Achieving Security In Blockchain Part One: Outlining The Problem

PUBLISHED ON
Apr 19, 2024
WRITTEN BY
Sarah Imran
DURATION
5 min
CATEGORY
DeFi, insights
Gaming
Wallet
DeFi

Recently, there has been a clear surge in the contribution towards a decentralized form of the internet known as Web3. This has resulted in the popularization of blockchain technology and its many use cases. Blockchain-based systems are expected to be the driving force of this new era of the internet, due to the advantages they provide in terms of anonymity, trust management, and security.

However, despite its many benefits, it is imperative to note that this technology does not come with foolproof systems in place for cybersecurity; rather, this is an area that requires continual understanding by those working in the space. In an effort to contribute to this crucial cause, we have decided to launch a two-part series discussing both the problems of cybersecurity in blockchain systems as well as their possible solutions. Through this, we hope to educate cybersecurity engineers and other security professionals about the most principal problem areas, so they may use their knowledge to further improve these systems in the future.

Undoubtedly, the first step to achieving truly secure systems is to identify where the problem lies. This publication will attempt to achieve exactly this- pinpointing existing holes or gaps that can create the most risk for future users.

Importance Of Securing The Blockchain

A major pillar of blockchain technology is transparency. This means that any system built on blockchain is by definition public- a fact that introduces an entirely new set of vulnerabilities and threats. As a result, cleverly orchestrated hacks on blockchain solutions are not an uncommon feat. Even the biggest names in the field continue to suffer from attacks, resulting in losses equating to millions of dollars. 

According to blockchain analytics firm Chainalysis, cryptocurrency-based crime hit a new all-time high in 2021, totaling $14 billion worth of illicit money over the year. If the adoption of blockchain technology increases in the coming years (as it is expected to with the advent of Web3), the opportunities for such crime may also increase. This makes the importance of securing blockchain even more significant.

Source: Crypto Crime Report 2022 by Chainalysis

Key Rudimentary Concepts

Before we dive into analyzing the most pressing security problems in blockchain today, it is important to have a substantial understanding of the security domain in general. Below are some basic preliminary concepts that play a major role in discussion related to security in blockchain-based systems.

The 5 Security Dimensions With Reference To Blockchain

Any discussion on security is incomplete without the understanding of the five pillars that are said to build up this field’s foundation.

These dimensions are stated to be confidentiality, integrity, availability, authenticity, and non-repudiation. Let us discuss each of them separately.

Confidentiality

The first dimension is confidentiality. This means that any information which is being exchanged or stored within a system is safe from unauthorized individuals, groups, or organizations. In other words, only those who are authorized to view that information have access to it. In blockchain-based systems, this is typically achieved with the help of asymmetric cryptography and key management techniques.

Integrity

If the first dimension was concerned with the privacy of data, the second has more to do with its overall accuracy. This involves making sure that an information system is not tampered with by any unauthorized entities, as this may result in the altering or destroying of data. In the blockchain, stored data is immutable and permanent. As this means that once data is added to the chain it cannot be modified or deleted by anyone, it is said to meet integrity requirements. However, this does not ensure that the entered data on-chain is accurate by design, and is an area that requires key focus by cybersecurity engineers in building future blockchain-based systems.

Availability

This dimension refers to the easy access of data for authorized users. This means that regardless of any mitigating external conditions, all information and resources should remain robust and fully functional at all times. Though this is commonly upheld in most on-chain solutions in the blockchain, off-chain solutions have been said to struggle with this. The off-chain availability problem has been cited as a current major challenge, particularly in state channel applications.

Authenticity

The fourth dimension is designed to prevent the impersonation of authorized users by putting in place certain security measures which verify users’ identity. In general applications, this includes the use of fields like usernames, passwords, emails, and biometrics. This security measure also takes into account the validity of transactions and messages. Blockchain-based systems design emphasizes anonymity, complicating the authentication process beyond simple email and biometric collection. Instead, cryptographic keys perform this role, using a data string to identify users and grant access to their accounts or wallets.

Non-repudiation

The fifth and final dimension, known as non-repudiation, involves substantial proof that data was sent, accessed, and received by users, preventing any party from denying this claim’s validity. In the blockchain, digital signatures typically implement this, unlocking transactions for authenticated users. By this property, any user that has signed some information or transaction cannot at a later time deny having done so.

Relationship Between Cybersecurity and Blockchain Security

As discussed in the section above, parts of blockchain’s fundamental features indeed guarantee the five dimensions of security to some extent. Elements of the basic design of this technology such as cryptography, hashing algorithms, and digital signatures reiterate the fact that it was built with a focus on security in mind.

However, this does not mean that there is no room for improvement. Businesses employing blockchains, like other systems, must adopt cybersecurity measures and standards to defend themselves from external threats.

Cillian Leonowicz, Senior Manager at Deloitte Ireland further stresses the importance of this, stating that, “blockchain’s characteristics do not provide an impenetrable panacea to all cyber ills, to think the same would be naïve at best. Instead, as with other technologies, blockchain implementations and rollouts must include typical system and network cybersecurity controls, due diligence, practice, and procedures”.

Discussions also extensively cover the converse relationship, where blockchain is seen as a potential force in strengthening existing platforms’ cybersecurity. Proposed ideas involve secure private messaging, a decentralized DNS, and blockchain use for securing IoT devices, though current implementations of these use cases are minimal.

The Blockchain Trilemma

The blockchain trilemma is a concept coined by Vitalik Buterin, one of the founders of Ethereum. It refers to a 3-way tradeoff between decentralization, scalability, and security that developers working in blockchain technology experience. Below are the concepts explained individually:

Blockchain Trilemma

Decentralization: creating a blockchain system that does not rely on a singular point of control.

Scalability: the ability of a blockchain system to handle an increasing amount of transactions.

Security: the ability of a blockchain system to defend itself from malicious attacks, bugs, and any other unforeseen issues.

Despite each being equally important, achieving all three within one system is extremely difficult. Some even go as far as to say that this trilemma is the result of an inherent flaw in the design of blockchain technology. Although this model cannot be considered fact, it contributes to the idea that blockchain technology lacks inherent superior safety mechanisms. Securing these systems might be more difficult and, therefore, more necessary than others.

The Most Pressing Security Problems in Blockchain

There are some features within blockchain-based systems that contribute to the most risk. Below are some of the key areas we have identified in our research.

The Absence Of Unlinkability

Anonymity is often quoted as being one of the key principles of blockchain technology, allowing any user to participate in the space without revealing their true identity. However, because the nature of blockchain is such that it is a public ledger, it can be very easy for anyone to formulate ideas about a particular user’s identity based on their transaction history. This failure to provide protection of unlinkability for users’ transactions is one of this field’s major problem areas, leading to a host of issues in terms of the security and privacy of users.

Bitquery Coinpath Archives

Source: Bitquery Coinpath Archives

The absence of unlinkability in blockchain can be further understood with the help of visualization tools. Blockchain data company Bitquery has created a set of blockchain money tracing APIs known as Coinpath, which can be used to display information about transactions such as the creation of clusters, transaction flows, the account balance of a specific wallet, as well as all the source and destination addresses that s