Professional Documents
Culture Documents
07/11/2021
3
How Safe?
07/11/2021
4
Public BLOCKCHAIN
A system of recording transactions that allows anyone to read or write transactions. Anyone
can aggregate and publish those transactions, provided they can show that a sufficient
amount of effort went into doing so, which can demonstrate by solving a difficult
cryptographic puzzle. The process by which a network of nodes confirms the record of
previously verified transactions, and by which it verifies new transactions, is known as a
consensus protocol.
In the bitcoin system, because no user is implicitly trusted to verify transactions, all users
follow an algorithm that verifies transactions by committing software and hardware
resources to solving a problem by brute force (i.e., by solving the cryptographic puzzle). The
user who reaches the solution first is rewarded, and each new solution, along with the
transactions that were used to verify it, forms the basis for the next problem to be solved.
This what called mining.
07/11/2021
5
Unexpected Consequences
07/11/2021
6
Private BLOCKCHAIN
Give their operators control over who can read the ledger of verified transactions, who
can submit transactions, and who can verify them.
The applications for private BLOCKCHAINS include a variety of markets in which
multiple parties wish to participate simultaneously but do not fully trust one another. For
example, private BLOCKCHAIN systems supporting land and physical asset registries,
commodities trading, and private equity distribution are all being tested. And
theoretically it is also promising as the digital ID retention and transaction (passports, e-
residency, birth/wedding certificates, other IDs like digital fingerprints) and securing
digital contract.
Private BLOCKCHAIN can also be used as a security enhancement for ID theft
prevention, critical infrastructure and sensitive data protection.
07/11/2021
7
Still has Unexpected Consequences
As these systems develop and evolve, some will have repercussions for the security of
the system and the assets it manages or stores.
As in software and product development, considering security at an early stage alleviates
difficulty of making fundamental changes to a product to address a security flaw later on.
Hacker can easily figure out exploitation.
07/11/2021
8
Network Architecture
07/11/2021
9
Offline Nodes Concern
07/11/2021
10
Downside: Transaction Delay
The process used to get consensus (verifying transactions through problem solving) is
purposely designed to take time, currently around 10 minutes. Transactions are not
considered fully verified for about one to two hours, after which point they are
sufficiently “deep” enough in the ledger that introducing a competing version of the
ledger, known as a fork, would be computationally expensive.
This delay is both a vulnerability of the system, in that a transaction that initially
seems to be verified may later lose that status, and a significant obstacle to the use of
cryptocurrencies-based systems for fast-paced transactions, such as financial trading.
07/11/2021
11
Benefit of Private BLOCKCHAIN: Faster!
07/11/2021
12
Private Key Thefts
Each bitcoin transaction includes unique text strings that are associated with the bitcoins
being exchanged. Similarly, other BLOCKCHAIN systems record the possession of assets or
shares involved in a transaction. The users then kept this information on a virtual wallet
account.
In the bitcoin system, ownership is demonstrated through the use of a private key (a long
number generated by an algorithm to provide a random and unique output) that is linked to a
payment and a virtual wallet, and like any others data or account, they can be stolen or lost.
These thefts are not a failure of the security of bitcoin, but of personal security; the thefts
are the result of storing a private key insecurely.
Some estimates put the value of lost bitcoins at $950 million.
07/11/2021
13
Transaction Reversal
07/11/2021
14
GENERAL ISSUES #2
07/11/2021
15
End Point Vulnerabilities
The spaces where humans and BLOCKCHAINS meet. Endpoints are the computers that
individuals and businesses use to access BLOCKCHAIN-based services (financial
institutions, industries, or cryptocurrencies).
It begins with information being inputted into a computer and ends with information
being outputted from a computer. It is during the process of accessing the
BLOCKCHAIN that the data is in the most vulnerable state.
This includes Public and Private Key Security and Virtual Wallet Credentials
The prevention still rely on the same known identity theft countermeasures like using top
of the list AV/malware, regular updates and scan policy and the use of encryption
techniques to protect data and communications.
07/11/2021
16
Vendors Risk
The growth of Distributed Ledger Technology (DLT) adoption, emerge 3 rd party solution
as services providers or vendors :
BLOCKCHAIN integration platforms
Payment processors and Wallets providers
Fintech and BLOCKCHAIN payment platforms
Smart contracts (digital notaries etc.)
Weak security on their own systems, flawed code, and even personnel vulnerabilities
can expose their clients’ BLOCKCHAIN credentials and data to unauthorized persons.
07/11/2021
17
Full-Scale Threat
Since the BLOCKCHAINS growth, we are approaching unknown territory with every
gigabyte of expansion. Limited experience of the DLT industry means lack of capability
to identify and respond problems. As with every technology, airplanes to autonomous
cars, experience comes at a price. The price for a BLOCKCHAIN security failure has
not yet been high enough to require a major change to the system, which is both good
and bad.
BLOCKCHAINS could be susceptible to fraud, if a significant number of participants
conspire against the rest of the participants. Known as a majority attack, or as the 51%
problem, this theoretical threat could materialize, considering that a large number of
mining farms are built in nations where electrical power is cheap, and oversight
questionable.
07/11/2021
18
Lack of Regulation
07/11/2021
19
Lack of Standards
Refer back to the Vendor Risks (page 15), how any of the applications could not benefit from
some level of standardization, if not regulation?
The lack of standard protocols means BLOCKCHAIN developers cannot easily benefit from
the mistakes of others. With each company, each consortium, and each product operating by
a different set of rules, the risks that come from nonstandard technology of any sort are
present.
At some point, chains may need to be integrated. Lack of standardization can mean new
security risks as diverse technologies are merged.
The solution to the question of standards and regulations is more complex than of most of
the technical issues. However, these questions naturally will eventually resolve themselves,
through market or vendors driven.
07/11/2021
20
Regulation and Standard Resolution
Similar to many other technologies, evolution will ultimately bring about the following
arrangements:
Forced regulation and standards where it makes sense.
Self-imposed regulation and standardization among consortiums, vendors or providers, user
groups in areas where innovation is necessary.
No regulation or standardization for BLOCKCHAINS built in-house and only used internally
within the organization as proprietary solutions.
07/11/2021
21
Untested Code
07/11/2021
22
Others Attack
Another popular BLOCKCHAIN exploit aims to infect mobile wallet apps and online
exchanges where cryptocurrency is stored.
Fraudsters have also been known to take over unsuspecting endpoint PC or mobile
devices and use them to mine or create new crypto coins.
Scams, like initial coin offering, a funding event similar to an initial public offering
(IPO), but using new cryptocurrencies that could hold value if the STARTUP gains any
traction.
The Slovenian bitcoin trading marketplace enables customers to mine for
cryptocurrencies by leveraging unused CPU cycles.
07/11/2021
23
WRAP UP #3
07/11/2021
24
Brief Summary
07/11/2021
25
References
07/11/2021
26
Thank You!
07/11/2021