Blockchain Security Concerns and Un-Concerns
Interest in blockchain has skyrocketed, with many believing the technology to be as transformational as the Internet itself. Blockchain’s promise boils down to two related propositions: first, that it can enable vast decentralized populations to collaborate and transact business; second, that it can do so securely.
The internet already delivered on the first part of the promise to enable collaboration and transactions. But for lack of a built-in trust layer that everyone can use, Internet business models have concentrated value in centralized e-commerce systems where breaches abound. By building in strong security features from inception, blockchains promise to provide the missing Internet trust layer. But do they deliver?
Blockchain Security: The Promise
Blockchains are various forms of digital ledgers that record and distribute transactions with strong data integrity, availability, and cryptographically-protected immutable records. Blockchains can also be used to provide a source of truth, data provenance, transparency, or accountability for the users and business communities that rely on them. In a word: trust.
Different kinds of blockchains exist. Some public blockchains, like Bitcoin’s, are extremely decentralized. So-called enterprise blockchains, such as the R3 Corda, can restrict membership to a smaller set of nodes, such as those operated by banking consortia.
Blockchain Security: A Mixed Reality
The figure at the top of this post summarizes some security concerns and un-concerns for blockchains. For the sake of this discussion, let’s assume that most blockchains – public, private, or hybrid – are if not completely decentralized at least highly distributed. Reliance on trusted intermediaries and centralized databases is eliminated, or significantly reduced. If blockchains work as designed, some security concerns are reduced or removed.
Caveat: We realize we’re just scratching the surface by listing only 3 concerns and 3 un-concerns. However, we felt it was best to keep the list simple and minimal to get a clean contrast that wouldn’t devolve into nitpicking. Because there are pleny of other considerations – such as privacy – which can be either a concern or un-concern depending on the context. We’ll have brief notes on privacy and on insider risk at the end of this post.
Blockchain Security Un-Concerns
The first thing security pros need to understand is that although decentralized blockchains can be analyzed within today’s security architecture frameworks, they still change the game. Although there may be nothing new under the security sun, that sun rises and sets over both day and night – which may be the scale of difference we’re seeing here.
- Vulnerable Centralized Systems: Conventional Internet commerce relies on centralized databases, authentication systems, and administration teams. This breach infographic chronicles an incredible series of breaches usually due to “weakest link” attacks. Although blockchain-based ecosystems such as Bitcoin’s aren’t completely decentralized – there are still exchanges, or other points where value concentrates – users are empowered to protect value in wallets they individually control. By design, the blockchain protocol protects itself.
- Transaction Integrity: Blockchains leverage strong cryptography to time stamp, sign transactions, and link blocks of transaction records together. Once inscribed, transactions can’t be altered, removed, or reordered. Neither can audit or provenance information affixed to records. These characteristics of blockchains create new opportunities for transparency and accountability.
- System Availability: Large public blockchains are almost as available as the Internet itself. They’re extremely resistant to DDOS attacks, or efforts by governments or criminals to shut them down.
Blockchain Security Concerns
If the security sun sets on centralized systems, and rises on a brave new decentralized blockchain-powered world, the light of dawn will uncover a new set of risks.
- Bleeding Edge Protocols: Public blockchains are typically powered by cryptocurrency used to incentivize decentralized system maintenance (such as block validation) and discourage spamming or other misbehavior. The integrity of the blockchain also relies on participating nodes coming to consensus on the validity of each block added. Computational proof of work and other consensus mechanisms, such as proof of stake or proof of holding, are complex. Some are vulnerable to 51% consensus attacks, or other exploits still undiscovered. Additionally, cryptography is everything to blockchains, and not all are quantum-safe. All bets are off if the protocols fail.
- High Error Rates: The industry faces a steep learning curve implementing hundreds of new protocols, smart contract mechanisms, gateways, exchanges, and myriad novelties which – by the way – must be integrated successfully with existing systems. Whole books (and at least one other post from us) will be written about this. For now, it suffices to say that fortunes have been lost due to a series of cryptocurrency exchange hacks and smart contract bugs. November 2017 saw a case where an Ethernet newbie “suicided” a Parity multi-sig wallet used in a library smart contract, deleting its code and freezing between $150 and $300 million in tokens. The private keys to an estimated 5 million bitcoins – representing about $57 billion in value today – are also reported to be irrecoverably lost. Regulations are coming in jurisdiction after jurisdiction and whether they get it right or wrong, regulations create business risks.
- Gaming the System: Blockchain and cryptocurrency users, businesses, and hackers are playing for high stakes. The industry has already seen Ponzi schemes, fraudulent Initial Contract Offerings (ICOs), and other scams. In 2016, approximately $50 million Ether were taken from accounts in a venture capital fund called The DAO by cleverly exploiting logic errors in the smart contract code. Crooks and unethical persons will continue to find ways to use technology to cheat and steal from others, potentially by introducing malicious logic into blockchain-based smart contracts.
Privacy is a Mixed Bag
To the uninformed, some blockchains support privacy by using only numeric addresses as the account identifiers. Unfortunately, although the addresses may be anonymous by themselves, over time most blockchains generate a lot of information that any good analytics system can correlate to re-identify users, and by design that information can never be deleted. This being said, some blockchains such as the Monero cryptocurrency’s and the Sovrin Foundation’s have put a lot of effort into mechanisms to protect anonymity or pseudonymity. That’s why, when it comes to privacy and blockchains, it just depends on the context.
Insider Risks Change
The risk of business insiders with decision making powers and access to large account balances will never go away. However, decentralization reduces the havoc system administrators can wreak on public blockchains. Insider risk will shift from system administrators to developers: Think of what interesting things attackers could do with a Bitcoin or Ethereum core developer’s Github account! Open source communities must be vigilant.
Organizations approaching blockchains must be sure to understand the changing nature of blockchain risk. Contact us if you are interested in conducting a workshop to bring your team up to speed, or to perform an assessment.