Blockchain Security


hey guys hope you guys are doing great
today’s topic is going to be about
blockchain security. I’ll be sharing
with you my thoughts on the blockchain X.0 , different phases
cars gonna go through so moving right
Tthe topics of today’s discussion
are gonna be, blockchain background, the
use-cases, blockchain x.0, smart contracts,
the weakest link, security considerations
Blockchain deployments have been discussed for
a while now and in my eyes there are
pretty much three deployment types of
blockchains, the public, private, and
hybrid and most of the deployments have
been on the public side and they are
pretty much the Bitcoin, ethereum,
litecoin etc
discussed for for a while now and in my
eyes there are pretty much three
deployment types of block chains the
public private and hybrid and all the
use cases of the public blockchain have
been in the area of cryptocurrencies
besides the cryptocurrencies there has
been and no major uptake of the private
deployment of the blockchain by the
enterprises anywhere I go these days the
the discussion ology evolves around and
a lot of people are talking about
blockchain as a godsend it is a cure for
all problems is gonna solve all issues
and you know it’s gonna solve for world
hunger and you know world’s gonna be a
pretty place once everybody starts using
blockchain so so the truth is blockchain
technology was introduced in 2009 and
since then there has been no other
massive use of it them , besides the
cryptocurrencies as I said in the in the
previous slide it is it’s only use case
has been cryptocurrencies anywhere else
everybody just trying to see what it is
but a snake oil salesmen are pretty much
trying to sell it for anything and
everything
so it is key that before you embrace the
blockchain technology and you look at
what use what requirement is it
addressing is there a requirement for
you to go to blockchain at all so don’t
just go into it just for the sake of it
there are enterprises who are conducting
proof of concepts on blockchain and
which is okay
they they can do what they want but
right now the industry is looking at
pretty much blockchain is like a hammer
and everything looks like a nail
so anything and everything you know
blockchain is gonna solve blockchain xro
in this slide I talk about the evolution
of the blockchain technology since its
inception so if you look at the table in
the slide number five blockchain one
auto I call these Bitcoin litecoin those
coins so these were the first
incarnations of blockchain and the main
use case of block chain or the
cryptocurrencies
hence the Bitcoin icon and dogecoin the
next phase i would call it as a
blockchain 1.5 which improved on the
blockchain 1.0 technologies by
introducing privacy into the into the
mix because in doctrine one dot o
everything was transparent although
people said they transactions on on the
cryptocurrencies were anonymous they
were not really anonymous they were
synonymous where if somebody knew the
public address of someone then they
could pretty much track where they were
sending money when they were pretty
receive money from but even in in that
blocked in minato era
if you were not using the same address
all the time then you could pretty much
obfuscate that activity but the key was
that you had to make sure that you used
new address for every transaction the
introduction of the blockchain 1.5
technologies such as malaria of Z cash Z
coin they introduced the ability to
anonymize the transactions at the
blockchain l also a lot of formation was
available then came blockchain 2.0 and ethereum is is in improvement on
all it’s pretty much an improvement on
the blockchain one dot o technologies
where it said instead of creating a new
cryptocurrency every time you had to
fork an existing blockchain and
introduce some additional code into it
what aetherium meant to do was they said
they will introduce a platform which
would allow creation of cryptocurrencies
programmatically and to do this they
introduced a concept of smart contracts
which would be the code that you could
write to implement your cryptocurrency
without worrying about the the nodes the
mining and all that complicated stuff
but if you look at it going from 1.5 to
2.0 still does not have any
implementation of privacy in it the new
version of ethereum is going to have
have that implemented in it and I think
ethereum is going for the ZK snarks but
that is yet to be found out when
they do implement it the next phase of
blockchain as I call 3.0 would be as you
can see in the list
EOS neo
Hyper ledger so these are an improvement
over ethereum where they theorem
introduced its own programming language
called solidity which has its own issues
but eos and neo said okay we will allow
a whole bunch of existing smart contract
languages to be used such as c-sharp
Java JavaScript or whatever you want to
use oho so Yas has has a bunch of
language supports out of the box there’s
some that that have being worked on
same thing with neo and same thing with
the hyper ledger the next evolution in
my eyes is the blockchain 4.0 where
we have technologies like polkadot
dfinity, Tezos which are pretty much
introducing more concepts on on the
platforms that blockchain 3.0 has
already introduced so in trouble our
cheney operability consensus mechanisms
where if you wanted to change certain
aspects of the blockchain and you would
have to go through a consensus mechanism
and only through through that you could
have those changes implemented into the
blockchain one of the key and and when I
talk about this I’m talking about tezo’s
which is planning on introducing that
hopefully sometime in summer they should
go live smart contracts were introduced
by ethereumin 2015 this was again as I
said in the previous slide the
mechanisms for automating and making a
platform that allowed people to create
their own cryptocurrencies with the
whole bunch of logic in it but it is not
to be construed as a legal contract the
word the usage of the word smart
contract came about when Vitalik
Buterin was doing some work on on
another fork of a blockchain for
and they had to write some code for that
and they said we call it a smart
contract because it was pretty much
automating some activity and hence the
name smart contract was coined and it
struct that way but what what’s
confusing is that people seem to be
thinking of a smart contract equivalent
to a legal contract no both of these are
not equal if you went to a lawyer
lawyers don’t speak smart contract
language they speak their legalese and
they will only talk about their stuff
and they would not sign off on any smart
contracts so just be aware of that and
