It all started with the Peer-to-Peer Electronic Cash System" by Satoshi Nakamoto in 2008, it started with the word Bitcoin in his paper Titled “Bitcoin”.
Do you know most of the blockchain-inspired projects are just distributed ledger systems but not all of them are not blockchains truly by nature?
Like the cloud offering, most of the Blockchain solutions can be categorized into private, public(open r/w access to the database, identity is pseudonymous) ) & hybrid. Usually, public solutions like Bitcoins run permission-less mode, so the public user is free to mine to become a miner.
Two important Security Principles that Blockchain offers as a solution.
Data Authentication & its verification backed with PKI ( Nonrepudiation, Integrity & Confidentiality )
Smart Asset Management.
Originally bitcoin crypto-currency used Proof of work as its consensus mechanism.
Some of the most popular Blockchain frameworks are listed below.
Hyperledger (Burrow, Fabric, Indy, Iroha & Sawtooth)
Multichain
Ethereum (custom-built, runs smart contracts)
Quorum
Stellar.
A note of caution, do not get too excited about bitcoins or the illegal trading options, read through by clicking on the link below the story of Ulbricht, founder of Silk Roads.
Security Control requirement for Blockchain.
C.1 Primarily to be focussed on Blockchain Permissions.
ü Consensus Mechanism used. Consensus algorithms are the heart of blockchains enabling network participants to agree on the contents of a blockchain in a distributed fashion.
The first consensus algorithm to work was Bitcoin’s Proof of Work (PoW) – SHA256 based.
Considerations for proof-of-work based blockchain instances
Blockchain Security Program Plan.
A responsible resource to Lead, appoint a Senior blockchain security officer.
Blockchain security resources & Security workforce - ensures that blockchain security resources are available for expenditure as planned.
Continuous Risk assessment Process – Leading to Plan of Action & Remediation process.
Master Inventory of Information system.
Security Measures to meet Performance values set without compromise on Security – Monitor & report function.
Up-to-date Architecture & Critical Infrastructure plan - Availability of key resources.
Risk Management strategies in use.
Testing, Training & Monitoring.
C.2 Blockchain Access Control
Blockchain Access Control Policy and Procedures
Blockchain Account Management
Blockchain Access Enforcement
Identification & Authentication
Least privilege enforcement
Information Flow Enforcement
Remote access policy
Access control for mobile devices
Use of external information systems
C.3 Awareness & Training
C.4 Audit and Accountability
C.5 Security assessment and authorization
C.6 Contingency planning
C.7 Incident response Plan
C.8 System Maintenance C.9 Physical and environmental protection
C.10 Risk assessment process
C.11 Blockchain Integrity policy & procedure - Flaw remediation, Malicious code protection, Security function verification.
D. Security Controls / Industry standards recommendation for components in
Blockchain ecosystem.
Recommended learning resources:
Vulnerability registry associated with Contracts
Bitcoin Brute Force tool for fun
Sample devastating vulnerability with” withdraw function”, recursive call of withdraw function lead to a drain of the whole contract.
Smart Contract Vulnerabilities – Whitepaper by Daniel Perez
References used in this blog article :
Thank you
Comments