Deloitte’s global blockchain and cyber security experts from around the globe in their 2017 report looked at blockchain technology security from three perspectives; confidentiality, integrity, and availability referenced.
At the same time, they have also assessed the maturity of blockchain technology from Authentication, Authorization, and Audit (AAA), and Non-Repudiation, fundamental security aspects for protecting information and designing/managing new systems and networks.
According to David Schatsky, Managing Director at Deloitte U.S., “the technology provides a way of recording transactions or any digital interaction in a way that is secure, transparent, highly resistant to outages, auditable, and efficient”. Such is the interest in the technology that in 2016 alone over $1. billion was invested in blockchain by financial services and technology firms globally & such investments are predicted to increase exponentially over the next five years.
So, what about blockchain? Will the technology be a cyber security help or hindrance? Ed Powers, Deloitte’s U.S. Cyber Risk Lead says, “while still nascent, there is a promising innovation in blockchain towards helping enterprises tackle immutable Cyber Risk challenges such as digital identities and maintaining data integrity.”
Blockchains could potentially help improve cyber defense as the platform can secure, prevent fraudulent activities through consensus mechanisms, and detect data tampering based on its underlying characteristics of immutability, transparency, auditability, data encryption & operational resilience (including no single point of failure). However, as Cillian Leonowicz, Senior Manager at Deloitte Ireland opines “blockchain’s characteristics do not provide an impenetrable panacea to all cyber ills, to think the same would be naïve at best, instead as with other technologies blockchain implementations and roll-outs must include typical system and network cyber security controls, due diligence, practice and procedures”.
According to the National Institute of Standards and Technology (NIST), confidentiality refers to “the property that sensitive information is not disclosed to unauthorized individuals, entities, or processes.
Ensuring only interested and authorized parties access the correct and appropriate data to them is a common concern for organizations considering using a blockchain today. Protecting blockchain network access is fundamental in securing data access (particularly in private blockchains).
If an attacker is able to gain access to the blockchain network, they are more likely to gain access to the data, hence authentication and authorization controls need to be implemented, as is the case with other technologies. Although the technology was originally created without specific access controls (due to its public nature), there are some blockchain implementations starting to address the data confidentiality and access control challenges, by providing out-of-the-box full block data encryption and AAA capabilities. Full encryption of blockchain data ensures data will not be accessible by unauthorized parties while this data is in transit (especially if data is flowing through untrusted networks).
In public blockchains, there is no necessity to control network access as the chains’ protocols allow anyone to access and participate in the network, providing they first download the software. In contrast, private blockchains require that appropriate security controls are in place to protect network access. In a perfect world it would be tempting to assume that, because of their private nature, local networks and systems are already protected well behind an organizations perimeter by several internal security layers (such as firewalls, virtual private networks, VLANs, Intrusion Detection & Prevention Systems, etc.), through the adoption of a so-called defense in depth strategy.
However, perfect-world scenarios are a utopia, especially in security, and relying solely on the effectiveness of such security controls is clearly insufficient. For this reason, security best practices recommend security controls (such as access controls) should also be implemented directly at the application level, being that the first and most important line of defense, particularly in scenarios such as an attacker gaining access to the local network or where a malicious insider is already present.
Organizations, when considering their blockchain network architecture, will also need to consider how to treat uncommunicative or intermittently active nodes as the blockchains will need to continue functioning without these offline nodes but also must be able to bring them back up to speed providing they return to their original function.
Data Access & Disclosure
Today, if an attacker gains access to a blockchain network and the data, this does not necessarily mean the attacker can read or retrieve the information. Full encryption of the data blocks can be applied to data being transacted, effectively guaranteeing its confidentiality, considering the latest encryption standards are followed.
The use of end-to-end encryption, which has become an important topic of discussion in recent years, where only those who have the authorization to access the encrypted data i.e. through their private key, can decrypt and see the data. Using encryption keys in conjunction with PKI can provide organizations with a higher level of security.