and they and coming along to the theme
of this show today is security the fact
that you can write a bunch of code to do
certain activities for you
introduces inherent risks because
because it is code it is written by
human beings and there have to be sooner
or later there are going to be some bugs
in it and when something has bugs in it
those bugs can be exploited by people
and bad things will happen such as the
DAO hack that happened in 2016 where a a
smart contract was had some code issues
in it and somebody found that that hole
and they exploited it and they ran away
with about 150 million dollars worth of
ether the weakest link in this whole
equation so far has been in the smart
contract which is not really the
blockchain yourself blockchain
inherently is very secure no one has
been able to hack it or change it or
crack it so so it is it is a secure
technology but what happens is people
who are using the blockchain they have
their mechanisms to use the blockchain
and this mechanism at this point of time
because cryptocurrencies are prevalent
right now is the wallet and when you are
writing stuff to the blockchain
blockchain says you have to make sure
that there’s a private key and a public
key exchange and you as what owner
should have the private key and public
you can give to anybody else but if the
wallet owner as such does not protect
the private key or the secret to the
private key then they might be
susceptible to phishing attacks so all
the all the hacks all the losses that
have been incurred so far have been due
to the fact that the wallet mechanisms
are pretty complicated and people forget
their keys people lose their keys and
and people don’t protect the keys
intelligently and that’s what makes them
lose their their cryptocurrencies but in
a real use case what one has to look for
in a blockchain from security
perspective are some of the things that
that any security practitioner would be
looking at in any kind of a deployment
so as the black blockchain platform get
more complex the threat vectors also
increase exponentially so we need to
focus on on these areas as I’ve listed
below cryptography cryptography is the
key the consensus algorithms
the identity
authentication authorization code
development practices data integrity
encryption mechanisms in certain
response so coming to key management as
I said before your wallet when you are
using your wallet your keys are very
important so you have to protect your
private keys the other piece is when you
are creating the blockchain yourself
there’s a key sermon you required for
that to generate keys for the blocked in
yourself and if that mechanism is weak
then you’re gonna have issues
what kind of encryption are using in in
in the in the in the blockchain that is
key as well
what kind of hashing functions you are
using in it and all this is tied up
together a nice package via the
consensus algorithm so if the consensus
algorithm has flaws in it then
everything else is gonna get messed up
as well so so you have to make sure the
consensus algorithm that you you you
select you do your due diligence in
selecting the consensus algorithm and an
implementation so again consider
consensus algorithm in its own right is
a piece of code which needs secure
development practices such as you know
code review code testing black box
testing white box testing all kinds of
stuff that that goes up with any code so
you have to make sure that you have that
full approved the next piece is identity
as the blockchain platforms advance and
they become more complicated and this is
not really an issue at this point of
time in any aetherium but eoz and and
then the new platforms are introducing
it and the the idea about
authentication so the machines or the
users need to need to have
authentication implemented and again you
have to make sure the authentication is
a strong authentication you don’t lose
credentials easily the authorization
piece to what level of access are you
providing once somebody’s authenticated
into the into this blockchain
environment then what is this actor able
to do is it hard to be able to modify
things or aren’t able to read stuff so
authorization is important as well so
you need to have keep an eye on the
authorization mechanisms I already spoke
about code development practices data
integrity is if you are writing pieces
of code into the blockchain you have to
make sure that data that is being
written to the blockchain and being read
out of it it’s entering integrity is
maintained currently in blockchains you
can’t write a whole lot of data you can
only write very small piece of data to
it but it is it is a repository where
you can make references to to data in
other repositories so so that’s that’s
one area that you need to look at I
encryption mechanisms as I’ve said
before that is that is key you have to
make sure you’re not using weak
encryption at all
and finally the incident response
so whatever infrastructure you deploy
for your blockchain that is if you do
use blockchain for your organization you
have to make sure that you take you have
documented processes for incident
response and monitoring for incidents so
the whole infrastructure that this block
team is going to be sitting on make sure
you have the proper monitoring in place
you have documented procedures for
responding to incidents you will have
intrusion detection
intrusion prevention mechanisms so as
you can see the blockchain is not
different from deploying any software in
your or any platform in your environment
as long as your requirements are clear
you understand what what your needs are
what you’re going to be implementing it
for then use those same delivery
methodologies the fact that you are
deploying blockchain shouldn’t really
change anything for you if you have
strong security practices being
practiced in your organization then
looking at blockchain deploying a
blockchain technology should not be
rocket science it should be just
following the regular for the delivery
methodology taking care of the regular
security requirements hey everybody
hope you found the information I shared
with you today to be useful please like
subscribe and share the content in your
social circles if you want to contact me
my contact details are on my website
secunoid.com, the address is also at
the bottom left-hand corner of this the
slide deck and finally the information I
have shared should not be abused as
financial advice so play the
cryptocurrency investment game at your
own risk and lastly thank you for your
time and talk to you soon bye bye

1 thought on “Blockchain Security

Leave a Reply

Your email address will not be published. Required fields are marked *