Professional Documents
Culture Documents
Blockhain Security
Blockhain Security
05/02/2024
3
How Safe?
05/02/2024
4
Public BLOCKCHAIN
05/02/2024
5
Unexpected Consequences
05/02/2024
6
Private BLOCKCHAIN
Give their operators control over who can read the ledger of verified transactions, who
can submit transactions, and who can verify them.
The applications for private BLOCKCHAINS include a variety of markets in which
multiple parties wish to participate simultaneously but do not fully trust one another. For
example, private BLOCKCHAIN systems supporting land and physical asset registries,
commodities trading, and private equity distribution are all being tested. And
theoretically it is also promising as the digital ID retention and transaction (passports, e-
residency, birth/wedding certificates, other IDs like digital fingerprints) and securing
digital contract.
Private BLOCKCHAIN can also be used as a security enhancement for ID theft
prevention, critical infrastructure and sensitive data protection.
05/02/2024
7
Still has Unexpected Consequences
As these systems develop and evolve, some will have repercussions for the security of
the system and the assets it manages or stores.
As in software and product development, considering security at an early stage alleviates
difficulty of making fundamental changes to a product to address a security flaw later on.
Hacker can easily figure out exploitation.
05/02/2024
8
Network Architecture
05/02/2024
9
Offline Nodes Concern
05/02/2024
10
Downside: Transaction Delay
The process used to get consensus (verifying transactions through problem solving) is
purposely designed to take time, currently around 10 minutes. Transactions are not
considered fully verified for about one to two hours, after which point they are
sufficiently “deep” enough in the ledger that introducing a competing version of the
ledger, known as a fork, would be computationally expensive.
This delay is both a vulnerability of the system, in that a transaction that initially
seems to be verified may later lose that status, and a significant obstacle to the use of
cryptocurrencies-based systems for fast-paced transactions, such as financial trading.
05/02/2024
11
Benefit of Private BLOCKCHAIN: Faster!
05/02/2024
12
Private Key Thefts
Each bitcoin transaction includes unique text strings that are associated with the bitcoins
being exchanged. Similarly, other BLOCKCHAIN systems record the possession of
assets or shares involved in a transaction. The users then kept this information on a
virtual wallet account.
In the bitcoin system, ownership is demonstrated through the use of a private key (a
long number generated by an algorithm to provide a random and unique output) that is
linked to a payment and a virtual wallet, and like any others data or account, they can be
stolen or lost.
These thefts are not a failure of the security of bitcoin, but of personal security; the
thefts are the result of storing a private key insecurely.
Some estimates put the value of lost bitcoins at $950 million.
05/02/2024
13
Transaction Reversal
05/02/2024
14
GENERAL ISSUES #2
05/02/2024
15
End Point Vulnerabilities
The spaces where humans and BLOCKCHAINS meet. Endpoints are the computers that
individuals and businesses use to access BLOCKCHAIN-based services (financial
institutions, industries, or cryptocurrencies).
It begins with information being inputted into a computer and ends with information
being outputted from a computer. It is during the process of accessing the
BLOCKCHAIN that the data is in the most vulnerable state.
This includes Public and Private Key Security and Virtual Wallet Credentials
The prevention still rely on the same known identity theft countermeasures like using top
of the list AV/malware, regular updates and scan policy and the use of encryption
techniques to protect data and communications.
05/02/2024
16
Vendors Risk
The growth of Distributed Ledger Technology (DLT) adoption, emerge 3 rd party solution
as services providers or vendors :
BLOCKCHAIN integration platforms
Payment processors and Wallets providers
Fintech and BLOCKCHAIN payment platforms
Smart contracts (digital notaries etc.)
Weak security on their own systems, flawed code, and even personnel vulnerabilities
can expose their clients’ BLOCKCHAIN credentials and data to unauthorized persons.
05/02/2024
17
Full-Scale Threat
Since the BLOCKCHAINS growth, we are approaching unknown territory with every
gigabyte of expansion. Limited experience of the DLT industry means lack of capability
to identify and respond problems. As with every technology, airplanes to autonomous
cars, experience comes at a price. The price for a BLOCKCHAIN security failure has
not yet been high enough to require a major change to the system, which is both good
and bad.
BLOCKCHAINS could be susceptible to fraud, if a significant number of participants
conspire against the rest of the participants. Known as a majority attack, or as the 51%
problem, this theoretical threat could materialize, considering that a large number of
mining farms are built in nations where electrical power is cheap, and oversight
questionable.
05/02/2024
18
Lack of Regulation
05/02/2024
19
Lack of Standards
Refer back to the Vendor Risks (page 15), how any of the applications could not benefit
from some level of standardization, if not regulation?
The lack of standard protocols means BLOCKCHAIN developers cannot easily benefit
from the mistakes of others. With each company, each consortium, and each product
operating by a different set of rules, the risks that come from nonstandard technology of
any sort are present.
At some point, chains may need to be integrated. Lack of standardization can mean new
security risks as diverse technologies are merged.
The solution to the question of standards and regulations is more complex than of most of
the technical issues. However, these questions naturally will eventually resolve
themselves, through market or vendors driven.
05/02/2024
20
Regulation and Standard Resolution
Similar to many other technologies, evolution will ultimately bring about the following
arrangements:
Forced regulation and standards where it makes sense.
Self-imposed regulation and standardization among consortiums, vendors or providers, user
groups in areas where innovation is necessary.
No regulation or standardization for BLOCKCHAINS built in-house and only used internally
within the organization as proprietary solutions.
05/02/2024
21
Untested Code
05/02/2024
22
Others Attack
Another popular BLOCKCHAIN exploit aims to infect mobile wallet apps and online
exchanges where cryptocurrency is stored.
Fraudsters have also been known to take over unsuspecting endpoint PC or mobile
devices and use them to mine or create new crypto coins.
Scams, like initial coin offering, a funding event similar to an initial public offering
(IPO), but using new cryptocurrencies that could hold value if the STARTUP gains any
traction.
The Slovenian bitcoin trading marketplace enables customers to mine for
cryptocurrencies by leveraging unused CPU cycles.
05/02/2024
23
WRAP UP #3
05/02/2024
24
Brief Summary
05/02/2024
25
References
05/02/2024
26
Thank You!
05/02/2024