Centralization allows us to let somebody else, trusted and professional (we hope) to deal with our bank account, with our taxes, with our health care and even with our personal messages. The side effect of centralization is the creation of a place too good to be true. Heaven on earth for any subject interested in bank accounts and personal messages for any reason - just or not.
In recent weeks and months, we have seen attacks on giant US health insurers, banks all over the world and telecommunications companies handling masses of precious data. The common motives are money and PIIs - Personally identifiable information commonly used for tax return frauds, money transfers, intelligence purposes and further offensive operations. It is also known and published by many forensics reports of those breaches, that the centralization of control of the compromised networks, usually makes the intrusions successful. In every single one of the recent breaches, including the intrusion to the US DOD (Department of Defense) and Anthem (US insurer), the adversaries gained control of the asset controlling the access to assets network wide - the domain controller.
Today's network are centralized. The authentication and authorization is most commonly managed by a few assets - the domain controllers. The centralized work flow allow IT professional and InfoSec teams easy access and simple work flow which are much needed in large enterprises. On the other hand, the simplification passes through to adversaries as well. The ease of access to information and execution of administrative actions remotely, is exactly what adversaries are after. The organizational networks, that the IT build and maintain and the InfoSec team protect, are compromised by the very same tools used to create the networks. The foundations of order, certainty and availability which the organisational networks are built upon, are used by adversaries to attack.
Why not create a chaos to protect our networks?
On of the prominent values BitCoin and other crypto-currencies were built upon, is decentralization. Avoid letting one dominant entity control your money. Let the people handle it. Honesty and fairness are not to be taken for granted. The decentralization value actually shaken the traditional centralized banking infrastructure and suggested something else - Chaos. Chaos that can be trusted and allow the free market it's freedom. The chaos BitCon offers is built upon the decentralization of trust. Every one can be a "miner" and eventually approve a transaction or not. And the fact that the information is withheld by everybody participating, compromise of one sensitive asset will not be enough to take the whole system down. This is of course a very simplified description of the system, but the idea behind it, is what's important here.
The very same values and concepts BitCoin promotes, can be used to facilitate decentralized authentication procedures. When one user, from one endpoint, would like to access a remote machine across the network, the user will expose himself to the network and declare who he is and what are his intentions. In response, the community will approve, or not, his identity and the target service will approve access ,or not, based on the approved identity. The assumptions that BitCoin utilized, and implied in the decentralized authentication system, is that the majority of computing power in the world is good and honest. And so even if several hostile adversaries attempt to double spend BitCoin or gain unauthorized access by stealing identity, the rest, major computing power of the world will deny it. Chaos transformed into distributed power.
The idea of letting the whole world approve that I am indeed who I claimed to be, is no different then letting the whole world approve how many BitCoins I have. The seemingly chaotic feeling of the system is surprisingly secure, not to say better secured than the current traditional systems, handling our money and identities.
John Lenon wrote and sang "Power to the people" with thousands of protesters during the 1960's in the US. Now it's time to take that slogan and use it in our real lives, where we dearly keep all our personal and most private stuff - the virtual world.