Protecting the distributed ledger
A Blockchain, or distributed ledger, is a technological protocol that enables data to be exchanged directly between different contracting parties within a network without the need for intermediaries.
Each transaction is communicated to all network nodes, and once verified and confirmed, is added to an immutable transaction chain.
Numerous industries are currently researching and piloting Blockchain applications, As a consequence, there is a rising number of inquiries and concerns about the security aspects of Blockchain and its ability and limitations in protecting such critical data. Some of these aspects contribute to making Blockchain security difficult to manage:
1. Immaturity and complexity of the technology
Due to the different consensus algorithms available (e.g. proof of work or proof of stake), the Blockchain types (e.g. permissioned or permissionless), and the complex underlying cryptographic protocols, it is difficult for security practitioners to fully understand data flows and potential security weaknesses.In addition, multiple Blockchain platforms and implementations exist and applications must be evaluated for their suitability for integration with a specific Blockchain system..
2. Lack of standards and regulations around Blockchain technology
As of today, Blockchain technology is being adopted by some countries, while on the larger scale, it hasn’t been regulated yet, resulting in legal uncertainties and grey areas. An interesting example of the lack of controls and laws regulating Blockchain networks are the hacks in the industry, losing millions of dollars by exploitation of smart contracts
3. Widespread belief that a Blockchain is secure by design
Blockchain technology is built upon public-key cryptography and primitives such as digital signatures and hash functions, which may give a false impression of security. The fact that all cryptographic protocols have their limits and that holistic security includes not only technology but also people and processes is often overlooked in a Blockchain security analysis.
A risk-based approach to blockchain security ensures that security controls are selected in line with business needs and business use cases. The approach can be summarized as:
- Understand the criticality of data and processes
- Create a threat model
- Select security controls to address the identified risks