On Tech, Business, Society.

Tag: security

Blockchain Security is Multi-Layered, Here are the 6 Most Important Levels

TheftPreventionIn light of the continued blockchain related security hacks (e.g. the DAO and Bitfinex, to just name two recently visible ones), a fundamental question is front and center: will we eventually take blockchain security for granted, just as we take bank grade security for granted? Or is it too early in the maturity cycle of blockchains to expect total security resiliency?

There is no reason why we shouldn’t expect blockchains to be as trusted as what is commonly referred as “bank grade security”, although we are not there yet, today.

I’m using the term “bank grade security” figuratively, but with an intent to denote the same expected outcomes from blockchain operations as we get from banks, pertaining to standards in security. Despite being themselves subjected to thefts as well, banks are still considered relatively secure, both physically and online. If a bank theft occurs, individual customers are almost never affected because it is common (and expected) for banks to bear the entire responsibility by insulating customers from these occasional losses. However, in the blockchain world, users are left holding the bag when there is a breach of any kind. On one side of the spectrum, you could say that this type of risk comes with the decentralization ethos, but on the other side, one would like to see higher standards of security assurance, so that users are not responsible for funds losses, especially if they didn’t have any influence on it.

For background, and as a refresher, banks have had a rich history of robberies starting with the 1800’s during the Wild West era in the US. These were the days of Butch Cassidy, Jesse James, Billy The Kid, the Dalton Gang and other famous thiefs who were outlaws. During these crazy times, bank robberies happened often. Fast forward about a hundred years later, modern days bank robberies continued to take place during the 20th century, although with less frequency. In fact, Wikipedia has a list of 33 countries boasting some of the most famous bank robberies worldwide, since the Great Depression of the 1930’s, including a few even in 2016! Our memory is still fresh with the recent Bangladesh Central Bank heist of 2016, a cyber attack whose objective targeted $1 billion. Overall, notwithstanding the surprising amount of ongoing banking theft activity, we have not closed banks, and banks continue to operate in spite of incurring these losses.

I offered this backdrop to encourage us to think about whether we should accept blockchain robberies as a fact of life, although each time one of these hacks happen, public confidence for the blockchain is lowered. Perhaps it is too early to be so accepting during these early days of this new era?

Why don’t we expect hosted cryptocurrency exchanges (or crypto-tech businesses) to treat their users the same way as banks do? And if so, could these exchanges withstand losses without folding?

Six Categories of Security Layers

We should think of the various levels of blockchain security. All these layers should work together in order to deliver the highest possible security. The outcome will result in more public confidence, at similar levels as bank grade security.

Blockchain Security Levels

1. Transaction Level

That is the minimum required level for a bona fide blockchain. A well functioning blockchain needs to validate transactions with certainty and predictability at the end of the consensus cycle. This is where the consensus method does its job of confirming the transaction finality. We have gotten pretty good at this level, but it’s in the remaining areas where more work is required.

2. Account Level

There are two parts to this. A user account could be self-managed via a private wallet, or it could be a hosted account at an exchange. The Bitfinex hack was an example of a hosted account hack, happened because accounts were compromised on the exchange. And on the private wallets side, the DAO replay attacks touched some DAO private wallets. This is the area where you “clients” are also vulnerable to Internet style DoS or phishing attacks. Self-managed wallets are not for the faint of heart, nor for the novice user, despite a plurality of Do’s and Don’ts that security experts will dispense. In order to deliver cryptocurrency to the masses, hosted exchanges and wallets providers have an important role to play, so they need to become really good at it. The analogy is Facebook. Facebook is not the Web. It is a walled garden, but it works well and it is arguably more secure than the Web at large.

3. Programming Level

This is where smart contracts or scripts could be compromised, and the DAO case was a perfect example in that category. Smart contracts could have vulnerabilities that can be exploited, resulting in a drainage or disappearance of funds. Vitalik Buterin provided an excellent explanation and classification of the known smart contract security categories, and this is an area where there is wide agreement that improvements are needed.The blockchain allowed us to program money, and we need to be careful in doing it.

4. Distributed Organizations Level

Think DAO here again, not at the smart contract level, but rather at the operational and organization level, and how a spaghetti topology of smart contracts labelled as “law” could become a house of cards for a Distributed Organization that wants to be autonomous.  Autonomy has its risks, but first and foremost, the organization itself must be tested and it must be sound before it gets a chance to run autonomously. The DAO tried too hard and relied only on technical curators who gave it a passing grade, but didn’t have organizational experts that could have pointed fundamental flaws in linking the operations of a company to blockchain contracts.

5. Network Level

A blockchain is a peer-to-peer network, physically and virtually. That network is where the consensus methods run, and this is the area where you hear of the 51% attack vulnerabilities, i.e. when theoretically, an attacker can spend enough money and hash power to “hijack” the transaction validation process in their favor. This category of security will concern itself with the soundness of the actual algorithms, protocols, incentives and consensus economics (whether mining or transaction costs related). In my opinion, the specter of “51% attacks” shouldn’t even be in our vocabulary. Imagine if a bank advertised the percentage likelihood of them being robbed as part of their marketing material.

