SlideShare a Scribd company logo

Understanding Blockchain Security

ITU, profile picture
ITU

The ITU workshop on blockchain security highlighted that the term 'blockchain' lacks a clear definition and cautioned against putting sensitive data into public blockchains due to potential long-term vulnerabilities. It proposed exploring standardization of deprecated cryptographic algorithms and authentication measures for interoperability, while also addressing weaknesses such as the irreversible nature of transactions and high costs for micropayments. Opportunities for improvement include initiatives focused on smart contracts and enhancing key attestation to reflect varying levels of assurance in blockchain transactions.

Technology
Related topics:
Blockchain Security
1 of 12
Downloaded 137 times
1
2
Most read
3
Most read
4
Most read
5
6
7
8
9
10
11
12
Understanding Blockchain Security
ITU Workshop on “Security Aspects of Blockchain” (Geneva, Switzerland, 21 March 2017) Understanding Blockchain Security Dr. Rolf Lindemann Nok Nok Labs, rolf@noknok.com Geneva, Switzerland, 21 March 2017
How does it work? Node 1 Who can write to? Each block contains hash of previous block What is the “previous” block? What is the “previous” block? Element to be “logged” including implicit “rules” encoded in it. The genesis Orphan blocks Orphan blocks Main chain Node 2 Node N How many nodes? Who can operate a node? Who can operate a node? Who can operate a node? What is the “previous” block? What input checks? Who can read?
Summary (1) • The term blockchain is not well defined today. • We have to be careful what to put into publicly readable blockchains. – Cryptographic algorithms get weaker over time, but the data remains in the blockchain. – Originally we thought that hashed passwords are secure, we shouldn’t repeat that mistake. – Analyzing “big data” sometimes can de-anonymize records. – People and systems fail, we need to make sure the impact of a failure remains acceptable (even from a privacy perspective). • Democracy is based on “one vote per head”. One vote per “computing power unit” is not the same as you can buy computing power with money. Rolf Lindemann, Nok Nok Labs
Summary (2) • Several enhancements of Bitcoin blockchains have been proposed. • Standardizing replacement of deprecated crypto algorithms should be investigated. • Standardizing authentication (for non-public blockchains) supports interoperability • Typically blockchain elements are signed. Sometimes it is helpful to require some “Level of Assurance” for related keys. Standardizing key attestation supports interoperability. Rolf Lindemann, Nok Nok Labs
Weaknesses • No transactions can be deleted-ever  Node data volume and required processing time for verifications always increases. This is already causing intense debates. Rolf Lindemann, Nok Nok Labs
Weaknesses • Cost per transaction is relatively high – too high fir micropayments Rolf Lindemann, Nok Nok Labs
Weaknesses • Equal Rights – Assume “Miners Club A“ owns 50% computing power of the Blockchain system. – Assume “Miners Club B” owns 30% computing power of the Blockchain systems. – Assume “Miners Club C” owns 10% computing power of the Blockchain system – Assume all those Miners Clubs decided following a “My Miners Club First” strategy, i.e. whenever some other miner has successfully added a new block N they start adding new blocks ignoring block N. Rolf Lindemann, Nok Nok Labs
Opportunities • Several initiatives (Otonomos, Mirror, Symbiont, Eris/monax.io, …) look into smart contracts. • Today the rules in Bitcoin and smart contracts cannot easily reflect the strength of a signature (of the block to be written to the blockchain). But we know that in today’s world the “Level of Assurance” plays an important role. • There is a potential of adding attestation (for signing keys) to blockchain. Rolf Lindemann, Nok Nok Labs
Opportunities Node 1 Require acceptable signature Potentially require valid authentication. The genesis Element to be logged (i.e. a bitcoin transaction In some environments you might require the signing key to be kept securely or to even involve user approval for signing. So we might want to standardize key attestation for such cases. Some environments prefer private blockchains (see Hyperledger Fabric, Symbiont, …). Standardizing authentication will help interoperability.
Attack Classes Remotely attacking central servers steal data for impersonation 1 Physically attacking user devices misuse them for impersonation 6 Physically attacking user devices steal data for impersonation 5 Remotely attacking lots of user devices steal data for impersonation Remotely attacking lots of user devices misuse them for impersonation Remotely attacking lots of user devices misuse authenticated sessions 2 3 4 Scalable attacks Physical attacks possible on lost or stolen devices (3% in the US in 2013)
12

