Security Challenges of Blockchain
The cyber attacks on banking and finance industry are increasing. We have witnessed the hacking of SWIFT network and payment gateways for stealing consumer data. Despite every effort of cyber security defense teams, the hackers can materialize the attacks.
Just after two months of the economy crash in 2008, cryptocurrencies like Bitcoin, Ripple, Quark etc. became popular, and the backbone of these currencies is Blockchain. In this article let us discuss what Blockchain is? How does it work? What are its strengths? And how safe it is?
Blockchain — What is it?
As stated above Blockchain is the technology behind the cryptocurrencies. It is distributed, censuses driven, and peer-to-peer ledger of digital asset ownership. Asset owners can initiate the transaction for generating, validating and recording the ownership of digital assets.
Each Blockchain transaction is confirmed in approximately 10 minutes, and the transaction data is called “Block”. The Block is linked sequentially to the reference of the previous block. The interconnected computer or nodes process this transaction is Chain. Each interconnected node has a current copy of Blockchain.
Following diagram depicts the Blockchain network data and how transactions are linked and encrypted using hashing.
Blockchain implementation comes in two versions, public and private, general purpose and crafted to a specific solution, Open source and custom-made.
Usage and Benefits
The Blockchain is prominently used in the financial industry. Blockchain performs a role of trusted intermediator, as a payment processor, tread finance partner, broker, dealer or custodian of digital assets transactions.
Apart from the financial industry Blockchain can be used for storing digital content/documents, authentication & authorization, digital identity, real estates, and digital contacts.
There are various benefits of Blockchain, first and most important is, Blockchain eliminates the need of third party witness or validation when two parties are exchanging digital assets. Users can trust the integrity of transactions because they cannot be deleted or changed.
Tamper proof transactions, transparency and reducing clutter are few more advantages of Blockchain public ledger.
Security Strengths and Weaknesses
Every transaction in Blockchain is encrypted and timestamped. Once the transaction is initiated, the first node in the chain verifies the transaction using Blockchain computational software which can understand the complex encryption. After the verification, each transaction is added to the Blockchain as a Block with reference to the previous Blockchain as depicted in above diagram. These transactions are mutable. This whole process maintains the integrity of the data.
Blockchain uses the Ericsson Data Centric Security. This solution is unique because of the way the blockchain is securely created and processed every second. Since each root hash is time-stamped and cryptographically interlinked with the previous time slot hash value, the digital blockchain ledger becomes immutable for backward changes in time, and for another general tampering.
Blockchain uses SHA2–256 cryptographic algorithm, which is one of the strongest algorithms and if you want to decrypt it, quantum computing with current technology needs 2 to 128th power computing running simultaneously.
With all above features, Blockchain seems to be secure and safe from cyber-attacks.
However, Security of Blockchain is a myth. The targeted attacks like BitFinex where 120,000 units of bitcoins, worth of $72million were stolen. Once cryptocurrency is stolen, it is difficult to trace and prove the ownership of it.
The BitFinex was first attacked in Aug 2016 and it made the entire system frozen for few hours. This year 2017 again the BitFinex was attacked with DDOS, this time the attack hampered the user experience, the users who want to continue transactions were made to submit them to DDOS protection service which BitFinex has subscribed.
One specific attack term in the case of cryptocurrency is “51% attack”. In this attack, if any entity in the chain able to gain a control of 50% or more computational power than nobody else will able to use the make any transactions, it is as if your bank account is frozen. The attack can cause:
- Reverse transaction attacker has made when he is in control. This can be possibly double spend transaction
- Prevent some or all transactions getting confirmed
- Prevent some or all transactions mining any blocks
This demonstrates that there are some inherent security concerns. Network security is the weakest link in the chain.
The hackers are always ahead of the security defense teams. It is predicted by Interpol that, Blockchain can be used for re-purposed to export malware.
There are no regulatory guidelines or standards defined for Blockchain. This is an another blind spot in terms of security.
Storing cryptocurrencies is another critical challenge to be considered.
Impact on Cyber Security Architecture
Since the perimeter is getting dissolved in Blockchain and all data is visible to all the Blockchain users. This is when the network security at the edge to an endpoint or the node level becomes more important. This can be done either at ISP level or the level of organizations security architecture.
The integrity of the transaction is taken care by the Blockchain and hence confidentiality and availability are the main areas where cybersecurity team needs to concentrate.
The government needs to define guidelines, standards and, regulatory compliance requirements for implementation as well as operations.
The current implementation of Blockchain which is majorly private within organizations and that keeps hackers at bay to experiment, And hence the attack vectors and attack type are yet to be visible.
Blockchain technology is still in infancy stage, coming years will decide the security and regulatory requirements.