Watch the 4-minute video above or on YouTube, or read the transcript below.
Norbert Pohlmann is a Member of the Board and Director of IT Security at eco – Association of the Internet Industry. He holds two positions at Westphalian University of Applied Sciences, Gelsenkirchen: Professor of Distributed Systems and Information Security in the field of IT, and Managing Director of the Institute for Internet Security. For five years, he was a member of the "Permanent Stakeholders' Group" of ENISA (European Network and Information Security Agency), the European Community's security agency (www.enisa.europa.eu).
dotmagazine: What is it that makes blockchain so secure?
Prof. Norbert Pohlmann: The main advantage of blockchain is that we have trust without a central entity and that means we have trust mechanisms and we have an appropriate blockchain architecture, and we have distributed consensus, and we have distributed validation mechanisms, which help us to offer different kinds of security features without a central entity.
dot: But doing away with the central entity does not mean we can become complacent about IT security, does it?
Prof. Pohlmann: We need a lot of IT security functions for the blockchain. First we need a robust P2P network. That means we need the right resources, we need the right number of nodes in the P2P network, we need the right resources in the node, storage, CPU, RAM, and we need the right bandwidth between the nodes. We also need a distributed delivery function for transactions and new blocks, and then we need crypto-agility. That means we have to use the right state-of-the-art crypto algorithms, for example RSA, for the hash-function, for signatures, and for all the clever hash-functions we need to fulfill all the security requirements. And additionally we need a trust function, which helps us to build trust. The most important here is a remote validation function and we have to protect the wallet. The wallet is quite important because if you own the wallet you can manipulate the blockchain. And we have to be sure that the blockchain application is malware free.
dot: What potential do you see for developing new applications, business models, and eco-systems on the basis of blockchain?
Prof. Pohlmann: If you see the distributed blockchain architecture, then the collaboration and ownership of assets will be managed and verified by the node in the P2P network, with the help of the smart IT security and trust function without a central entity. And this means we have trusted automatic transactions stored which would save money and time. Saving money and time is a motor for all the blockchain applications and here we have different fields – especially in logistics we can save a lot of time and money – but also automatic certification processes play an important role with blockchain and here, certificates or driver's licenses play a role.