending on cyber security in 2017, as opposed to just 58% the previous year.
Password Problems
Annually, billions of dollars are spent on cyber security, as even the slightest breach can have disastrous consequences. The number of services that are supposed to minimize the danger of being hacked grows, including browsers remembering password or password managers like 1Password and LastPass. However, they only delivered minor improvements without changing the nature of the problem.
A larger problem, is the centralized architecture of the database storing logins and passwords on a server. Which means, if it’s been hacked, all data can be accessed at once. Unfortunately, even Two Factor Authentication (2FA) has been proven to be penetrable through social engineering. This is especially true with data delivered via SMS, as hackers can access user data through a user’s login phone number, that can then be provided by the phone company.
REMME’s Proposal
The goal of the REMME high-end secure system is to build a distributed Public Key Infrastructure (“PKI”) management on top of the x.509 standard using Blockchain that will help IoT, financial, infrastructure, medtech and blockchain companies address the problem of security failings.
A PKI is a set of roles, policies, and procedures that are necessary to create and manage digital certificates and public-key encryption. It’s being used to secure the electronic transfer of information in e-commerce, online banking, and confidential correspondence. This way, passwords and human error are eliminated to provide a high-end secure system, that is easy to use without compromising security.
REMME solves the problem of central servers that can be hacked, as well as preventing attacks, such as phishing, server and password breach, and password reuse attacks.
We believe that blockchain will help build a safer future and offers a solution that potentially can prevent terrorist attacks or stop hackers from overriding election software in one candidate’s favor.
How Does It Work
The REMME technology has TLS/SSL certificates that protect the channel from an attack such as the “man in the middle”, where the attacker secretly alters the communication between two parties without them noticing. The technology allows to validate certificate without the certification authority creating trusted p2p TLS connection. Certification authority is replaced by Blockchain.
REMME allows companies to issue and revoke their own self signed certificates. The certificate is releasing with the email address and phone number of a user. Then server checks the certificate’s signature and generates a random number. Company generates certificate locally and then installs it to a certificate store on a local machine, where it stores encrypted with some secret phrase. The certificate uses api from certificate store on a local machine to interact with private keys, which adds an additional layer of security in comparison with other account protection technologies.
In addition, REMME provides 2FA based on the app a user already has. Instead of traditional text messages and OTP codes, users get an authentication token sent via the messenger apps (like Telegram, Facebook Messanger, WeChat) of their choice.
Why Is It Important?
With all that said, is there a way to fix the problems companies like LinkedIn or Yahoo! have been plagued with? We can only learn from the mistakes of the others to make the world a better place. We depend on technology to prevent hacker attacks and misuse of information. Which is why REMME has developed a technology that helps us make the first step towards protecting our personal data; keeping private and business conversations, payments, financial and medical records safe.
Interesting concept and proposal. Thanks for sharing.