6. Governance Level

I’m going on a limb in differentiating governance level security from the network level security because I’m referring here to the application side of decentralized consensus. This is an embryonic area, and we have only seen rare cases of decentralized governance. The ones we don’t hear about may be failing in obscurity, and we can’t easily extract their lessons, but the two most publicized cases are Bitcoin (block size) and Ethereum (hard fork) governance. Strategic decisions taken in the name of decentralized governance affect the long term security of a blockchain. We are still learning by trial and error as we figure out the best practices of decentralized governance. On one hand, Bitcoin could be criticized for being too rigid on governance related changes, whereas Ethereum could be perceived to have been a little too lax with their recent hard fork decision process. Maybe one day, the pendulum will swing to the middle.

We often hear of Network security and Account security because they are the most visible, but any player in the blockchain space who is developing an application, running a business or providing a service must be thinking of the variety of security layers as part of good security hygiene.

Today, blockchain related robberies are more of the “cybercrime” flavor variety, because there is no physical entry into a bank or vault. It’s the hacking itself that makes these incidents possible. Crime, cybercrime, robbery, theft and hacks will continue to occur, regardless of the efforts, measures and practices of the criminal justice system. Therefore, the technology itself must do its part in being as good and as predictable as bank grade security.

Eventually, the frequency of blockchain security vulnerabilities should be a thing of the past, because security is an essential condition if blockchains want to become big. We had to solve the Internet security issues early (whether perceived or real), and I still recall the days when the Internet wasn’t deemed to be secure enough for many organizations, and when entering your credit card online was done “at your own risk” (1994-1997 period).

We need to elevate the security standards- technical, operational, and legal to pave the way for the blockchain market to proceed and grow.

This is about a new “infrastructure of value”. Value movements should be done with certainty.


Blockchains and Security: Creating New Problems or Solving Existing Ones?

On Nov 11th, I made a presentation at the Georgian Partners annual portfolio conference in Toronto on the subject of the Blockchain and security. “Security first” was one of their themes, and it was fitting to incorporate the blockchain’s evolution into that topic.

The main question I teased the audience with is: Does the blockchain solve some of the current security issues we have, or does it create new security challenges?

The short answer to both questions is Yes.

William Mougayar – Security with the Blockchain from Georgian Partners on Vimeo.

The current security and privacy breaches we have seen within large/central corporations (e.g. Target, Sony, Blue Cross, Ashley Madison) are leading us to wonder if the web is really secure anymore? It is obvious that some potential problems are emerging within big databases, where the privacy of customer information and transaction history can be compromised, as companies struggle to get a handle on bigger sets of data under their custody. This has implications on the security of applications data and online identities.

Enter the blockchain and decentralized applications based on it. Their advent brings potential solutions to data security because security via cryptographically secured encryption is a standard part of blockchain applications, especially pertaining to the data parts. By default, everything is encrypted. In addition, by virtue of decentralizing the information architecture elements, each user owns their data, and central repositories aren’t as vulnerable anymore because they might be just encrypted hashes and pointers to distributed storage that is spread across the web. At least, that’s the theory behind this vision, and work is being done to bring it to reality.

But blockchains aren’t perfect. They also introduce security challenges due to their inherent designs relating to 3 areas:

  • Consensus engines on blockchains
  • Decentralization of computing architectures
  • Peer-to-peer clients
  Consensus is public blockchains is done publicly, and is theoretically subject to the proverbial Sybil attacks (although it hasn’t happened yet). The trend for decentralized computing architectures requires a new mindset for planning and writing applications that is different than the traditional web architectures. And finally, each time you download a software client that sits on your PC or smartphone and it “listens” to the network, you are potentially opening security risks, unless it’s well implemented, of course. Side point: we need to be aware that IoT connected devices also are subject to potential security breaches; in essence the vulnerabilities are being pushed from the centers to the edges. But let’s not digress on IoT.

Luckily, some solutions are in the works, such as private blockchains, zero-knowledge proofs and ring signatures.

The other piece of good news is we don’t need to re-invent decentralized security, decentralized data and how to write decentralized applications because there are new platforms that provide these basic buildings blocks as part of their core offerings. The novelty now is that the blockchain ledger is a shared resource for your app, and you run business logic (smart contracts) on a virtual network of computers.

Here are some examples (that I mentioned in the presentation) of these emerging platforms; each having elements of decentralized security, secure multi-party computation, sharing without revealing distributed data ownership or user ownership of their own data.

Implications for the future are:

  1. Secure data in applications
  2. Decentralize user data to protect it
  3. Learn Blockchains and Decentralization technologies
  4. Write smart contracts on new / thin cloud architectures (no servers)
  5. Rethink identity ownerships for your customers
  In a nutshell, security and privacy need to be part of the initial design, not as an afterthought. Here are the slides: http://www.slideshare.net/wmougayar/redefining-security-with-the-blockchain-by-william-mougayar

And there’s a podcast bonus item. Prior to the event, Jon Prial taped a 15 minutes segment with me, discussing the blockchain in more general terms, and this is where I likened the blockchain to a dial tone for trust-based services.


Powered by WordPress & Theme by Anders Norén