More Related Content

PDF
Introduction to Blockchain and Smart Contracts
Saad Zaher
 
PDF
Blockchain Security and Privacy
Anil John
 
PPTX
Blockchain Security
Munawar Hussain
 
PPTX
What is the future of blockchain in cybersecurity
Blockchain Council
 
PPTX
Blockchain in cyber security
zaarahary
 
PDF
Blockchain Security Issues and Challenges
Merlec Mpyana
 
PDF
Blockchain Scalability - Architectures and Algorithms
Gokul Alex
 
PDF
blockchain technology -unit-3-notes.pdf for engineering students
imranakhtar83
 
Introduction to Blockchain and Smart Contracts
Saad Zaher
 
Blockchain Security and Privacy
Anil John
 
Blockchain Security
Munawar Hussain
 
What is the future of blockchain in cybersecurity
Blockchain Council
 
Blockchain in cyber security
zaarahary
 
Blockchain Security Issues and Challenges
Merlec Mpyana
 
Blockchain Scalability - Architectures and Algorithms
Gokul Alex
 
blockchain technology -unit-3-notes.pdf for engineering students
imranakhtar83
 

What's hot (20)

PPTX
Introduction to Blockchain
AIMDek Technologies
 
PDF
An Introduction to Blockchain
NexThoughts Technologies
 
PDF
Blockchain, cryptography, and consensus
ITU
 
PDF
Blockchain in Banking, Business and Beyond
Michael Novak
 
PPTX
Blockchain Consensus Protocols
Melanie Swan
 
PPTX
Blockchain Technology
PalakGulati10
 
PDF
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Edureka!
 
PPTX
Blockchain
PedramDehghanpour
 
PDF
Blockchain Presentation
Zied GUESMI
 
PPTX
Blockchain technology
hellygeorge
 
PDF
How does blockchain work
Shishir Aryal
 
PPTX
Blockchain Introduction Presentation
Amr Alaa Yassen
 
PPTX
Basic introduction in blockchain, smart contracts, permissioned ledgers
Koen Vingerhoets
 
PDF
Examples of Smart Contracts
101 Blockchains
 
PPTX
Blockchain and distributed ledgers
Robin Teigland
 
PDF
Introduction to Blockchain
Jordan Harris
 
PPTX
Overview of Blockchain Consensus Mechanisms
Johannes Ahlmann
 
PPTX
Blockchain
Software Infrastructure
 
PDF
Smart contracts
removed_5ef8f4100b1d7e8bfe3d2dc557fe10d0
 
PDF
Blockchain
Frank Calberg
 
Introduction to Blockchain
AIMDek Technologies
 
An Introduction to Blockchain
NexThoughts Technologies
 
Blockchain, cryptography, and consensus
ITU
 
Blockchain in Banking, Business and Beyond
Michael Novak
 
Blockchain Consensus Protocols
Melanie Swan
 
Blockchain Technology
PalakGulati10
 
Blockchain Technology | Blockchain Explained | Blockchain Tutorial | Blockcha...
Edureka!
 
Blockchain
PedramDehghanpour
 
Blockchain Presentation
Zied GUESMI
 
Blockchain technology
hellygeorge
 
How does blockchain work
Shishir Aryal
 
Blockchain Introduction Presentation
Amr Alaa Yassen
 
Basic introduction in blockchain, smart contracts, permissioned ledgers
Koen Vingerhoets
 
Examples of Smart Contracts
101 Blockchains
 
Blockchain and distributed ledgers
Robin Teigland
 
Introduction to Blockchain
Jordan Harris
 
Overview of Blockchain Consensus Mechanisms
Johannes Ahlmann
 
Blockchain
Software Infrastructure
 
Smart contracts
removed_5ef8f4100b1d7e8bfe3d2dc557fe10d0
 
Blockchain
Frank Calberg
 
Ad

Viewers also liked (20)

PDF
Blockchain and Security : A Virtuous Circle?
ITU
 
PDF
Blockchain: Definitions, Use Cases & Challenges
ITU
 
PDF
Blockchains : Risk or Mitigation?
ITU
 
PDF
Regulatory & Legal Aspects of Distributed Ledger Technology
ITU
 
PDF
5G and Automative : Cellular V2X (vehicle-to-everything)
ITU
 
PDF
Blockchain overview, use cases, implementations and challenges
Sébastien Tandel
 
