INTRODUCTION
Blockchain technology will redefine and revolutionize the global economy, the way we live and do work. Its potential will give us greater control and efficiency over our healthcare and well-being, provide simultaneously faster, more transparent, and private financial transactions, greater insight into the quality of our foods and products we buy, greater efficiency, and less risk in the way we conduct business. It has the capacity and ability to provide verifiable identification to the over 1 billion individuals without any documented proof of existence and banking to the 2 million unbanked individuals.
Blockchain technology also called Distributed Ledger Technology (DLT) is gaining traction today, but there remain critics who question the scalability, security, and sustainability of the technology. Its unique attributes position it to provide a new infrastructure on which the next generation of streamlined business applications will be built. This also creates unique security challenges. While blockchain technology has proven highly tamper resistant, blockchain applications vulnerabilities have been exploited with some significant consequences.
In this paper, I will review the security of blockchain technology and more specifically as it deals with information technology security challenges currently and in the near future.
The specific points to review and address:
· Hacking of the blockchain
· A generalized category of security threats to consider when designing a security solution.
· Assessing the current maturity level of blockchain technology using the CIA security triad model of Confidentiality, Integrity, and Availability.
A FALSE IMPRESSION
In February 2014, approximately 850,000 bitcoins were stolen from Mt. Gox, the largest Bitcoin exchange in the world at that time. In June 2016, the Distributed Autonomous Organizations (DAO) got hacked. An attacker managed to retrieve approximately 3.6 million Ether out of the 12.7 million Ether raised from the DAO fund by the Ethereum community using a loophole which is known as a “recursive call exploit”. In August of the same year, 2016 the second-largest Bitcoin attack occurred at the Hong Kong-based cryptocurrency exchange platform, Bitfinex. The hackers made off with 119,756 bitcoins valued today at approximately $1.6 billion. The attackers were never caught though news reports of transfers worth $21 million of Bitcoin from that breach to unknown wallets have been published recently.
Another attack often discussed as a more theoretical distant concern known as the 51% attack, has become far too common since the year 2018. Attackers in at least five (5) instances have identified vulnerabilities in the lack of miners on smaller coin networks, leveraging mining marketplaces to rent mining power and spin it up quickly. In April & May 2018, Verge suffered two (2) successful 51% attacks. The attack in May lost Verge a large sum of 35 million Verge or $1.7 million. In the same year from May 16 to May 19, Bitcoin Gold suffered attacks that were used to double-spend Bitcoin Gold on exchanges, making off with around 12,239 BTG valued at around $18 million at that time. On January 5, 2019, a 51% attack began and over the next two days the attackers made off with a total of 219,500 ETC or around $1.1 million.
Due to the frequency, quality, and visibility of blockchain applications breaches, it is easy to get the impression that blockchain has been hacked. The vulnerabilities discussed and those not discussed in this paper show that these hacks occurred on permission-less networks where each malicious actor or actors identified a vulnerability within these blockchain ecosystems and exploited it — they do not show that the underlying blockchain technology is hacked.
The question remains — will blockchain technology be of help or a hindrance to information technology security? The ability to secure distributed ledgers, digital currencies, digital wallets, and other application is mission-critical. Blockchain technology could potentially help improve cyber defense as it can secure, prevent fraudulent activities through consensus mechanisms and detect tampering based on its underlying characteristics of immutability, transparency, data encryption, and operational resilience (which includes no single point of failure). However, in the words of Cillian Leonowicz “blockchain’s characteristics do not provide an impenetrable panacea to all cyber ills, to think the same will be naïve at best, instead of as with other technologies blockchain implementations and roll-outs must include typical system and network cybersecurity controls, due diligence, practice, and procedures”.
Blockchain technology will be just one component in a new and upcoming stack of IT infrastructure. Hence, with any blockchain solution, security must be baked into the entire architecture. There is certainly a bit of confusion and hype around blockchain security and many variables need to be considered when designing a security solution, but we can generalize the security threats into 3 main categories.
They are Endpoint Vulnerability; Untested Code; Ecosystem/ Third-party Risks.