Encrypting data on a blockchain can provide organizations with a level of protection from a data confidentiality and data access control perspective. As an example, implementing secure communication protocols on the blockchain (assuming the latest security standards and implementation guides), guarantees that even in a situation where an attacker tries to do a man-in-the-middle attack the attacker won’t be able to either forge the interlocutor’s identity or disclose any data while in transit. Even in an extreme situation scenario where long-term private keys are compromised; past sessions are kept confidential due to the perfect forward secrecy properties of security protocols.
Although blockchain users generally back up their private keys in a secondary place such as cold storage, theft of private keys remains a high risk. It’s important to note that keys are used for several purposes in the blockchain ecosystem: protection of user information, the confidentiality of data, and authentication and authorization to the network.
According to Lior Kalev, Director leading Deloitte Israel’s Cyber Risk Services, “People want and need to be connected to their data at all times from any location and any device which bring about new cyber risks which make network access management in enterprise and global organizations inherently challenging”.
Organizations need to be conscious that accessing their blockchain account from multiple devices puts them at a higher risk of losing control of their private keys. Considering this, its important entities follow suitable key management procedures (such as the IETF or RFC 4107 cryptographic key management guidelines)17 and develop secure key governance practices internally, since this will be fundamental to the security of the blockchain network.
According to Artur D’Assumpção, head of Cyber Risk / Cyber Security at Deloitte Portugal “In an enterprise environment, it will be fundamental to properly secure secret key material so as to not jeopardize the ledger confidentially and integrity. An example of adequate protection is the use of special purpose key vaults that implement technologies such as Hardware Security Modules to secure master secrets and provide a highly secure and tamper-resistant environment.”
Today’s cryptographic algorithms produce a public/private key pair and an address which is derived using hashing and checksum operations on the public key. Exposure to the address alone is not high risk. However, exposure of the address and the public key required to transact will potentially, given sufficient advances in quantum computing, enable the derivation of the private key. Jacky Fox highlights “while commercial quantum computing is not available as a large-scale reality it makes sense to plan now for the move to quantum-resistant cryptography. NIST is currently in the process of developing quantum-resistant cryptography standards and the NSA is recommending their suppliers plan to implement SHA-384 instead of SHA-256”.
Blockchain technology can be regarded as a secure technology, from the point of view that it enables users to trust that the transactions stored on the tamper-proof ledger are valid. The combination of sequential hashing and cryptography along with its decentralized structure makes it very challenging for any party to tamper with it in contrast to a standard database.
This provides organizations using the technology with assurance about the integrity and truthfulness of the data. The consensus model protocols associated with the technology also present organizations with a further level of assurance over the security of the data, as generally 51% of users in public and private blockchains need to agree a transaction is valid before it is then subsequently added to the platform.
Organizations can implement further mechanisms to prevent and control ledger splitting in the event of a 51% cyber control attack occurring for example monitor if one of the nodes increases processing power and is executing a significantly higher number of transactions.
Every transaction added to a public or private blockchain is digitally signed and timestamped, which means that organizations can trace back to a specific time period for each transaction and identify the corresponding party (via their public address) on the blockchain. This feature relates to an important information security property: non-repudiation, which is the assurance that someone cannot duplicate the authenticity of their signature on a file or the authorship of a transaction that they originated. This out-of-the-box functionality of the blockchain increases the reliability of the system (detection of tamper attempts or fraudulent transactions) since every transaction is cryptographically associated with a user.
Any new transaction added to a blockchain will result in a change of the global state of the ledger. The implication of this is that with every new iteration of the system, the previous state will be stored, resulting in a fully traceable history log. The technology’s audit capability provides organizations with a level of transparency and security over every interaction. From a cybersecurity perspective, this provides entities with an extra level of reassurance that the data is authentic and has not been tampered with.
Smart contracts, and computer programs running on the ledger, have become a core feature of blockchains today. This type of program can be used to facilitate, verify, or enforce rules between parties, allowing for straight-through processing and interactions with other smart contracts. Such software provides a large surface area for attack, so an attack on one smart contract could have a domino effect on other parts of the platform i.e. the language itself or the implementation of contracts.