PDF
Sitios web
Lic. Oney Begambre
 
PDF
Block Chain as a Platform February 2015 - LERNER Consulting
LERNER Consulting
 
PDF
AESIN MWC2016 Presentations AESIN, Visteon, Plextek
Sophie Ericson
 
PPTX
Network Architecture Work in ITU Focus Group IMT-2020
ITU
 
PDF
BCA Global's Food & Wine Experience
Alex Askew
 
PDF
S4 tarea4 toork
diego chavez
 
PPTX
Incluyendo la diversidad, dinámica de conscientización
Education in the Knowledge Society PhD
 
PDF
NGFI (Next Generation Fronthaul Interface) native RoE (Radio over Ethernet)
ITU
 
PPTX
Unidad v plan de negocios
MIRIAM LILIANA ZEPETA VIDAL
 
PDF
Blockchain in Tunisia: From Experimentations to a Challenging Commercial Launch
ITU
 
PDF
Blockchain’s Brave New World
ITU
 
PDF
Using ICN to meet the IMT-2020 goals
ITU
 
PDF
Blockchain and Distributed Ledger Technologies: An EU Policy Perspective
ITU
 
PDF
AI and Automated Driving : An Ethically Aligned Design
ITU
 
Blockchain and Security : A Virtuous Circle?
ITU
 
Blockchain: Definitions, Use Cases & Challenges
ITU
 
Blockchains : Risk or Mitigation?
ITU
 
Regulatory & Legal Aspects of Distributed Ledger Technology
ITU
 
5G and Automative : Cellular V2X (vehicle-to-everything)
ITU
 
Blockchain overview, use cases, implementations and challenges
Sébastien Tandel
 
Sitios web
Lic. Oney Begambre
 
Block Chain as a Platform February 2015 - LERNER Consulting
LERNER Consulting
 
AESIN MWC2016 Presentations AESIN, Visteon, Plextek
Sophie Ericson
 
Network Architecture Work in ITU Focus Group IMT-2020
ITU
 
BCA Global's Food & Wine Experience
Alex Askew
 
S4 tarea4 toork
diego chavez
 
Incluyendo la diversidad, dinámica de conscientización
Education in the Knowledge Society PhD
 
NGFI (Next Generation Fronthaul Interface) native RoE (Radio over Ethernet)
ITU
 
Unidad v plan de negocios
MIRIAM LILIANA ZEPETA VIDAL
 
Blockchain in Tunisia: From Experimentations to a Challenging Commercial Launch
ITU
 
Blockchain’s Brave New World
ITU
 
Using ICN to meet the IMT-2020 goals
ITU
 
Blockchain and Distributed Ledger Technologies: An EU Policy Perspective
ITU
 
AI and Automated Driving : An Ethically Aligned Design
ITU
 
Ad

Similar to Understanding Blockchain Security (20)

PPTX
1910990335_ppt on blockchain and its issue.ppt
bansalvvinayak832
 
PDF
IRJET- Security Threats on Blockchain and its Countermeasures
IRJET Journal
 
PDF
Comprehensive List Of Blockchain Security Tools
SoluLab1231
 
PPTX
Introduction to Blockchain technology .pptx
ratheetripti
 
PPTX
Introduction to Blockchain technology.pptx
ratheetripti
 
PPTX
Blockchain Security and Demonstration
Yao Yao
 
PPTX
Blockchain and its application
Virtualcode
 
PPTX
BLOCKCHAIN PPT.pptx
SohanaAmreen
 
PDF
2019 blockchain economy
Heung-No Lee
 
PPTX
Blockchain Advances & its Applications.pptx
MohamedMansour421585
 
PPTX
Security and privacy with blockchain
Celine George
 
PDF
Blockchain As An Enabler_16 July 2016_David Lee_Final
David Lee Kuo Chuen 李国权
 
PPTX
Block chain introduction to the world and how we can utilise it
MichealDsouza1
 
PPTX
Blockchain overview - types, use-cases, security and usabilty
Bozhidar Bozhanov
 
PPTX
SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Wi...
SMART Infrastructure Facility
 
