Blockchain represents a list of records, referred to as “blocks,” which are linked by way of cryptography. Each individual block holds a cryptographic hash from the previous block, as well as a timestamp and transaction data. It seems an ideal solution for organizations wanting to store huge amount of data, securely. Blockchain was created in 2008 by a person (or persons) using the alias “Satoshi Nakamoto.”
The data is transparent to the appropriate parties, which is useful in a number of business situations. While secure, data contained in a blockchain is not necessarily considered “private.”
Blockchain can be described as an open communication that can record transactions between people and organizations in a way that is verifiable and efficient, and maintains its integrity.
When blockchain is used as a distributed ledger, it is normally managed with a network that collectively complies with established protocols. Once recorded, the data of any individual block cannot be changed retroactively, unless all the subsequent blocks are altered. This process requires the approval of the network’s majority. Though blockchain records can be altered, they are still considered secure, due to its decentralized consensus approval process.
Blockchain offers a very reasonable alternative to the cloud and data storage companies. Data stored in a blockchain would remain pure and unaltered. Data security is considered to be quite important in the world of business. For many organizations, data and its integrity have become a high priority.
Encryption and Validation
A blockchain platform encrypts its data, meaning it is difficult to read (without the right algorithm) or modify. It can also save cryptographic signatures of documents or files. This offers a way to assure a file has not been tampered with. File signatures can always be cross-checked and verified. When a file is examined, it can be trusted to be the same version that existed at an earlier time. If the file is changed, the signature becomes invalid.
The blockchain structure offers a reliable, independent data verification system. Lacking a central authority, trust in the blockchain structure has been established through the use of decentralized consensus and cryptography.
Cryptography involves the use of cryptographic algorithms. As a general rule, cryptography is used to encrypt or encode data, preventing hackers from deciphering the message. It promotes confidential two-way communications, with each party accessing the message, while no one else can. The basic components of cryptography are:
- A message or payload (sometimes called plaintext) – The data or payload contained within the encrypted message.
- The encryption/decryption algorithm – An algorithm pair that is used to translate the plaintext and ciphertext messages.
- Cipher (also called ciphertext) – The encryption function’s output, or the encrypted message that is sent between the sender and receiver.
Data Security through Decentralization
Blockchain is decentralized in nature and does not rely on a single central point of control. Blockchain represents a digital ledger of transactions, and every computer within the system has a copy of the data.
The absence of a single authority makes the data considerably more secure. Rather than depending on a single central authority to provide secure transactions, blockchain uses an innovative consensus process, with protocols working across networks of nodes. This consensus process validates transactions and records data in a way that is normally incorruptible.
Blockchain, as a ledger of data, concentrates on the importance of information integrity. The data being stored must be honest and accurate. With the data being stored in multiple computers, it is secure even if a computer or two malfunction.
Reports from Transparency Market Research predict the global blockchain market will be worth $20 billion by 2025. People, wisely, are cautious about exposing their private data to the general public, fearing criminals will alter it, or steal it with the hope of profiting from it. Not surprisingly, people want to share their data securely and with a tamper-proof platform. Blockchain helps in providing that secure platform, and has great potential for reducing costs and enhancing security. However, while there are benefits, blockchains weaknesses should not be overlooked.
Blockchain Has Been Hacked
The first blockchain hack took place online in June 2011, and $50,000 was stolen. This is one of the most famous blockchain hacks. First the cyber-criminal managed to get the auditor’s credentials, then used them to access the system. The hacker then converted one BTC to equal one cent. After that, the hacker collected 2609 BTC from several clients, who sold their BTC for this extremely low, temporary price.
Another example of blockchain being hacked includes a theft on December 6, 2017. Eighty million dollars (4700 BTC) was stolen. The Slovenian exchange platform, called NiceHash, was hacked, with the CEO announcing it on Facebook Live. It is known that one of their staff computers was compromised, and that they suspended all transactions for 24 hours. This allowed them to analyze the situation and develop a plan to prevent it from happening again.