ENDPOINT VULNERABILITY
Endpoints serve as points of access to an enterprise network and create points of entry that can be exploited by malicious actors — this is where humans and technology connect and, with blockchain-based solutions, can include digital wallets, devices, or the client-side of the application. Endpoint vulnerability is further multiplied by the number of applications on each device and whether each application complies with security policies. The most direct and potentially easiest method of attacking any technology solution is through endpoint vulnerabilities. For users, this means potential vulnerabilities in the protection of their private key and password or physical access to their phone or computer.
If one of these endpoints becomes compromised, and a malicious actor gains access to an account, unless additional security protections exist such as two-factor authentication on asset transfers, everything contained within the account can be at risk. The malicious actor, using the compromised account can commit fraud without setting off any external signals or signs of abnormal behavior. Public permission-less blockchains’ permanence makes it more difficult to correct the implications of a breach compared to traditional banks that can cancel transactions or make corrections after the fact. Hence, when an attack takes place beyond one account, expanding to a data warehouse managing access to all accounts, the potential damage can be costly if not monumental.
Several efforts have been made by many companies to minimize the risk of this security threat to their network. Popular among these are cold wallets — often in combination with HSMs (Hardware Security Modules). Unlike hot wallets which is Bitcoin wallet/applications that are online and connected to the internet for storing the private cryptographic keys that anyone who owns cryptocurrency needs to spend it; cold wallets are kept in cold storage — they are connected to the internet — this resists theft by hackers and malware making it difficult to compromise and is often a necessary security precaution especially when dealing with large amounts of Bitcoin.
Hardware Security Module (HSM) is a physical device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication, and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. HSMs are already broadly used by banks to secure and manage digital keys which makes them essentially impossible for unauthorized users to extract. However, they remain susceptible to endpoint vulnerabilities through methods such as social engineering, phishing, or real-world kidnapping or theft. Since the keys held by these modules are the only method of proving identity in a virtual network, they are of great significance and losses could potentially be more catastrophic.
On public permissionless blockchains, such as Bitcoin or Ethereum, if one person’s wallet or account is compromised, the threat is contained as no assets are at a risk outside of the victim’s possession and the malicious actor(s) can do as they please with the wallet and account but cannot go further. On a private permissioned blockchain — more likely used by enterprises, the risk could potentially extend beyond one account.
Consider a scenario where a malicious actor(s) gained access to the controls of a network operator. They could track and steal data of all activity on the network without raising any alarms. Having edit and write controls, they could start manipulating the network while masking their activity as the original operator. The malicious actor(s) could potentially onboard other fraudulent actors if this account had unilateral governance controls, thereby wreaking additional havoc on the network.
Even though a network maybe between trustworthy parties, security measures dictate controls and limitations be placed on all users. The importance of network design, access control, and authority balance on private networks cannot be overemphasized.
UNTESTED CODE
It has been proven over time and again that designing properly and testing codes at an early stage is less expensive than fixing a bug at release time.
Don’t ask a developer to write test codes for their program for they are not good testers by nature. This has been discussed exhaustively and extensively and main several reasons can be identified as to why this is true. Among those reasons include the fact that Developers are there to simplify complex problems. Also, they lack end-to-end knowledge and real-user perspective and mostly focus on a positive scenario. While the job of a tester is to figure out the worst-case scenario, find complexities, have end-to-end knowledge, and see everything from a real-user perspective.
At the speed at which new technologies enter the market, developers are incentivized to be the first to release applications or enter early with programs and applications that utilize those technologies. This often leads to the risk of deploying insufficiently tested code on these various technological platforms and in this case the blockchain technology. An infamous example of such is the DAO attack on the Ethereum network as stated previously.
Among start-ups and applications that quickly enter the market, the risk of untested code is common. However, given the decentralized and immutable nature of the blockchain technology, these risks by blockchain solutions are often of greater significance and impact. As blockchain solutions continue to be built and deployed by enterprises, standards and best practices for code review should be encouraged and an added emphasis to peer review and independent testing before new features and applications are released. There are initiatives now being employed by several enterprises to mitigate these risks — Hyperledger an open-source initiative to advance blockchain technology, governed by The Linux Foundation is detecting bugs and solving problems in its frameworks via its “Bug Bounty” program. Others like Zeppelin focus solely on the creation of secure smart contracts and have proposed secure coding and design principles that can be taken into consideration while coding business logic and smart contracts on top of any private blockchain.
