To some degree or another, you've most likely heard of the term “Blockchain", most likely due to its association with the king of virtual currency, Bitcoin.
It is however a bit more complex than what most people think, and even though it is a relatively secure technology to use, it still possesses some security issues. We will explore both of these in this article.
What is Blockchain?
At its most fundamental level, the Blockchain can be technically defined as follows:
“It is a shared, immutable ledger that facilitates the process of recording transactions and tracking assets in a business network. An asset can be tangible (a house, car, cash, land) or intangible (intellectual property, patents, copyrights, branding). Virtually anything of value can be tracked and traded on a blockchain network, reducing risk and cutting costs for all involved.”
IBM
In other words, the Blockchain is a super sophisticated method of keeping track of the changes or enhancements that have been to a digital media asset, as described in the above definition. It uses the tools of encryption to keep a solid lock on it, and all parties involved can see these revisions that are being made to it.
But what is unique about the Blockchain is that once a change or revision has been made, one cannot go back in time to alter it. It is also viewed as a “Digital Technology Ledger,” in the sense that all transactions are recorded only once.
Blockchain Example
Imagine you work in the finance department of ABC Corporation and are working on an important financial spreadsheet that needs to be accessed by your co-workers and upper management. When creating this document, it will go through a series of edits and revisions by this group of people before it is finally approved.
But you need to keep a lock on these different versions in order to prevent any unintentional or intentional modifications/alterations from being made to it by unauthorized people. In other words, you are creating a version history of your financial spreadsheet that is secure but will also be accessed by a much larger audience.
For example, suppose that Version 1 of this document has been created, and it has been through its first round of edits and revisions. It will now be locked and made more secure by adding an extra piece of code to it which is called the “Block”. This is essentially a Private Key. In other words, this first version of the financial spreadsheet becomes undecipherable unless the appropriate party (such as your co-workers or upper management) possesses this key.
Now, let us assume that over a few days, there has been further discussion about Version 1 of your financial spreadsheet and that the appropriate parties are now ready to make new changes and revisions.
With the Private Key that they have been assigned, they will be able to unlock Version 1 and add in these changes and revisions.
This updated document will now become Version 2. It will be locked and made secure by adding a new Block to it (which will be essentially a new Private Key and be different from the one previously assigned).
This same process as just described will keep continuing until the final version of your financial spreadsheet has been approved. In other words, Version 3, Version 4, etc. will be locked down and secured by adding new Blocks to them (once again, these will be newer Private Keys, different than the ones that were assigned to Version 1 and Version 2).
The Blocks that have been assigned to all versions of your document now form a chain that is all interconnected together which becomes known as the “Blockchain”. It is important to keep in mind that although the above example details the mechanics of how a Blockchain works in general, each Blockchain is application-specific, and therefore, will have some varying differences in how it works. Examples of this include the following:
- The protection and sharing of medical patient PII datasets;
- Keeping track of IoT devices;
- IAM scenarios;
- Tracking and curbing counterfeit currencies;
- The monitoring of the Supply Chain and other Logistics channels;
- Ensuring election and voter security;
- The transaction of real estate deals.
The Security Issues With The Blockchain
Although the Blockchain is deemed to be very secure, just like any other technology, it too suffers from several weaknesses that can be further exploited by a cyber attacker. Some of these include:
1. The Endpoints:
For a long time, securing the Endpoints of a network communications line (namely the points of origination and destination) has long been ignored by many businesses. This is also true of the Blockchain. To alleviate this situation, many entities have adopted the use of various third-party platforms, such as payment processors and other types of Blockchain platforms. The issue here is that these party apps have their own set of security weaknesses that have not been remediated, thus compounding the weaknesses of Endpoint security even more.
2. The lack of standardization:
Presently, there is no central regulatory body that is tasked with overseeing the security and compliance of the Blockchain. Because of this, people can adapt their own processes, without best practices or standards being strictly enforced.
3. Scalability:
Because of its predominant use with virtual currencies, it is highly expected that the growth of the Blockchain will continue exponentially. As a result, there is a strong fear that the current infrastructure that is used to support the Blockchain will not be able to scale up as quickly. This will result in newer forms of Blockchain technologies that will remain untested, thus leaving many backdoors for a cyber attach to penetrate and further exploit.
4. It is being used quickly for other applications:
Because of the advantages that Bitcoin brings, many other industries are also trying to adopt it in order to streamline their operations. However, as new applications emerge at a fast clip, this will leave for a far greater possibility that a newer set of gaps and vulnerabilities will emerge, that will not be able to be remediated quickly.
5. Insecure source code:
Blockchains are also used to create what is known as “Smart Contracts”. But the source code that is used to create them often goes untested, leaving them extremely vulnerable to malicious payloads being inserted into them. In fact, this has even resulted in a loss of $24 million in the Blockchain industry because of this Cyber issue.
6. The impacts of Social Engineering:
Despite the sophisticated nature of the Blockchain, it too is prone to one of the most traditional threat variants, primarily those of Phishing and Social Engineering. For example, any member of a project team could be conned over a period of time into giving up the Private Keys to a malicious third party.
7. Routing Attacks:
Although each block in the Blockchain is reasonably secure with its own Private Key, it is the connections in between that are still weak. This goes back once again to the issue of Endpoint security. Because of this, a cyber attacker could theoretically intercept the information and data that is being transmitted between each Block.
Even though it will still be rendered in an undecipherable state, if the cyber attacker can somehow get a hold of or break the Private key (such as through a Phishing attack), these datasets can then be transformed back into a decipherable format.
Once again, these Cybersecurity weaknesses are general in nature, and each Blockchain application (as reviewed earlier) will have its own unique set of challenges.
Conclusion on blockchain security
This article was aimed at providing a digestible overview of how and what Blockchain is used for, and the security issues associated with it. As this technology continues to be utilized and grow, it will be critical for organizations to consider these security issues as they aim to demonstrate why is cybersecurity important to their stakeholders.
In our follow-up article, we examine the most famous application of the Blockchain – Bitcoin, and with it, its own set of security issues, namely Cryptojacking.