PPTX
Distributed systems and blockchain technology
Alket Cecaj
 
PDF
IDC - Blockchain Threat Model
PeteLind
 
PPTX
Understanding 51% Attacks on Blockchain: Vulnerabilities, Impacts, and Mitiga...
DarshanaMchigari
 
PPTX
Landgate Presentation on Blockchain
Junran Cao
 
PPTX
Block chain introduction to the world and how we can utilise it
MichealDsouza1
 
1910990335_ppt on blockchain and its issue.ppt
bansalvvinayak832
 
IRJET- Security Threats on Blockchain and its Countermeasures
IRJET Journal
 
Comprehensive List Of Blockchain Security Tools
SoluLab1231
 
Introduction to Blockchain technology .pptx
ratheetripti
 
Introduction to Blockchain technology.pptx
ratheetripti
 
Blockchain Security and Demonstration
Yao Yao
 
Blockchain and its application
Virtualcode
 
BLOCKCHAIN PPT.pptx
SohanaAmreen
 
2019 blockchain economy
Heung-No Lee
 
Blockchain Advances & its Applications.pptx
MohamedMansour421585
 
Security and privacy with blockchain
Celine George
 
Blockchain As An Enabler_16 July 2016_David Lee_Final
David Lee Kuo Chuen 李国权
 
Block chain introduction to the world and how we can utilise it
MichealDsouza1
 
Blockchain overview - types, use-cases, security and usabilty
Bozhidar Bozhanov
 
SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Wi...
SMART Infrastructure Facility
 
Distributed systems and blockchain technology
Alket Cecaj
 
IDC - Blockchain Threat Model
PeteLind
 
Understanding 51% Attacks on Blockchain: Vulnerabilities, Impacts, and Mitiga...
DarshanaMchigari
 
Landgate Presentation on Blockchain
Junran Cao
 
Block chain introduction to the world and how we can utilise it
MichealDsouza1
 

More from ITU (20)

PDF
Do we need a wakeup call to keep driver-less cars protected?
ITU
 
PDF
Global Virtual Mobile Network for Car manufacturers
ITU
 
PDF
Coordination of Threat Analysis in ICT Ecosystems
ITU
 
PDF
Learning from the past: Systematization for Attacks and Countermeasures on Mo...
ITU
 
PDF
Trustworthy networking and technical considerations for 5G
ITU
 
PDF
The role of Bicycles and E-Bikes in the future development of Intelligent Tra...
ITU
 
PDF
Connected Cars & 5G
ITU
 
PDF
5G for Connected and Automated Driving
ITU
 
PDF
Securing the future of Automotive
ITU
 
PDF
The Connected Vehicle - Challenges and Opportunities.
ITU
 
PDF
Machine learning for decentralized and flying radio devices
ITU
 
PDF
AI and machine learning
ITU
 
PDF
Machine learning for 5G and beyond
ITU
 
PDF
Efficient Deep Learning in Communications
ITU
 
PDF
AI for Good Global Summit - 2017 Report
ITU
 
PDF
Standardization of XDSL and MGfast in ITU-T SG15
ITU
 
PPTX
One World One Global Sim
ITU
 
PPTX
ICTs, LDCs and the SDGs
ITU
 
PDF
Collection Methodology for Key Performance Indicators for Smart Sustainable C...
ITU
 
PDF
Enhancing innovation and participation in smart sustainable cities
ITU
 
Do we need a wakeup call to keep driver-less cars protected?
ITU
 
Global Virtual Mobile Network for Car manufacturers
ITU
 
Coordination of Threat Analysis in ICT Ecosystems
ITU
 
Learning from the past: Systematization for Attacks and Countermeasures on Mo...
ITU
 
Trustworthy networking and technical considerations for 5G
ITU
 
The role of Bicycles and E-Bikes in the future development of Intelligent Tra...
ITU
 
Connected Cars & 5G
ITU
 
5G for Connected and Automated Driving
ITU
 
Securing the future of Automotive
ITU
 
The Connected Vehicle - Challenges and Opportunities.
ITU
 
Machine learning for decentralized and flying radio devices
ITU
 
AI and machine learning
ITU
 
Machine learning for 5G and beyond
ITU
 
Efficient Deep Learning in Communications
ITU
 
AI for Good Global Summit - 2017 Report
ITU
 
Standardization of XDSL and MGfast in ITU-T SG15
ITU
 
One World One Global Sim
ITU
 
ICTs, LDCs and the SDGs
ITU
 
Collection Methodology for Key Performance Indicators for Smart Sustainable C...
ITU
 
