Blockchain Security

Introduction

Blockchain has been the most searched term in 2017 and to date it still is.  In spite of the fact that blockchain technology has been around since 2009, with the first implementation being Bitcoin, there have not been any corporate-wide deployments yet.  There are three blockchain deployment models:

  • Public
  • Private
  • Hybrid

All the major deployments have been public, such as Bitcoin, Ethereum, Litecoin, etc.

There has not been a major uptake of the private deployment by the enterprises.

Use cases

The blockchain is not a solution to every problem.  In the current hype cycle, blockchain is being touted a solution to every problem on earth.

Before anyone embraces blockchain technology they should be clear on the requirements first and then look for solutions, and blockchain might well be the solution.  It should not be the other way around where we have a hammer in form of a blockchain, hence everything looks like a nail, thereby a solution looking for a problem.

Blockchain x.0

Of all the blockchains solutions currently available today, they are trying to address a specific vertical.  Now we are in blockchain 3.0 phase.  The evolution of Blockchain technology as I see it is as shown below(This is not an exhaustive list):

Blockchain 1.0 Blockchain  1.5 Blockhain 2.0 Blockchain 3.0 Blockchain 4.0
Bitcoin Monero Ethereum EoS Polkadot
Litecoin Zcash Corda NEO DFINITY
Dogecoin Zcoin HyperLedger Tezos

 

Smart Contracts

In 2015, Ethereum was released and it introduced the idea of smart contracts, which have nothing to do with legal contracts, hence smart contract ? legal contract. The term smart contract got coined when Ethereum Founder, Vitalik Buterin, was working on a project and that needed a level of automation, and they decided to call it smart contract. A smart contract is just an ability to programmatically execute decisions based on certain inputs. Blockchain 2.0 platforms introduced the concept of smart contracts and a distributed world computer where you could deploy a conditional code that would execute as soon as it was called on the nearest full node.

 

The Weakest Link

To date, all blockchains have been resilient to hack attacks due to the cryptographic mechanisms that have been implemented.

The most vulnerable are the public blockchains, which operate unprotected on the internet and the respective Proof of Work(PoW) and/or Proof of Stake(PoS) algorithms have provided that security.

All the hacks have been in the following areas:

  • Key management for the crypto wallets
  • Smart contract code being buggy, which allowed a threat actor to exploit the threat vector, a vulnerability in smart contract code, which caused the DAO hack in 2016. The hacker stole about $150M worth of Ether.

 

Security Considerations

As the blockchain platforms get more complex the number of threat vectors also increases exponentially.  For instance, following areas need special attention when building a blockchain platform and surprisingly most threat vectors are very similar to any application stack.

  • Cryptography: Key management, Encryption, Hashing
  • Consensus algorithm
  • Identity
  • Authentication
  • Authorization
  • Code review and testing development practices
  • Data integrity
  • Encryption mechanisms
  • Incident Response