During the DevCon event in Shanghai, a DDoS attack exploiting a vulnerability in the Go-based Ethereum client’s smart contract implementation prevented miners from mining further blocks. Blockchain brings a new paradigm to software development and, as such, secure development standards and practices (such as implementing secure coding and security testing) need to be implemented (and updated) to account for the smart contract life cycle (creation, testing, deployment, and management). According to Diego Rodriguez Roldan, Director at Deloitte Advisory practice in Spain, “it will be necessary to apply methodologies such as the Secure Software Development Life Cycle (S-SDLC) in order to minimize the threat of a critical bug during the life cycle smart contracts”. The attack on the DAO, a decentralized organization built on top of Ethereum, is an example where smart contracts was attacked. An attacker managed to exploit a bug in a smart contract that led to the theft of 60M Ether25.
NIST defines availability as “ensuring timely and reliable access to and use of information”. Cyberattacks attempting to impact technology services availability continue to increase.
DDoSs, being one of the most common type of attacks, can also cause the most disruption to internet services and hence blockchain-enabled solutions. The resulting implications are that websites get disrupted, and mobile apps become unresponsive, and this can generate ever-increasing losses, and costs, to businesses. Given blockchains are distributed platforms, DDoS attacks on blockchains are not like regular attacks. They are costly as they attempt to overpower the network with large volumes of small transactions (or in the case of the recent Ethereum DDoS attacks, actions with disproportionately low gas costs costing €3,000).
The decentralization and peer-to-peer characteristics of the technology make it harder to disrupt than conventional distributed application architectures (such as client-server), yet they are also subject to DDoS attacks, and as such adequate protection measures are still necessary, both at the network and application level. The Bitcoin network withstood a DDoS attack in 201432, where attackers attempted to overflow the network with requests.
No Single Point of Failure
Blockchains have no single point of failure, which highly decreases the chances of an IP-based DDoS attack disrupting normal operation. If a node is taken down, data is still accessible via other nodes within the network, since all of them maintain a full copy of the ledger at all times. The distributed nature of the technology solves the Byzantine General’s problem of false consensus.
Bitcoin, to date, is the most tried and tested platform in the market, which has successfully withstood cyber-attacks for more than 7 years. Blockchain infrastructure evidently provides a further level of data accessibility, given that data is accessible through any of the nodes in the network, even in the event of a DDoS attack disrupting some of the nodes.
Even though a blockchain network is considered to have no single point of failure, organizations could still face risks from external events outside of their control. For example, a global internet outage would disrupt even a public blockchain network as distributed as Bitcoin or Ethereum, creating outages that would impact an organization’s operations as with any other technology.
Private blockchain networks with a lower number of nodes would need to ensure that their network is sufficiently distributed globally and resilient with no single points of failure on an organization or platform level to ensure continuous operation even in the event of a natural disaster or coordinated attack.
The combination of the peer-to-peer nature and the number of nodes within the network, operating in a distributed and 24/7 manner, make the platform operationally resilient. Given that both public and private blockchain consists of multiple nodes, organizations can make a node under attack redundant and continue to operate as a business as usual. So, even if a major part of the blockchain network is under attack, it will continue to operate due to the distributed nature of the technology.
This does not mean that the network is completely “bullet-proof”. Since blockchain’s inception, in 2008, platforms have faced threats where attackers have attempted to jeopardize their stability, using different attack vectors. Transaction malleability, a bug found when transactions are in a pending validation status, resulted in an attack on the Bitcoin network in 2014, which impacted the users’ experience.
In 2016, an attacker exploited the smart contracts in Ethereum, and the way they can be used, to create an overflow in the network, to the point where the creation of blocks and validation of transactions were severely impacted, slowing the network. This has been addressed with the creation of a hardfork (permanent divergence from the previous blockchain version). According to Suchitra Nair, Director at Deloitte U.K.’s Risk Advisory practice, “Operational resilience of the blockchain will be a key focus area for regulators and will need to be rigorous.