Some would argue that the developer should test their code but a developer’s mindset is different from a tester’s mindset, therefore, a serious enterprise needs to employ a tester to ensure that the product their clients and users receive is properly tested.
ECOSYSTEM/THIRD-PARTY RISKS
Even though blockchain technology has proven secure to-date, the security of any blockchain application depends upon the entire ecosystem of the application. This will often include partnering with third-party solution provides, blockchain integration platforms, financial technology, payment processors and platforms, wallets, and smart contracts. To deploy third-party blockchain applications and platforms, an enterprise must be aware that the security of their blockchain solution is only as strong as its weakest link across all provided technology. Personnel vulnerabilities, a flawed code, and even porous system security can expose their users and clients blockchain credentials and data to unauthorized often malicious actors.
The specific security needs of each enterprise are different and often differ from public permission-less considerations. However, to avoid vendor or third-party related blockchain vulnerabilities, each participating partner in the blockchain ecosystem needs to be thoroughly vetted. Although experience and reputation are often key factors for vetting trusted partners, innovations across the blockchain ecosystem and the wealth of startups may mean the introduction of alternative factors, such as leadership team, code testing protocols, technical acumen, and more. As Gartner recommends — “Be cautious of over-optimistic vendor claims by evaluating the technical security aspects of blockchain platforms under consideration”.
CONFIDENTIALITY
Confidentiality is a set of rules that limits or protects access to data, objects, information, and resources from unauthorized viewing and other access. Making sure that only interested and authorized persons access the correct and appropriate data is the common concern for enterprises and organizations considering the use of blockchain applications today. In the confidentiality of blockchain technology, two things have to be considered — Network Access and Data Access & Disclosure.
Securing blockchain network access is fundamental to the protection of data access particularly on private permissioned blockchain. If a malicious actor can gain access to the blockchain network, they are more likely than not to gain access to the data, hence authentication, authorization, and account limitation controls need to be implemented. Originally, blockchain technology is public and permission-less but some blockchain solutions and applications are beginning to address data confidentiality and access control challenges by providing full block data encryption and authorization, authentication, and accounting capabilities by default. A fully encrypted blockchain means that while data is still in transit especially when flowing through untrusted networks, the data will not be accessible by unauthorized parties.
In a public permissionless blockchain, the chain protocols allow anyone to access and participate in the network, provided they first download the software, hence there is no necessity to control network access. In private permissioned blockchain, appropriate security controls are required to be in place to protect the network access. Security best practices recommend that secure access controls should be implemented directly at the application level, as it is the first and most important line of defense especially in a scenario where a malicious actor gains access to the local network or where a malicious insider is already present. Due considerations also have to be given to uncommunicative or intermittently active nodes as the blockchains need to continue functioning without them but must also be able to be brought back online and up to speed provided they continue or return to their original functions.
In comparison, public blockchains are like the internet, where enterprises and organizations can exchange and retrieve information with anyone who has access to a service provider. Private blockchains are like the intranet, where information is only shared and exchanged internally among those who have been authorized to access the site. For a wider adoption of blockchain technology by enterprises and organizations, implementation of security controls to provide authentication, authorization, and accountability have to be ensured and encryption to properly protect data access.
Full encryption of data blocks can be applied to data being transacted, doing this will effectively guarantee its confidentiality especially where the latest encryption standards are followed. Hence if a malicious actor gains access to a blockchain network and its data, he or she may not necessarily be able to retrieve the information. Only those with the right authorization to access the encrypted data through their private key can be able to decrypt and see the data. Encrypting data on a blockchain can provide an enterprise with a certain level of protection from a data confidentiality and data access control standpoint.
INTEGRITY
Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. It is a measure that protects information from unauthorized tampering and ensures that data is not altered while in transit. Integrity according to NIST is defined as “guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity”. Data encryption, hash computation — data digesting or the use of digital signing are some of the ways enterprise system owners can assure the integrity of their data, regardless of its stage — whether in transit, at rest, or in storage. Blockchain’s built-in characteristics such as immutability and traceability already provide enterprises with a means to ensure data integrity. Other things to consider when dealing with integrity include the right to be forgotten, smart contracts, and data quality.
