Blockchain Security Revisited
Do not assume that the integrated security of blockchain technology is sufficient for your business. Here are seven concerns to be evaluated.
Since its inception, blockchain has been publicized for its security features. Security is assured by a series of functionalities, based on the distributed nature, immutability, verifiability and cryptography, as explained in a previous article "Implications on the safety of Blockchain".
These characteristics, in fact, provide the basis for a secure and unalterable accounting record. However, as the blockchain becomes increasingly important for business, its security can not be taken for granted.
As with many security issues, the devil is in the details. Real security depends very much on the implementation. With anything promoted as a panacea, there is a tendency to assume that the solution will provide all its magic outside the box. However, blockchain can be complicated due to the large number of possible settings and each feature of the system can have independent or aggregated security implications. Bitcoin and Etherium, for example, have both experienced significant hacking incidents that revealed inherent weaknesses in the safety of the blockchain to be understood. In addition, security experts have been working to examine the surrounding – technical and organizational environment – of the implementation of the corporate blockchain.
Blockchain is based on intelligent contracts distributed as a chain of data to all the nodes of the network. The addition of new blocks requires the authorization and verification, which is provided by Bitcoin through "mining" using a work trial concept with verification of at least 51% of the nodes on the network. Blockchain private networks use other methods, but distributed verification and permission are an essential element of blockchain security.
Blockchain also uses public-key cryptography to ensure security, adding potential vulnerabilities due to system characteristics such as the need to store keys where they could be discovered. Finally, blockchains exist within the general security environment of the company, so it may be necessary to modify certain security practices to ensure that the registry can not be violated by increasingly sophisticated attackers.
Specific problems to consider include:
- Selective block authorization. Many companies will have to assign different permissions for different blocks in a blockchain. Bank of America recently patented its process, noting in the patent that "there is a need to develop systems … that manage control over resource blocks".
- Data quality. Blockchain does not guarantee the quality of stored data. With its permanent nature and the difficulty of altering blocks, mistakes could live forever. Such errors could compromise other data-based systems.
- Situational inadequacy. Blockchain solutions incorporate a mix of algorithms and practice. If this mix does not meet a company's security needs or compromises security features, significant vulnerabilities can be developed and exploited.
- Network interruption. Network outages can be caused by conventional and blockchain-specific exploits such as node spoofing (pretending to be a legitimate node). Such attacks can disrupt consent protocols, prevent verification, and combine them with other attack vectors.
- Theft of the cryptographic key. A key component of many blockchain schemes is public key cryptography. Keys can be stolen from online portfolios, other network locations, mobile devices and other storage to compromise the system or gain full access.
- Network scale. Networks that are too large may allow DDoS exploits that affect consent through verification latency (some nodes are unable to participate, resulting in an inability to verify requests). Transactions may be too slow and many quick transactions may confuse the protocols. Networks that are too small, like private networks, open the possibility of controlling more than half the nodes and defeating the safeguards.
- Supplier platform. Software vendors and external software vendors can provide sophisticated blockchain platforms that take care of implementation complexities. However, the compromise is that their internal operations are often misunderstood, potentially leading to hidden security issues.
These are just some of the problems that a business needs to take into account to ensure the safety of the blockchain. There are large differences in how the implementations work, not only in the specifics of the technology, but also in the general security environment of the company. These concerns must be considered carefully, but the good news is that everyone can be solved.
Implement wisely to protect well
Blockchain is an excellent technology to ensure a high level of security for a distributed ledger. As with any security, however, technology is surrounded by technical and social elements that can not be ignored. Security always involves some compromises, and this is true of blockchain. Determining the best choice requires consideration of the whole surrounding environment and the company's security priorities. Decisions must be carefully assessed, especially where decisions could affect the accessibility of data, compliance with regulations or verifiability.
Blockchain has gone through his initial generation of promises, hype and experimentation. It has been considered and applied to countless situations. Now is the time to move on to the next generation where the specific details of the technology and their impact are considered more carefully. Security will be one of the most important problems.
Brian J. Dooley is an author, analyst and journalist with more than 30 years of experience in the analysis and writing of trends in the IT. He has written six books, numerous user manuals, hundreds of reports and over 1,000 magazine features. You can contact the author at [email protected]