Enhancing innovation and participation in smart sustainable cities
ITU
 

Recently uploaded (20)

PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
KodekX | Application Modernization Development
KodekX
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Teaching material agriculture food technology
LiaRayya
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 

Understanding Blockchain Security

  • 2. ITU Workshop on “Security Aspects of Blockchain” (Geneva, Switzerland, 21 March 2017) Understanding Blockchain Security Dr. Rolf Lindemann Nok Nok Labs, [email protected] Geneva, Switzerland, 21 March 2017
  • 3. How does it work? Node 1 Who can write to? Each block contains hash of previous block What is the “previous” block? What is the “previous” block? Element to be “logged” including implicit “rules” encoded in it. The genesis Orphan blocks Orphan blocks Main chain Node 2 Node N How many nodes? Who can operate a node? Who can operate a node? Who can operate a node? What is the “previous” block? What input checks? Who can read?
  • 4. Summary (1) • The term blockchain is not well defined today. • We have to be careful what to put into publicly readable blockchains. – Cryptographic algorithms get weaker over time, but the data remains in the blockchain. – Originally we thought that hashed passwords are secure, we shouldn’t repeat that mistake. – Analyzing “big data” sometimes can de-anonymize records. – People and systems fail, we need to make sure the impact of a failure remains acceptable (even from a privacy perspective). • Democracy is based on “one vote per head”. One vote per “computing power unit” is not the same as you can buy computing power with money. Rolf Lindemann, Nok Nok Labs
  • 5. Summary (2) • Several enhancements of Bitcoin blockchains have been proposed. • Standardizing replacement of deprecated crypto algorithms should be investigated. • Standardizing authentication (for non-public blockchains) supports interoperability • Typically blockchain elements are signed. Sometimes it is helpful to require some “Level of Assurance” for related keys. Standardizing key attestation supports interoperability. Rolf Lindemann, Nok Nok Labs
  • 6. Weaknesses • No transactions can be deleted-ever  Node data volume and required processing time for verifications always increases. This is already causing intense debates. Rolf Lindemann, Nok Nok Labs
  • 7. Weaknesses • Cost per transaction is relatively high – too high fir micropayments Rolf Lindemann, Nok Nok Labs
  • 8. Weaknesses • Equal Rights – Assume “Miners Club A“ owns 50% computing power of the Blockchain system. – Assume “Miners Club B” owns 30% computing power of the Blockchain systems. – Assume “Miners Club C” owns 10% computing power of the Blockchain system – Assume all those Miners Clubs decided following a “My Miners Club First” strategy, i.e. whenever some other miner has successfully added a new block N they start adding new blocks ignoring block N. Rolf Lindemann, Nok Nok Labs
  • 9. Opportunities • Several initiatives (Otonomos, Mirror, Symbiont, Eris/monax.io, …) look into smart contracts. • Today the rules in Bitcoin and smart contracts cannot easily reflect the strength of a signature (of the block to be written to the blockchain). But we know that in today’s world the “Level of Assurance” plays an important role. • There is a potential of adding attestation (for signing keys) to blockchain. Rolf Lindemann, Nok Nok Labs
  • 10. Opportunities Node 1 Require acceptable signature Potentially require valid authentication. The genesis Element to be logged (i.e. a bitcoin transaction In some environments you might require the signing key to be kept securely or to even involve user approval for signing. So we might want to standardize key attestation for such cases. Some environments prefer private blockchains (see Hyperledger Fabric, Symbiont, …). Standardizing authentication will help interoperability.
  • 11. Attack Classes Remotely attacking central servers steal data for impersonation 1 Physically attacking user devices misuse them for impersonation 6 Physically attacking user devices steal data for impersonation 5 Remotely attacking lots of user devices steal data for impersonation Remotely attacking lots of user devices misuse them for impersonation Remotely attacking lots of user devices misuse authenticated sessions 2 3 4 Scalable attacks Physical attacks possible on lost or stolen devices (3% in the US in 2013)
  • 12. 12