Blockchain technology can be regarded as a secure technology especially when considering that it enables users to trust that the transactions stored on the tamper-proof ledger are valid. The combination of sequential hashing and cryptography as well as its decentralized architecture makes it very challenging for any party to tamper with it in contrast to a standard database. For enterprises using blockchain technology, this assures the integrity and truthfulness of data.
It is important to consider how the immutability of blockchain technology will fit side by side with data privacy laws. How enterprises will implement the right to be forgotten in a technology that guarantees nothing is erased will an interesting challenge but fortunately, multiple solutions are available. Among such solutions is the built-in encryption of personal information which ensures that forgetting the keys means the sensitive information is no longer accessible. Also focusing on the value of the blockchain to provide unalterable evidence of facts by writing the hash transactions to it, while the transactions themselves are stored outside of the system. This maintains the integrity of transactions while enabling the ability to erase the transactions, leaving only residual traces of the forgotten information in the blockchain ledger.
With blockchain technology, every transaction is digitally signed and timestamped before being added to either a public or private ledger, which means that enterprises can trace back to a specific time for each transaction and identify the corresponding party through their public address on the blockchain network. This built-in functionality of the blockchain technology is known as non-repudiation — an assurance that an actor cannot duplicate the authenticity of their signature on a file or the authorship of a transaction they originated.
Since every new transaction added to the blockchain results in a new iteration of the global state of the ledger, the previous state will be stored leading to a fully traceable history log, giving the technology audit capabilities and providing enterprises with a certain level of transparency and security over every iteration. From an Information Technology security standpoint, this ability provides extra reassurance that the data is authentic and has not been tampered with.
Smart contracts are a self-executing contract with the terms of the agreement between entities is being written directly into lines of code. This means that the code and the agreements contained in it exist in the ledger of a distributed, decentralized blockchain network. It can be used to facilitate, verify, or enforce rules between entities, allowing for straight-through processing and interactions with other smart contracts.
This ability of the blockchain also provides a large surface area for an attack — an attack on one smart contract could potentially have a domino effect on the other parts of the platform or other smart contracts. The necessity to employ secure development standards and practices — secure coding and security testing when implementing smart contract creation, testing, deployment, and management cannot be overemphasized.
Data quality is not guaranteed or improved by blockchain technology, but public and private blockchains need to take responsibility for the accuracy and quality of the information once it has been inputted into the blockchain. Provided the inputted data is accurate, blockchain technology can play a powerful role in transforming the data output as its applications near real-time capabilities and grants enterprises the ability to verify transactional data faster than any other system and facilitates more proactive actions. Enterprises must ensure their blockchain networks are secure for the inevitable transmission of data through them as this is undoubtedly a point of attack and entry for malicious actors.
AVAILABILITY
For an information system to be useful it must be available to authorized users. Availability measures ensure the rigorous maintenance of all hardware, performing hardware repairs immediately, and maintaining a correctly functioning operating system environment free from software conflicts, and providing uninterrupted and timely access to the system.
As the threats to availability continue to evolve and increase, availability countermeasures to protect system availability continue to improve and increase as well. Distributed denial of service (DDoS) is one of the most common types of these attacks, which also causes the most disruption to internet services and blockchain-enabled solutions and applications. There are several forms of this attack but their resulting implications are that the targeted internet service(s) gets disrupted, mobile apps become unresponsive, can generate an ever-increasing loss and cost to enterprises. Given the distributed and decentralized nature of the blockchain, DDoS attacks take on a different form — they become costly as they attempt to overpower the network with large volumes of small transactions or actions with disproportionately low gas costs as in the case of the recent Ethereum DDoS attacks. The built-in features of blockchain technology make it harder to disrupt but blockchain solutions need to provide adequate protection measures at both the network and application levels as a matter of necessity. Although resilient, decentralized blockchain solutions depend on high availability and DDoS attacks will remain a persistent and ever-present threat.
Blockchain technology has no single point of failure, this feature highly decreases the chances of an IP-based DDoS attack disrupting the normal operations of the network. Since all nodes maintain a full copy of the ledger at all times, taking down one node within the network does not affect data accessibility as it can still be accessed via other nodes. The distributed nature of the technology solves the Byzantine General’s problem of false consensus.
