If you have turned on the TV or been on the internet then most likely you have heard the term "Blockchain". As one of the hottest buzzwords in the tech industry today, it promises to open new ways of doing business and allows strangers to trust each other. In fact, blockchains are already doing these things and will only continue to increase in prominence and importance.
At the same time, it is essential to distinguish realistic projections from the hype and identify concerns that could hinder widespread adoption. One concern is security. There's a tendency to assume that any blockchain implementation is automatically secure. Blockchains do have special security features going for them; however, as with anything, the truth is more complicated.
Blockchain in Brief
Blockchains have several distinguishing security features:
- Multiple copies exist on independent servers, with some form of consensus keeping them synchronized.
- Cryptographic signatures guarantee the authenticity of the content, making undetected changes impossible.
- The signatures prevent repudiation of the content; its source and time of creation are firmly established.
- “Smart contracts” automatically enforce agreements
- Nothing is ever deleted. New blocks can override old ones.
There are public and private blockchains. Public blockchains can be viewed by anyone and, in most cases, anyone can become an active participant and add data to the chain. On the other hand, private blockchains restrict access to only allow authorized parties to view and edit the chain.
Public blockchains can hold encrypted data, so their content is not necessarily available to everyone. Private ones almost always encrypt their content, so that data thieves cannot destroy their security simply by gaining a copy. They also have a procedure for approving new users. Most of what you hear in the news is around public blockchains for digital currencies; however, for business purposes, it is the private blockchain that is being adopted with the ability to restrict the data to approved participants.
The CIA Model
A useful way of looking at blockchain security is the CIA (confidentiality, integrity, availability) model.
Confidentiality is the protection of information from unauthorized access. Private blockchains provide two-layer protection with access controls and encryption. Both parts need to be implemented well for the blockchain to be successful.
In principle, encryption is sufficient protection for data if no one can break it. However, nothing in security is perfect and the threat landscape is constantly evolving. Even without decrypting the data, traffic patterns could provide valuable information to attackers. Serious blockchain cybersecurity requires strong protection against access to the data, even in encrypted form.
Application-level controls are a key part of protection. The user applications and the APIs which they use are potential weaknesses. Anyone who gets application-level access and can impersonate an authorized user may just maneuver past the encryption and get whatever data the app is designed to deliver. Developers need to test the application code to find and eliminate any security holes.
The existence of multiple copies of the blockchain increases the attack surface. Someone trying to gain access to the blockchain can try all the sites where it's stored. One site might have weaker protection than the others.
Integrity is the protection of data from unauthorized changes or deletion. This is where blockchains are especially strong. Data cannot be deleted, at least not without subverting the entire blockchain design and somehow going unnoticed in the process. Altering a block would make it fail cryptographic signature validation, which would make all other nodes on the network reject the change.
Again, application-level risks are the main concern. An intruder who can break application security could create false entries in the blockchain and have them appear to come from an authorized user. This would cast doubt on the authenticity of all that user's entries.
Availability is the freedom from disruptions and delays in service. Denial-of-service (DoS) attacks aim at reducing or destroying a service's availability. The distributed nature of blockchains gives them extra protection against DoS attacks, since an attacker would have to hit multiple nodes simultaneously to have a significant effect. There is no single point of failure.
Still, attacks on availability are possible. If the consensus algorithm is poorly designed, attacks intended to slow down the confirmation process might be effective. A DoS attack that affected a large part of the Internet would have an impact on blockchains.
The term "smart contract" really means just software attached to the blockchain, which automatically runs under specified conditions. They allow the automation of processes and guarantee that a given transaction will take place when, and only when, the preconditions are met.
Like any software, smart contracts can have bugs, and deploying them in high-stakes situations carries a lot of risk if they do. They're designed so that no party to a transaction can unilaterally change them, which makes fixing mistakes hard.
As an example of this, in 2016, a bug in the Solidity language (the programming language used to write the code underpinning the Ethereum blockchain) was discovered. While not related to a specific smart contract, this shows that the risks are real and already being discovered. The bug has been fixed; however, only time will tell if anyone was able to exploit it.
The assumption that a certain party added a block rests on the confidentiality of the cryptographic key, the digital signature verifying the user that made the change. If someone were to gain access to the key and have access to the blockchain's API, they could add blocks as if they were the authorized user. Depending on the blockchain, they could transfer funds, report a shipment, authorize release of information, or do any number of other security-critical actions.
As blockchain cybersecurity grows in importance, thieves will undoubtedly focus on ways to steal keys to illegally sign as the authorized party. One of the simplest ways could be to steal a device which is likely to contain a key and pull the information out of it (think laptops, tablets, and phones).
Protecting devices against exploitation by attackers will diminish this risk. Full-device encryption is one way to do it. Another is to enable remote erasing of any stolen device which holds blockchain keys. In addition, there should be a mechanism for revoking keys that have been compromised. Standard public-key infrastructure (PKI) technology allows for creating and revoking any number of keys for a given identity. Once a key is revoked, it becomes useless for accessing data on the blockchain.
Blockchain technology provides excellent security features. Being distributed, it is more resistant to tampering and DoS attacks. In exchange, it is harder to protect against unauthorized access than a data store that resides at just one location. Data encryption, access controls, and application-level security can keep the risk of compromise down.
Stolen devices or application bugs could allow someone to impersonate an authorized user. Security policies and system design need to take this risk into account and safeguard against it. Smart contracts could help by monitoring the blockchain for suspicious patterns and reporting them to information managers and the affected users.
The value of blockchains to business guarantees that criminals will devise new ways to attack them, including ways not even thought of yet. New technology brings new risk. These risks should not discourage businesses from adopting the technology; however, it means you must ask the right questions and engage in the proper offense-oriented security testing to make sure the systems you choose remain cyber-resilient.