Sadly, the more complicated a blockchain’s system is, the greater the potential for making mistakes when setting it up, accidentally leaving an opening for hackers. In February 2019, the business in charge of Zcash (cryptocurrency using complicated math encryptions for transaction privacy) announced they had secretly repaired a “subtle cryptographic flaw” that had accidentally been built into the protocols. A hacker could have exploited this weakness to create unlimited counterfeit Zcash. Fortunately, they fixed it before that happened.
Check out the 51% attack. The 51% attack is a reference to a blockchain attack by a number of miners controlling more than 50% of the network’s computing power. This type of attack is rare and typically targets smaller blockchains, with less computational power.
Defeating Blockchain Hackers
Protocols must be secure. A protocol is made up of the rules and guidelines used in achieving a particular goal, and is considered the software backbone for blockchain systems. Different protocols are created to accomplish a variety of goals and objectives. Poorly designed blockchain protocols are often the target of hackers.
Generally speaking, however, hackers haven’t attacked the blockchains themselves, but have gone after exchanges — websites where cryptocurrencies can be bought, sold, traded, and held. Many of these thefts can be blamed on poor security practices.
Some businesses, such as Tsankov’s ChainSecurity, are working to develop auditing services using an established technique called formal verification. Their goal is to mathematically prove a contract’s code will do what it is supposed to. Auditing tools have been emerging for the last few years and have helped smart contract creators eliminate many of the weaknesses in blockchain systems.
Philip Daian of Cornell’s Initiative for Cryptocurrencies and Contracts suggests using smart contracts to organize a blockchain-based “bug bounty.” This would encourage users to report flaws and weaknesses in return for a reward.
There are a number of steps that can be taken in-house to improve blockchain security. They include:
- Vigilance: Repetitive passwords or logging in from foreign devices should be avoided.
- Consensus Algorithms: The blockchain system should use anti-hacking consensus algorithms.
- Up-to-date Security Protocols: Security protocols should be updated as quickly as possible. It helps to ensure there are no weaknesses in the software.
- Exhaustive Testing: Smart contract codes need to be tested regularly — and often — to find any loopholes. Thousands of real-time tests are needed to find out if the system has any bugs.
- Auditing: Auditing processes are available that would test blockchain protocols codes. This should be done “before launching” and after. A false or bad code can be detected easily with this process. Additionally, installing an AI into the mix to perform audits would provide some very serious security.
- Private Keys: Private keys need to be kept private. They should not be shared with anyone. Keep the private key in a safe place.
- Monitoring: Blockchain platforms should use monitoring options for detecting any abnormal activities, quickly and efficiently.
- User Reports: Users of the network are asked to report any bugs within the system when they detect them.
Artificial intelligence is also an option for improving blockchain security. AnChain.ai is a recent startup that was created to deal with hacking threats against blockchain systems. It uses AI to monitor transactions while scanning for suspicious activity.
Blockchain — Basic Problems and Solutions
Cryptocurrency identifies the currency itself, but does not identify its owner. Whoever has control of the coin’s private encryption key has control of the currency. When cryptocurrency is stolen, there is no way to get it back. A way to avoid this is to store the private encryption keys safely, using a “FIPS” validated root of trust.
Smart-contracts describe an agreement that can self-execute as well as enforce the terms of the contract. However, if the blockchain is hacked, the smart contract may be altered. This results in the trust of blockchain being broken and the two parties no longer doing business with the blockchain system. The entire transaction may have to be dropped or renegotiated.
To avoid this problem, securely self-execute the contract terms with anonymous parties using strong authentication, and by storing the private keys inside of a “hardware” root of trust. This ensures the appropriate parties are correctly identified.
The Internet of Things (IoT) has restrictions applied to it by a central-authority trust model, which makes the IoT vulnerable. Mirai-style botnets allowed hackers to take control of thousands of IoT devices in April 2018. The IoT devices were protected only with default passwords, which allowed the hackers to initiate DDoS (Distributed Denial of Service) attacks.
This can be avoided by including blockchain’s distributed consensus model. By removing the single-point-of-failure, the nodes within a given network can provide backup, and nodes that start behaving strangely can be quarantined.
Image used under license from Shutterstock.com