After declaring Cable's entry into last year's blockchain, the consortium stands out for all the ways technology can be compromised
Eight months after declaring that the cable had entered boldly in what many consider "the most significant technological innovation since the dawn of the Internet", CableLabs has published a list of all the ways in which blockchain security can be compromised.
According to Brian Scriber, chief security architect for the cable industry consortium, CableLabs' Security Technologies team monitored attacks on blockchain networks and various compromises for several years. Key risk groups and security considerations in blockchain projects were identified, some of which Scriber listed in the org last blog post.
> Smart Contract Injection – No, it's not as sexy as it sounds. "The intelligent contract engine is an interpreter for a programming language (sometimes new) and a data analyzer related to the decisions that the engine must take," explained Scriber. "The danger in this situation is when the executable code appears inside of smart contracts in an attempt to subvert the language or data of the contract Implementers must consider the possibility to disinfect input for smart contracts, correct analysis and error handling . "
> Replay attacks – "Not only is there a threat in the processing and validation of transactions, but also in the behavior of the nodes, in the authentication and in the protection of confidential messages", wrote Scriber. "The addition of nonce for verification over previous transactions is crucial."
> History Revision Attacks – "Blockchains that rely on fault-tolerant patterns of consent do well when there are many participating nodes that process, compete and collaborate on the next block," said Scriber. "When the number of nodes decreases, or if there is a predictable cyclic behavior, the calming periods can be exploited in a chronological revision attack in which a new branch is created, effectively eliminating a previously accepted transaction. they should consider how best to guarantee minimum support and diversity of nodes. "
> Permanent poisoning – "Due to the permanence of blockchain and the cost of the fork, it is possible to sabotage a chain with even illegal content claims to attract the lawmakers and order forces," said Scriber.
> Loss of confidential information – According to Scriber, "permanence increases the risk of extrapolating data out of the chain, even encrypted data is at risk of future threats against those algorithms or brute force attacks, designers must ensure that they understand the stored data, how they are protected who owns them and how they could be re-associated with any pseudonymised user. "
These are just some of the attacks listed by Scriber.
In particular, the publication arrives only a few weeks after Comcast and Charter announced a partnership with Viacom to build a blockchain-enabled addressable advertising exchange.