A weak link: Is blockchain as secure as we think it is?

null

Said to be the securest transaction system in the world, blockchain has made waves by transforming how we think about the financial industry. Yet recent criticism suggests that it isn’t as safe as we believed it was.

Below, we’ll discuss more about what makes blockchain technology so secure in the first place, where its weaknesses lie, and what you should take into consideration when thinking of employing blockchain technology.

What is blockchain, and how does it work?

Simply, blockchain is a digital ledger that uses cryptographic blocks to record and store data about transactions that have occurred using its system.

Commonly associated with cryptocurrencies such as Bitcoin, Ethereum, and others, it is not only a platform for digital money transactions. The technology has also been used for automating smart contracts, medical record and other data storage, humanitarian aid, and reduction of corruption in elections.

In general, the technology behind blockchain is considered more than complicated. But what else could be expected from something that has been revolutionising the world? Let’s break down the chain and explain what exactly makes blockchain secure.

Why is blockchain considered so safe?

The simplest way to explain blockchain is as a series of data blocks, each containing a unique hash number and a link to the previous block. Each block forms a vital part of the record sequence and cannot be changed, as the hash sum would change in this case showing that the altered block isn’t valid anymore. This immutability is the cornerstone of blockchain’s security together with three aspects that we’ll explore below.

- Cryptography.

Blockchain transactions are also secured by cryptography. Each transaction is signed with a private key and then can be further verified with a public key. If transaction data changes, the signature becomes invalid. As a result, the block is ignored and won't make it to the chain.

- Decentralisation.

Most blockchain networks are decentralised and distributed. A system without a single point of failure is much harder to corrupt, as a hack into one part of this system will not affect others.

However, this advantage is partially lost in the case of private blockchains. They have a limited number of nodes and a single point of control that restricts who can make changes to the ledger. Also called centralised (although that might sound like an oxymoron), these blockchains are the kind that corporations employ for internal use. It makes sense because it gives the company more control over its processes, but the price to pay is losing one of the major security advantages of blockchain—the absence of a single point of failure.

- Consensus.

Each blockchain works through a consensus model that verifies that a transaction has happened and is legitimate. Common consensus protocols include proof-of-work, proof-of-stake, proof of authority, and more.

The general rule that applies to ensure immutability through consensus is called the longest chain rule. It dictates that wherever two conflicting versions of the same block appear, the one that is followed by the longest chain of blocks is considered the genuine one, while all its forks, if any, are abandoned. Without going into too much detail, the longest chain is usually the one supported by the majority of blockchain peers, so the only way to hack consensus protocols is to imitate this majority through a 51 per cent attack.

While in itself blockchain technology is said to be a pretty secure system, there are several elements of weakness both in and around the system that can present vulnerabilities.

Knowing the chain weaknesses can help avoid any nasty surprises when deciding to use the system or thinking about developing solutions for your own business.

- Cheating the system

No system is perfect, and each has its nuances and kinks that need to be worked out. In the blockchain, hackers can take advantage of these in a number of ways.

For example, hackers can trick the nodes in waste time by having miners solve already solved crypto puzzles in the ‘selfish miner’ technique. Another technique is an ‘eclipse attack’ wherein hackers aim to take as many nodes offline as possible to impede the blockchain’s necessary communication structure.

Other types of identified attacks include a Sybil attack, Routing attack, and Denial of Service attacks; hackers are nothing if not creative. Finding and exposing such hacks is now a multimillion-dollar industry.

- External influences

While faults within the blockchain present vulnerabilities, perhaps the weakest link in the chain is its interactions with other systems. Famous cryptocurrency exchange hacks have hit the headlines more than once, with Mt. Gox proving one of the biggest at $460 million (2014 value) in Bitcoin lost in the heist.

-Other vulnerabilities

Blockchain security can be also compromised by security issues with third-party digital wallets and key storage systems that steal personal data and digital signatures, or the programs that are used as real-world touchpoints in initiating smart contracts.

Remember also about the problem brought by centralisation. If a blockchain has a single node responsible for the entire network, the consequences can be catastrophic. Apart from the possibility of being hacked, it introduces the “bus problem” at its hardest. That means, if one person is the sole owner of the highest-level access rights, with their death all data stored in the blockchain becomes totally unavailable.

What can you do to make the blockchain more secure?

No matter how securely a system is designed, it may still have inherent flaws. The trick to improving security is minimising these risks so that they become almost insignificant.

Here are some steps you can take when creating your own blockchain or employing a currently-recognised system in your business to make it safer.

- Security from the get-go—Make sure you consider security your priority. It doesn’t matter how impressive your system is if it doesn’t do the job. This means putting security and data protection first—keep data encrypted, even from employees, avoid lucrative offers of data sales, and hire top security specialists to set your chain off on the right track.

- Bring in the professionals—Blockchain is a specialised technology, so it pays off, in the long run, to make sure that the system your using is done right. Blockchain consulting professionals can advise you on the steps to take to implement successful blockchain tech and the security areas that could affect you most.

Ivan Kot, Senior Manager, Itransition
Image Credit: Zapp2Photo / Shutterstock