Ortelius Blog

Topics include Supply Chain Security, Vulnerability Management, Neat Tricks, and Contributor insights.

Is Blockchain Safe?

What is Blockchain?

Without getting into details of security, let’s spend a few minutes getting to know blockchain better. You might already know what blockchain is, but most of the time we see people using “cryptocurrency” and “blockchain” interchangeably. It is not their fault. Cryptocurrencies have been so much glamourized that we don’t see the difference between crypto and blockchain anymore. It has been found that the proportion of scientific papers about Bitcoin to the papers about other blockchain application possibilities is around 4:1. Bitcoin grew more than 60,000 times since it appeared, and it is one of the main reasons for blockchain’s current popularity.

Blockchain is the technology behind these cryptocurrencies, but the application is not limited to just digital currencies. As the name suggests, blockchain consists of blocks that are added one after the other. The data is not centralized and there is no central authority. The blockchain is like an implementation of distributed database, where each block of data has a transaction and the hash pointer for the next block. These hashes are generated by algorithms which is why you cannot insert a block in between or delete it because in that case, the hashes will not match.

In this blog, we are going to cover how blockchain as a technology works. We will look at the most important features of this technology and security challenges. The idea is to provide the reader with enough details so that they can decide for themselves if blockchain is safe or not.

Features of Blockchain

We cannot comment on the security of any technology without understanding its details. So, let us unwrap different layers of this technology and understand the advantages and security concerns that they bring. Blockchain works on three fundamental principles: -

Distributed Network - The data in the blockchain is stored in a distributed ledger (distributed data structure) which uses TCP/IP protocol for communicating between its P2P network members. The changes made to this network are immutable and hence cannot be deleted or updated after creation. Some researchers feel there is much work that needs to be done to standardize the definition for these, however Hileman & Rauchs offer a definition. In their research, they describe blockchain as a distributed ledger similar in type to a distributed database that can have different users (nodes), and blockchain, in turn, is a type of distributed ledger, which is created like a chain of cryptographically linked ‘blocks’ with transactions and is sending all data to all nodes in its network.

Cryptography – Blockchain provides secure and tamper-proof record-keeping of digital transactions. It forms a strong security foundation in transactions. The unique cryptographic hashes are generated to identify each recorded transaction which uses secure algorithms. On the other hand, Digital signatures are used to verify the authenticity of transactions on the blockchain. They are created using a private key and can only be verified by using the corresponding public key. The private keys are often encrypted with the AES algorithm to prevent unauthorized access, and data may be encrypted to ensure confidentiality.

Consensus – This is the blockchain process of validating the transaction before creating it. Cryptography is used in consensus. This avoids any unauthorized members from participating in transactions. A consensus mechanism can be fully automated or might also require some manual intervention. This acts like a watch guard for your transactions before actual updates occur.

Security Threats in Blockchain

Although we are talking about security using cryptography, one should ask “are these algorithms safe?” With advancements in technology and more work around quantum computing, there is speculation that these algorithms can be deciphered within seconds. Also, any vulnerability or backdoor found in any of these algorithms will have a direct impact; just like in the case of the SHA-1 hashing algorithm.

Blockchain is most popular in the banking and financial sector. This may be due to the popularity of Bitcoin and other cryptocurrencies that gained a lot traction after 2016. There are other sectors who would like to use blockchain, mainly as a global software execution platform for smart contracts. But with some concrete use cases in other sectors like healthcare, IOT, Real-Estate, and government systems, blockchain has proved its value.

Since the range of usage has broaden, we will see mixed concerns about the product as well. For some data, privacy, and authenticity would matter most. Blockchain would be introducing transparency in their system with blockchain security. The difference between one product to other can be as big as architectural design or might be just a change in algorithms for cryptography. The validation of the block creation also varies depending on the use case.

Conclusion:

Currently, we see the usage of blockchain in almost all domains. A few of the popular ones have been captured by Kaspars Zīle and Renāte Strazdiņa in their white paper “Blockchain Use Cases and Their Feasibility”. Even though the blockchain has a strong security foundation with data encryption, cryptography, and consensus, the safety of using blockchain purely depends on how it has been implemented. The application of blockchain could be a little challenging when you use it without considering all its features. If you don’t want an immutable transaction or don’t know how to manage decentralized data, adding security layers to your system might be difficult and hence making it vulnerable.

There are several technical aspects like the integrity of network participants, consensus mechanism, preserving the confidentiality of users, and safety of the used encryption algorithms, which will determine the safety of the System. Blockchain needs standardization of processes. Whatever blockchain you use, its various components should be continuously maintained to avoid any backdoor into the system due to a vulnerability. In conclusion, the blockchain is safe unless we do not detect a flaw in any of its components. And that can be said for all of the open-source packages added to your software.

References:

Blockchain Use Cases and Their Feasibility
Untangling Blockchain: A Data Processing View of Blockchain Systems

About Utkarsh Sharma

Utkarsh is one of the main contributors to Ortelius, and is one of the lead developers of the Ortelius XRP Ledger for storing immutable SBOM data. Utkarsh is a natural leader, and often mentors new Ortelius contributors along their open-source journey.

Utkarsh is a passionate and self-driven IT professional with 3+ years of diverse experience in Product Development in Microservice architecture, Azure Cloud. He has expertise in Agile methodology and DevOps tools. Utkarsh focuses on developing solutions that are flexible to change, abstracted, and robust.

Learn more about Utkarsh from his LinkedIn Profile