How the Gravity Protocol Team Implements a Security Development Lifecycle

4 min readJun 8, 2018

Ensuring the security of a blockchain network

Recent security incidents with the DAO, Ethereum Krypton 51% attack, and “epic” vulnerabilities discovered in EOS by Chinese security researchers at Qihoo 360 (luckily fixed) once again tell us that security concerns are paramount for open blockchain networks supported by communities.
First of all, we need to understand — “What is security?” The CIA security triad model, composed of three areas; (1) Confidentiality, (2) Integrity and (3) Availability will be referenced throughout this paper.

According to the National Institute of Standards and Technology (NIST):

Confidentiality refers to “The property that sensitive information is not disclosed to unauthorized individuals, entities, or processes”;
Integrity is defined as the “guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity”.
Availability references the concept of “ensuring timely and reliable access to and use of information”

What does it take to ensure security in your software system? It means that your engineering team has a certain level of maturity and implements rigorous Secure Software Development Lifecycle (S-SDLC).

The S-SDLC process ensures that security assurance activities such as code review, architecture analysis, and attack modelling, are an integral part of the development effort. The main advantages of pursuing a Secure SDLC approach with regards to an open blockchain are:

Increased quality and security of software as security is a continuous concern.
Awareness of security considerations by stakeholders and the community.
Early detection of flaws and vulnerabilities in the system.
Overall reduction of intrinsic business risks for the community.

Since Gravity Protocol is an open blockchain offering solutions for small and medium businesses, secure software is our highest priority.

The Gravity Protocol team follows a development process similar to Microsoft Security Development Lifecycle (SDL), which comprises the following stages:

1) Training: We have experienced engineers on board, all of which are masters of secure design, threat modeling, secure coding, and security testing best practices.

2) Requirements: We’ve established security requirements and performed security and privacy risk assessment. The following types of attacks were identified:

51% Attacks.
DDoS Attacks.
Attacks through gaining profit from fake activity.

The first type of attacks is only theoretically possible for PoS consensus algorithms in general and for our DPoI algorithm in particular. The second type of attacks is more or less addressed by blockchain architecture. We will focus on the third, which is specific to Gravity Protocol since it implements the Adaptive Emission feature. In our view, Adaptive Emission is one more way to incentivize network participants’ activity. The scenario for “fake activity attack” is as follows:

There exists a chance that a user or a group of users begin to imitate activity, e.g. by passing one coin between several affiliated accounts and gaining the profit from the dynamic emission.

3. Design: Gravity Protocol is a fork of the Graphene platform, which has proven to be secure in various implementations. As for a“fake activity attack”, a preventive measure that can be taken is by regulating the cost of transactions. At the same time, it should be highlighted that DPoI consensus algorithm (used by Gravity Protocol) already has some necessary features to protect the system against imitated activity. In particular, the algorithm takes into account both the transactional activity index for each client and their stake volume. Discovering clusters in a transaction graph is another means of managing affiliated accounts in such a way as to protect the network against fraudulent activity.

4) Implementation: Our engineering team performs rigorous static analysis and security checks prior to compilation.

5) Verification: The verification of Gravity Protocol software starts with the modelling of various attack scenarios with modules of DPoI and Dynamic Emission calculation. This modelling is performed by our mathematician Alexey Prokopov and data scientist Svetlana Ivina. The results of this modelling will be published soon, (see our upcoming publications). Our team designed an extensive bundle of automatic tests, which run on our private testnet prior to deployment to public testnet. We also introduce gamification to our verification process and very soon we will announce The Battle of the Bots in our testnet. This game is targeted at discovering security breaches in our software.

6) Release: To provide Final Security Review we asked Qiwi Blockchain Technologies for an independent audit of our network. We are going to reveal main highlights of this audit in an upcoming publication.

7) Response: Gravity Protocol software implements extensive logging and monitoring to enable the prompt discovery of potential attackers. We provide detailed instructions for individuals running our nodes about how to run/backup/resync the nodes.

We hope that our efforts and focus on the creation of a quality and secure software will help us in building great community and establish firm ground for an ecosystem of valuable services and applications for small and medium businesses.

by Alexander Lesnevsky