Blockchain security overview
Introduction
Despite being over a decade old, blockchain has only really taken off within the last few years. During this time, it has moved from a fad to the subject of serious research by a number of organizations, including everything from startups to large tech companies to governments.
The primary goal of this research is to use blockchain as a distributed, immutable digital ledger for different applications. However, for this to be possible, it is essential for people to be able to trust in the security of the digital ledger.
Learn Blockchain Security
The blockchain security ecosystem
Like most modern technology, blockchain is not a monolith. It is composed of multiple different layers, each of which contribute their own benefits and security concerns. Understanding how each level works — and the security assumptions that it makes — is essential to an understanding of the system as a whole.
Blockchain fundamentals: The building blocks
At the base layer, blockchain technology is composed of data structures and cryptographic algorithms. The “blocks” that make up a blockchain are designed to store information, including the actual transactions and additional metadata. The “chains” of the blockchain use cryptographic hashes to tie blocks together, making them much more difficult to modify after the fact.
At this level, blockchain security boils down to the security of the cryptographic algorithms in place. Blockchain relies heavily on public-key cryptography and if these algorithms are secure (and used correctly), the base layer of the blockchain is secure.
Blockchain consensus: Getting everyone in agreement
One of the major benefits of blockchain technology is the ability to implement a fully decentralized digital ledger. In order for this to be possible, a mechanism must exist to ensure that all parties agree on the current state of the ledger (the transactions contained in each block).
This is the job of blockchain consensus algorithms. No consensus algorithm is perfect and security is mapped to economic principles such as supply and demand. In general, these principles protect blockchains against attack; however, consensus algorithm security falls apart at a certain level, and the most common consensus algorithms have weaknesses that can be used to give an attacker a slight advantage in taking over a blockchain network.
Blockchain in action: Nodes and networks
The first two layers of the blockchain stack hammer out the theory of blockchain technology. In theory, a blockchain platform can run over any communication system (including courier pigeon); in practice, it is implemented on computers and via the internet or private corporate networks.
Because a blockchain network is essentially software running on a set of computers connected by peer-to-peer networks, it is vulnerable to a range of traditional cyberattacks. Attacks targeting the computer running the software or “node,” such as malware or phishing attacks, can compromise a user’s account and potentially impact the network as a whole. An attacker can also target the network infrastructure that a blockchain network relies upon, which can affect the functionality and security guarantees of the blockchain itself.
Smart contracts: Programs on the blockchain
The original blockchain protocol, Bitcoin, was designed solely to process and store financial transactions. While it has limited scripting capabilities, it was deliberately not Turing-complete. This limits the types of programs that can be implemented on the platform.
Smart contract platforms, like Ethereum, are designed to enable the creation of Turing-complete programs that run on the blockchain. These programs are associated with accounts on the blockchain network and are called via transactions that contain code to be executed. Each node in the blockchain network executes the same code and updates the state of the blockchain in the same way, maintaining consistency across the network.
The addition of programs that run on top of the blockchain network introduces new potential security risks on the blockchain. These programs run in virtual machines, which may have security flaws. Additionally, smart contract developers accustomed to writing code for traditional computer systems may make assumptions or errors that introduce exploitable vulnerabilities into their applications.
Beyond the basics: Alternative architectures and advanced cryptography
Blockchain is the original distributed ledger architecture and Bitcoin is the original blockchain. While this architecture and implementation are impressive and have been applied to a number of use cases, they are not perfect. In particular, Bitcoin has issues with scalability, transaction speed and data privacy.
Using the blockchain architecture and Bitcoin protocol as an inspiration, additional distributed ledger architectures, second-layer protocols and applications of advanced cryptographic algorithms have been used to address some of these limitations. However, these modifications to the distributed ledger protocol can introduce unique security concerns and attack vectors. Understanding how changes to the protocol affect its threat surface is essential to securing these new distributed ledgers.
A systematic approach to blockchain security
The blockchain ecosystem is composed of multiple different layers that include everything from cryptographic algorithms to computer systems to protocols built on top of a blockchain base. This complexity makes it difficult to discuss the security of a blockchain protocol as a whole, but by examining each layer independently, it is possible to apply existing cybersecurity threat modeling frameworks such as STRIDE to create a blockchain-specific threat model.
This structure is invaluable when analyzing the security of a blockchain system. Classification of threats based upon impact and blockchain layer promotes understanding of existing attack vectors and supports discovery of new ones in an attempt to fill in the gaps.
Sources
How Bitcoin's Peer-to-Peer Cash System Was Revealed 11 Years Ago, Bitcoin.com
The STRIDE Threat Model, Microsoft
Learn Blockchain Security
Threat Modeling for the Blockchain, Howard's Blog
Learn Blockchain Security
Build your blockchain security skills with five courses covering security at each level of the blockchain ecosystem. What you'll learn:- Blockchain structure
- Cryptographic algorithms
- Blockchain attacks
- Smart contract security
- And more
In this Series
- Blockchain security overview
- Rise of cryptocurrency attacks: Inside dark web investigations
- Decentralized identifiers (DIDs) and blockchain: The silver bullet for online privacy?
- Cryptocurrency Enforcement Framework: Impacts on digital forensic investigations
- Blockchain and hash functions
- What are smart contracts?
- Introduction to blockchain consensus algorithms
- Advanced cryptography in blockchain
- Blockchain alternative distributed ledger architectures
- Ethereum vulnerabilities and smart contracts
- Attacking the blockchain network
- Proof of work in consensus algorithms
- Targeting the blockchain node
- Public-key cryptography in blockchain
- Hash functions in blockchain
- Blockchain structure
- Blockchain: Beyond the basics
- Blockchain security: Can blockchain be hacked?
- Consensus algorithm security
- Fundamentals of blockchain security
- Taking an Identity Selfie – Self-Sovereign Identity and the Blockchain
- Blockchain Vulnerabilities: Imperfections of the Perfect System
- Security vulnerabilities of cryptocurrency exchanges
- The End of Bitcoin Ransomware?
- Bitcoin May Turn from Cybercriminals’ Biggest Asset into Their Biggest Liability
- What is Bitcoin?
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Blockchain security
Rise of cryptocurrency attacks: Inside dark web investigations
Blockchain security
Cryptocurrency Enforcement Framework: Impacts on digital forensic investigations
Blockchain security