There’s a lot of talk about blockchain and cyber security, but the articles published in this respect tend to be broad generalisations with little to no specifics on what security in the blockchain actually entails. I propose to take a more in depth look at the specifics of cybersecurity and how it applies to the blockchain.
By Definition:
A blockchain is a list of records that grows as completed blocks are added to it. These blocks are joined to one another securely through cryptographic techniques. Each block added to the blockchain includes data from the previous. The information included is a record of the transaction, the timing and a cryptographic hash. The data is stored chronologically, and it is very difficult for the data to be altered in any way. This means that it becomes a permanent store of the data in an open, distributed ledger. The data within is also verifiable. Making the blockchain into a distributed ledger is achieved using a peer to peer network. This group agrees on how communication is achieved between nodes, and how new blocks are validated. From the point when the data has been recorded it is not possible to change it without changing all the blocks that went before it, and this would require the majority of the peer to peer network to be involved.
In definitions blockchain is usually explained as being “secure by design”. This is at least in part due to their tremendous complexity. This leads to concurrence that decentralised consensus is delivered. Overall, this has led to potential being identified for blockchain to record numerous transactions and data. It is considered useful in the areas of record keeping, transaction processing, voting and identity management, among others. Decentralised consensus has therefore been achieved with a blockchain.
Blockchain originated in 2008 when it was invented for use in bitcoin, a cryptocurrency. Its inventor, Satoshi Nakamoto devised it in such a way that there was no need for a centralisation.
The often-repeated mantra that “Blockchains are secure by design” is not entirely correct. First there are many different types and implementations of blockchains with different security characteristics and very specific goals. Secondly, blockchains are in reality networks and even protocols, so they are subject to the same attacks suffered daily by millions of regular networks on the internet, like DDoS attacks which flood the network with so much traffic that it brings it to a screeching halt. Besides the classic problems with network security, blockchains have the added requirement to protect against 51% attacks where some actor manages to take over the blockchain by harnessing more than 50% of said blockchain’s hashing power (and thus create their own “fake” chain, double spend already spent BTC, and other nasties).
Thus, we can already see that the sweeping “secure by design” belief is false. One need to only consider the various 51% attacks that many cryptocurrencies suffered this year, wiping many of them out forever. Those cryptocurrencies were using blockchain, yet they were not secure against powerful rogue actors. They included well known cryptocurrencies such as BitCoinGold, Verge, Monacoin and Electroneum. Blockchain security, like cybersecurity, is a very broad topic and one needs to dig into the specifics of a particular blockchain and what its threat model is before stating with any confidence they are secure and what that actually means.
Blockchain itself is no silver bullet that automagically secures everything. It is a promising technology made up of different components that are all subject to the same cybersecurity considerations of any non-blockchain digital system. We can conclude that protecting a blockchain against security threats is no different than protecting non-blockchain projects, with a few caveats that are very specific to blockchain as already highlighted above. Let’s take a brief look at how we apply cybersecurity to classic (non-blockchain) computer systems and the implications for blockchains.
In classic Information Security theory, security can be measured through three distinct components: Confidentiality, Integrity and Availability.
1. Confidentiality
Ironically, it is the confidentiality property of security that poses the greatest challenge to blockchains. Normally, a secure system would protect the content of data or communications from unauthorised prying eyes. An example of this confidentiality property in cybersecurity is the use of encryption to protect the content of communications so only authorised recipients can decrypt the message and read the content. Now blockchains, or at least the public permissionless ones like Bitcoin, are usually based on a model of total transparency of all transactions on the public ledger (blockchain). Anyone, anywhere can explore the Bitcoin blockchain and see everyone’s transactions going back and forth. Many laymen (especially in the media) will constantly refer to Bitcoin as dangerous because it is an “anonymous currency”. This popular myth is actually factually incorrect. Bitcoin, having the transparency properties mentioned above, is NOT anonymous. In fact it actually adheres to a model of radical transparency which is the polar opposite of confidentiality. At most, one can state truly that Bitcoin is pseudonymous since there is no link (in theory at least – practice is much different) between a user’s public key and his/her real world identity. But since the Bitcoin blockchain runs on the internet it inherently suffers the same vulnerabilities of any network.
Any sufficiently sophisticated actor can link people’s public keys to their real world ID simply by observing IP traffic (there’s that network problem creeping in again) and correlating public keys to specific IPs. There are also plenty of lucrative companies entering the field of chain analysis – they do exactly what it sounds like – they scan and watch the blockchain and de-anonymise public keys and work closely with financial clients and the authorities. Many argue that this lack of confidentiality inherent to most blockchains actually means they are insecure. Imagine you store a particularly sensitive photo of yourself on some blockchain. Chances are that that photo will never go away and will always be accessible to anyone who cares to look.
2. Integrity
The second component of a secure system is integrity. This basically means that we can be sure the data is correct and has not been changed/tampered with. This is the security property where blockchain excels for obvious reasons. As an example, when you execute a smart contract on the Ethereum network, its execution is verified by all mining nodes before being recorded on the blockchain. If the majority of computing (hashing) power is controlled by honest nodes, your smart contract evaluation will be correct; this correctness is what allows for the property of integrity. With bitcoin the integrity is guaranteed by the collective hash power of all the miners in the world, so one can say that the integrity of the BTC blockchain is the highest in the world (i.e. no one can change the data without performing an impossible 51% attack).
3. Availability
The third component is availability. For a system to be considered secure, it must be available to be used, or people will just use non-secure means, thus defeating the purpose of security in the first place. An example of this is the US bombing fibre optic cables in Iraq in order to force the Iraqis to use normal communications that could more easily be intercepted. So a system (or blockchain) can have confidentiality and integrity, but it cannot be considered secure if availability is not also provided for. Luckily blockchain (rather, some types of blockchains, namely truly decentralised ones like bitcoin) is also quite good at ensuring availability, especially when compared to its centralised counterparts. How many times have you visited a classic centralised app only to find it is unreachable for some reason or another? BTC is the most glaring example of a robust network that has almost never gone down in its 9+ years of existence. Now that’s availability! Sure many nodes will go down at some point, but it’s highly unlikely that every node will.
Of course this property doesn’t apply to all blockchains, only to those that are decentralised and censorship resistant. And we have yet to see major network attacks against the blockchains, so it is too early to believe availability is always assured because it is blockchain. In fact, even with decentralisation, networks go down due to congestion/attack/misconfiguration/coding errors. An example of a popular blockchain going down is Ethereum.
So we can see that the CIA trilogy applies to blockchain just as it applies to cybersecurity in general. We’ve also learned that not all blockchains are created equal, and thus one must be careful with sweeping generalizations about blockchain’s inherent security or lack thereof. Some blockchains excel in some aspects, like Bitcoin in terms of Integrity and Availability, but come up short in other aspects, like Confidentiality.
Now that we understand the framework we use to generically analyse a blockchain’s cybersecurity, we can apply those analytical tools to specific cases. In future articles we will look at specific blockchains, their respective caveats and how they measure up in terms of cybersecurity.
For more information read https://www.peerlyst.com/posts/how-to-setup-and-secure-a-blockchain-practical-lab-bitcoin-ctf-inside-chiheb-chebbi.
Henrique is a former intelligence officer and whitehat hacker with extensive experience in surveillance and counter-surveillance. He is co-founder and CEO of Swiss based Privus and Maltese based Privum, designing bulletproof cyber-security solutions to protect privacy in the Digital Age.