Blockchain Security: The Reality
“Nick, come on! An incorruptible peer-to-peer network? That’s impossible! Where’s the flaw? What’s a Blockchain’s Achilles’? It’s got to have one! Every system has one!” These are the types of questions and affirmations friends, colleagues and professionals often times share with me, since I’ve started blogging about Blockchain. And, at the moment, my answer is always the same. “It’s neither black or white. Having said that, there are core aspects of Blockchain as a technology that makes it much more robust to data breach and attacks than centralized systems like the cloud. So, let’s take a look, shall we?
Blockchain = A Chain of Blocks
I concede you mustn’t be too impressed with the title I found for this section. And if you’re a linguistic purist, you may still be wondering why it’s called “Blockchain” and not “Blockschain,” but I won’t interfere with your reaching your own conclusion. Yes, a Blockchain is a chain of blocks, which explains in parts why it is in itself extremely precarious to compromise.
Each block stores the records that pertain to a transaction. And since it’s a chain, each block is connected to the other blocks whether they are before or after it. To compromise one single record is one thing, however to avoid detection, a hacker would have to compromise the same record in all the other blocks, which makes this task quite challenging, if not simply impossible. Why impossible? This is not really about the technical infeasibility of the project. Instead, it’s all about the arbitrage between the investment and the potential reward. A Blockchain network is (1) decentralized, (2) distributed across the entire network, and (3) continually self-auditing, which means that the whole network systematically updates and synchronizes itself. To validate one block (“mining”) requires heavy computer power (thousands of high performance machines) which in turn consumes a lot of energy. To tamper one block would require similar hardware. Hardware and electricity carry a cost. This is far cry from the public perception of a hacker sitting at a desk inside a dark bedroom trying to break into a centralized structure with his laptop. So, imagine for a second what tampering a second block would necessitate, and so on.
Furthermore, all the blocks that store all the records are linked and secured using cryptography. Each block contains a cryptographic hash (in other words, a mathematical algorithm that’s designed to be a one-way function, or a function which is infeasible to invert) of the previous block, a timestamp (process of securely keeping track of the creation and modification time of a document) and a transaction data. If a block is compromised, the time stamp becomes null and void and the network can instantly identify that something has occurred, therefore preventing further damages.
Now, if we think linearly, can we stipulate that a small Blockchain network would be less difficult to attack than a larger one? Given what we know now, a large-scale Blockchain would be indeed extremely precarious to compromise, however that doesn’t make the smaller network vulnerable.
Public Blockchain vs. Private Blockchain: Security Gap?
The discussion revolves around environment, mining and consensus.
A public Blockchain is accessible by the public, without limitation. It is indeed designed to be accessible by any individual who owns a computer and has an Internet connection. Transactions are validated through the Internet, and anyone who is part of the network can access the information stored inside the blocks. A private (or permissioned) Blockchain is a network where solely authorized peers are permitted to join. Therefore, the information stored inside the blocks can only be accessed by a limited number of participants. Thus, a private Blockchain network utilizes identity to verify participants’ membership and privileges. All participants know who the other peers are. Having said that, there are security risks inherent to both types of Blockchain networks.
3 Public Blockchain Security Risks:
Speculation around highly volatile cryptocurrencies has motivated hackers to compromise networks. Given the significant resources needed, dictatorships and secret service agencies have been singled out. The former to bypass embargo-induced financial hardship, the latter to finance clandestine actions.
Individuals who own cryptocurrencies like Bitcoins store their crypto inside a “wallet.” This is naturally not your French-made leather wallet with a monogram. Digital wallets store private and public keys. Private keys are like a PIN number to access a bank account, while public keys are similar to a bank account number. Imagine you want to transfer the ownership of your Bitcoins to me. For me to be able to spend the newly-transferred Bitcoins, my private key must match the public address where you sent the Bitcoins. The problem is that most crypto owners store their private keys in Internet-based, and therefore hack-prone, wallets. And if anyone else gets a hold of your private key, they’ll have control over your cryptocurrencies.
If a block is compromised because a hacker has altered a timestamp resulting in the introduction of a new transaction, the mining process may not only try to validate the erroneous information but also try to reconcile the glitch resulting in the discrepancy with the other blocks. Therefore, the mining process may require twice the resources usually needed to validate a transaction, consequently affecting the overall performance of the public Blockchain network.
2 Private Blockchain Security Risk:
The threat comes from the inside. Since there is no anonymity on a private Blockchain network, the corrupted node is instantly associated to a known participant.
If a node goes offline, the entire network must be able to continue functioning without it and be ready to quickly bring the node back online.
Blockchain Security: Thumb Up or Thumb Down?
Very much so like with life, we don’t know what can happen until it does happen. Then it’s all about reactivity. Today, we know that a decentralized network like Blockchain is safer than a centralized infrastructure. However, safer doesn’t mean incorruptible. This blog post listed the security risks that are a reality today. Also, it’s accurate to say that public Blockchain networks are definitely more vulnerable than their permissioned counterparts for two main reasons: Internet-based operations and the law of large numbers. Having said that, hackers today always are one step ahead when their targets are centralized infrastructures like the cloud. And they are certainly one step behind when their aim is a Blockchain network. For how long though?