Since 2018, more than $1.1 billion in cryptocurrency has been stolen by cybercriminals. As a result, the lack of genuine security is turning that particular market on its head. Blockchain technology, which is considered the “backbone” for cryptocurrencies, has a lot of different uses nowadays. The degree of theft occurring in the cryptocurrency market is one of the main reasons why potential investors are hesitant to invest (this includes someone with the use of blockchain and other digital assets). According to Krypti.io Executive Vice President Steven Russo, one of the main causes behind this alarming trend starts with generic passwords like “password123,” which is why he considers passwords to be the weakest link to any security.
“Looking at the world today, almost everything you do is secured by a password, so you probably need one on 10 different things you use on a regular basis,” says Russo when I spoke with him earlier this month. “Humans are lazy by nature, so people tend to use the same password for a few different systems. That opens them up to attacks from internal bad actors. All you need is one bad actor who is an IT professional to access some password in order to get a hold of someone’s information. More often than not, they’ll try the same password for a few accounts of their victim somewhere else.”
Aside from faulty passwords, Russo also points out the issue of data storage methods. Encryption is essentially the ability of changing information to a different unreadable language. Every year, several million dollars are spent on virtual vaults to contain, encrypt, and change the language of data, along with the construction of firewalls around these vaults to stop malicious infiltrations. Despite these efforts, Russo believes it’s been repeatedly proven to not be the best methodology because entities spending these figures (like major companies and government departments) have all experienced mass data breaches. While these current methods we use may be outdated, Russo thinks the deployment of a technology known as “micro-encryption” will be the paradigm that changes and shifts the way data is stored.
The premise behind micro-encryption begins with micro-token exchange—if real data can be hacked, lost, stolen, or intercepted, then stop using real data and go with micro-tokens. Instead of encrypting data in its existing origin and in one big package, micro-encryption and micro-token exchange removes data from its original location. The data is then replaced with micro-tokens, which is the basic high-level difference between micro-token exchange for data at rest and encryption.
“When micro-encryption is applied to a system, what they actually do is remove the real data from the system and replace that information with what are called micro-tokens,” says Russo. “So when a bad actor breaks through the firewalls and encryption, all that is left are these micro-tokens.”
Russo says micro-tokens are created through a tokenization process. Bad actors can throw all the quantum computers they want to reverse-engineer them, which isn’t possible because it’s not encrypted. However, when that same valuable data needs to be accessed by a user, the application calls the micro-token as to say “Hey, I need this data,” after which they micro-tokens call the micro-encryption system, and retrieve that single piece of data.
“What they’ve done is stop the ability for a mass data breach to occur. In this micro-encryption system, even if someone were to hack in, every single piece of data is now encrypted individually,” explains Russo when asked to describe how micro-encryption works. “So if you have 100,000 files in this micro-encryption system, they would have to execute 100,000 individual unique data breaches with all sets of keys, master keys, and rotating keys. When cybercriminals see this, they’re going to leave and go to an easier target.”
When used in the database (which is popular for storing large amounts of information), even when talking about personal information, Russo says this micro-encryption process actually goes down to the field level, which would require 10 times the amount of infiltrations for that data breach to occur. As described by Russo, going into a micro-encryption system is like taking a book, cutting out all the words, individually dropping them into a box, shaking the box, and then expecting someone to put the whole book back together. The idea of micro-token exchange, which is applicable in many different ways, can become a new wave of securing information for both connected intelligent devices like smartphones, key fobs for cars, garage door openers, and IoT applications—all of which lack genuine security. This is especially relevant when considering how the concept of micro-token exchange isn’t just for data at rest, but in motion and connected intelligent devices.
“The standard for the credit card industry is called PCI. This is a requirement where if you want to store or do transactions with credit cards, this will be the only wallet in the market that is PCI DSF level-one certified—the highest level provided by Visa/Master Card,” says Russo. “That’s how they’ll be storing digital information like passports, credit cards, cryptocurrencies, and even HIPPA-compliant content like health information. This is going to be the next big thing in digital asset and cryptocurrency protection, along with the ability to share such assets with others using blockchain.”
Filed Under: M2M (machine to machine)