A blockchain network even though it is considered to have no single point of failure, enterprises could still face risks from external events outside of their control. For public, decentralized networks only a global internet outage would be able to disrupt its services as well as those of other technologies. Private, permissioned networks need to ensure that their network is sufficiently distributed globally and resilient with no single point of failure for continuous operation even in the event of a natural disaster or coordinated attacks.
Given that both public and private blockchain networks consist of multiple nodes, enterprises can make a node under attack redundant while business continues to operate as usual, due to the distributed nature of the blockchain technology. However, this does not mean that blockchain solutions and applications are completely operationally resilient as several of the attacks we discussed earlier and those not discussed in this paper have shown.
CONCLUSION
No information system can be considered to be 100% secure — given the lucrative nature of cybercrime and the ingenuity of criminals to seek new methods of attack. Although blockchains’ built-in features provide confidentiality, integrity, and availability but just like other systems, information security principles, standards, and security controls need to be adopted by enterprises using blockchain solutions within their technical infrastructure to protect them from external attacks.
Deciphering between the hype and reality of security threats to blockchain technology and blockchain applications is a necessary and major first step in the development lifecycle of blockchain solutions. This will ensure that security is embedded within each layer of the application. It is important to understand that blockchain technology is not a magic pill to solve data security, therefore, security principles should be relied upon to cover the entirety of a blockchain application or solution.
Deloitte cyber professionals suggest that enterprises follow their Secure, Vigilant, and Resilient (SVR) cyber approach which will not only support entities to remain secure but also become more vigilant and resilient to the evolving cyber threats. They believe that adopting this SVR approach to information security is a key step in helping leaders continue to drive performance at their enterprises.
Secure — means having risk-prioritized controls to defend against known and emerging threats.
Vigilant — means having threat intelligence and situational awareness to identify harmful behavior.
Resilient — means having the ability to recover from, and minimize the impact of cyber incidents.
REFERENCES
Blockchain-info-sec-p image: Anjum, Ashiq & Sporny, Manu & Sill, Alan. (2017). Blockchain Standards for Compliance and Trust. IEEE Cloud Computing. 4. 84–90. 10.1109/MCC.2017.3791019.
(n.d.). Accenture | Let there be change. https://www.accenture.com/_acnmedia/pdf-96/accenture-blockchain-technology-security-pov-digital
Hacker from the 2016 Bitfinex breach transfers $21M worth of bitcoin to unknown wallets. (2020, October 8). Bitcoin News. https://news.bitcoin.com/hacker-from-the-2016-bitfinex-breach-transfers-21m-worth-of-bitcoin-to-unknown-wallets
A timeline of the most infamous 51% attacks in crypto history. (2019, May 1). Honeyminer Blog. https://blog.honeyminer.com/timeline-of-51-attacks/
Cold storage. (n.d.). Bitcoin Wiki. Retrieved November 10, 2020, from https://en.bitcoin.it/wiki/Cold_storage
Hot wallet. (n.d.). Bitcoin Wiki. Retrieved November 10, 2020, from https://en.bitcoin.it/wiki/Hot_wallet
Blockchain. (n.d.). https://en.wikipedia.org/wiki/Blockchain
Hardware security module. (2005, December 20). Wikipedia, the free encyclopedia. Retrieved November 10, 2020, from https://en.wikipedia.org/wiki/Hardware_security_module
What is the CIA triad? (2020, April 7). WhatIs.com. https://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA
Smart contracts: What you need to know. (n.d.). Investopedia. https://www.investopedia.com/terms/s/smart-contracts.asp
Confidentiality, integrity and availability — The CIA triad — CertMike. (n.d.). CertMike. https://www.certmike.com/confidentiality-integrity-and-availability-the-cia-triad/
Taher, A. (2019, April 2). Don’t release untested code, hire a Tester first. Medium. https://blog.vanila.io/dont-release-untested-code-hire-a-tester-first-dce78ec7ea67
(PDF) Blockchain standards for compliance and trust. (n.d.). ResearchGate. https://www.researchgate.net/publication/320364955_Blockchain_Standards_for_Compliance_and_Trust
