Blockchain Security Overview
Despite being over a decade old, blockchain has only really taken off within the last few years. During this time, it has moved from a fad to the subject of serious research by a number of organizations, including everything from startups to large tech companies to governments.
The primary goal of this research is to use blockchain as a distributed, immutable digital ledger for different applications. However, for this to be possible, it is essential for people to be able to trust in the security of the digital ledger.
The blockchain security ecosystem
Like most modern technology, blockchain is not a monolith. It is composed of multiple different layers, each of which contribute their own benefits and security concerns. Understanding how each level works — and the security assumptions that it makes — is essential to an understanding of the system as a whole.
Blockchain fundamentals: The building blocks
At the base layer, blockchain technology is composed of data structures and cryptographic algorithms. The “blocks” that make up a blockchain are designed to store information, including the actual transactions and additional metadata. The “chains” of the blockchain use cryptographic hashes to tie blocks together, making them much more difficult to modify after the fact.
At this level, blockchain security boils down to the security of the cryptographic algorithms in place. Blockchain relies heavily on public-key cryptography and if these algorithms are secure (and used correctly), the base layer of the blockchain is secure.
Blockchain consensus: Getting everyone in agreement
One of the major benefits of blockchain technology is the ability to implement a fully decentralized digital ledger. In order for this to be possible, a mechanism must exist to ensure that all parties agree on the current state of the ledger (the transactions contained in each block).
This is the job of blockchain consensus algorithms. No consensus algorithm is perfect and security is mapped to economic principles such as supply and demand. In general, these principles protect blockchains against attack; however, consensus algorithm security falls apart at a certain level, and the most common consensus algorithms have weaknesses that can be used to give an attacker a slight advantage in taking over a blockchain network.
Blockchain in action: Nodes and networks
The first two layers of the blockchain stack hammer out the theory of blockchain technology. In theory, a blockchain platform can run over any communication system (including courier pigeon); in practice, it is implemented on computers and via the internet or private corporate networks.
Because a blockchain network is essentially software running on a set of computers connected by peer-to-peer networks, it is vulnerable to a range of traditional cyberattacks. Attacks targeting the computer running the software or “node,” such as malware or phishing attacks, can compromise a user’s account and potentially impact the network as a whole. An attacker can also target the network infrastructure that a blockchain network relies upon, which can affect the functionality and security guarantees of the blockchain itself.
Smart contracts: Programs on the blockchain
The original blockchain protocol, Bitcoin, was designed solely to process and store financial transactions. While it has limited scripting capabilities, it was deliberately not Turing-complete. This limits the types of programs that can be implemented on the platform.
Smart contract platforms, like Ethereum, are designed to enable the creation of Turing-complete programs that run on the blockchain. These programs are associated with accounts on the blockchain network and are called via transactions that contain code to be executed. Each node in the blockchain network executes the same code and updates the state of the blockchain in the same way, maintaining consistency across the network.
The addition of programs that run on top of the blockchain network introduces new potential security risks on the blockchain. These programs run in virtual machines, which may have security flaws. Additionally, smart contract developers accustomed to writing code for traditional computer systems may make assumptions or errors that introduce exploitable vulnerabilities into their applications.
Beyond the basics: Alternative architectures and advanced cryptography
Blockchain is the original distributed ledger architecture and Bitcoin is the original blockchain. While this architecture and implementation are impressive and have been applied to a number of use cases, they are not perfect. In particular, Bitcoin has issues with scalability, transaction speed and data privacy.
Using the blockchain architecture and Bitcoin protocol as an inspiration, additional distributed ledger architectures, second-layer protocols and applications of advanced cryptographic algorithms have been used to address some of these limitations. However, these modifications to the distributed ledger protocol can introduce unique security concerns and attack vectors. Understanding how changes to the protocol affect its threat surface is essential to securing these new distributed ledgers.
A systematic approach to blockchain security
The blockchain ecosystem is composed of multiple different layers that include everything from cryptographic algorithms to computer systems to protocols built on top of a blockchain base. This complexity makes it difficult to discuss the security of a blockchain protocol as a whole, but by examining each layer independently, it is possible to apply existing cybersecurity threat modeling frameworks such as STRIDE to create a blockchain-specific threat model.
This structure is invaluable when analyzing the security of a blockchain system. Classification of threats based upon impact and blockchain layer promotes understanding of existing attack vectors and supports discovery of new ones in an attempt to fill in the gaps.
The STRIDE Threat Model, Microsoft
Threat Modeling for the Blockchain, Howard’s Blog