Skip to content

Make Blockchain secure, a balancing act that never ends

May 25, 2020

Blockchain technology has become synonymous with privacy and security, but these features have been tested over the past decade. Many blockchain and cryptocurrency projects, whose historical roots focus on crypto, claim to offer widespread security and data protection measures. The industry is divided into public blockchain platforms such as Bitcoin and centralized private or legal blockchains that focus on business use.

Cointelegraph has previously examined the pros and cons of data protection concerns related to blockchain technology, but the security of these systems is an important consideration in and of itself. In the years after Bitcoin (BTC) was launched, a large number of cryptocurrencies and numerous blockchain projects were created in the private and public sectors.

The sheer number of parties working and participating within the industry means that vulnerabilities have been identified and exploited over the years. This is despite the best efforts of those involved to create the safest blockchains, cryptocurrencies and exchanges.

Make Blockchain secure, a balancing act that never endsMake Blockchain secure, a balancing act that never ends

This article introduces public blockchains and cryptocurrencies such as Bitcoin, centralized permissive blockchains that offer business solutions to large enterprise companies, and privacy coins to explore various considerations about their observed and actual security levels.

Is Bitcoin Safe for the Average User?

Given that the use of cryptocurrencies began primarily with individual users and was slow to be accepted by larger companies such as financial institutions, one of the main problems is the security of blockchains or cryptocurrencies that are currently used by individuals. To understand what makes these systems secure, Cointelegraph contacted cryptocurrency and blockchain analytics company CipherTrace.

John Jefferies, the company’s chief financial analyst, identified and separated the various categories required to fully understand the security level of an open blockchain or cryptocurrency like Bitcoin:

“There are three levels of security to consider: Personnel, Platform, and Technology. Blockchains are the technology level, but the average user needs to rely on the security of the wallet or exchange they use. An open source blockchain and well consolidated , created with well-known and reliable encryption like the Bitcoin blockchain, provides the level of security to ensure the average user that their transaction data has not been tampered with. “

When asked whether open blockchain systems offer users trustworthy security and privacy, Jefferies highlighted two key elements of the Bitcoin system that responded to the most common problems with previous projects in digital currencies. First, blockchain technology turned out to be a breakthrough as it solved the problem of double spending on peer-to-peer transactions.

Another important protocol that ensures security was the basis of Bitcoin’s consensus protocol. As Jefferies explained, blockchain technology also addresses the problem of Byzantine generals, where a messenger who exchanges information between generals can deliver false information. However, if all parties receive verified information from the majority, the bad messengers will be discovered. While these two elements provide solid security for the entire Bitcoin system, Jefferies clearly differentiates between protocol security and data protection that is offered to users:

“It is a common mistake to think that Bitcoin was designed anonymously, but in reality the Bitcoin blockchain is pseudonymous, which means that transactions are publicly visible, but individual users who are connected to transactions are not. The Satoshi white paper only talks about privacy in two paragraphs. If privacy was the goal, it would have been different. “

Cointelegraph also contacted the graduate student from Stanford University. Florian Tramèr, who recently discovered vulnerabilities in the data protection coins Monero (XMR) and Zcash (ZEC). A controlled side-channel attack could allow an attacker to find users’ IP addresses, thereby destroying any anonymity and privacy of users in a transaction.

Tramèr assessed the level of security that open blockchain networks like Bitcoin offer the average user. In a comment on Cointelegraph, he noted that Bitcoin’s consensus protocol has proven its effectiveness itself, but the development of numerous third-party applications, such as B. Exchanges, has expanded the entire ecosystem by a number of vulnerabilities:

“The general idea of ​​consensus through evidence of work definitely seems to stand the test of time, at least in terms of security, not so much in terms of adaptability. […] On the security side, we’ve seen countless examples of vulnerabilities in smart contracts, purses, exchanges, etc. A lot of research has also been done on the privacy side, showing that cryptocurrency transactions are relatively easy to track and anonymize even on systems like Monero and Zcash, mainly because achieving good privacy requires a lot of additional user maintenance. . “

Centralized allowable blockchains and privacy coins

Private or centrally approved blockchains are the solution of choice for large companies and corporations who are looking for accounting solutions for various business challenges. Needless to say, the larger companies don’t take security risks. They are therefore turning to centralized, permitted blockchains that are tailored and operated by specialized technology companies.

The main examples are Microsoft Azure Blockchain Service and the IBM Blockchain platform, which works thanks to the Linux Hyperledger Fabric Foundation. The Microsoft Azure Blockchain service performs a similar function that allows users to create and operate blockchain networks on a large scale. IBM Blockchain is aimed at large companies and corporations and has a large number of existing blockchain platforms that companies can join. Customers can also create and launch their own platforms that they can program to perform certain functions.

Related topics: Using the Hyperledger Fabric Enterprise Blockchain offers viable solutions

When asked whether centralized allowable blockchains are more secure than open networks, CipherTrace member Jefferies made a statement that these platforms are not much more secure:

“No, they’re just less attacked because they don’t move money and are not widely available. In any case, they could be more vulnerable to hackers and vulnerabilities because private blockchains are inherently more central.”

Tramèr’s opinion was similar to Jefferies’ as to how centralized allowable blockchains would stand in contrast to the security of open blockchains:

“The threat model is certainly different. However, some problems such as smart contract errors, key management, etc. would also be a problem in an authorized or private system. “

While companies can opt for centralized, legal blockchains to operate closed accounting systems and other financial tasks, there are data protection coins at the other end of the spectrum that aim to provide full anonymity to users. In view of Tramèr’s investigations into data protection and the security of data protection coins, he insisted that the assessment of the actual level of data protection and anonymity is not a clear discussion:

“On the one hand, Zcash and Monero are using some fairly advanced and recent developments in cryptography to initially offer a high level of data protection and anonymity for transactions. On the other hand, crypto is only part of a large distributed system used by these projects. And measuring privacy or lack of privacy at the system level is very difficult. There can be subtle implementation mistakes and a variety of usage patterns or leaks in the side channels that can reveal much more than crypto intends. “

A balancing action

An important point is that security concerns in blockchains and in the cryptocurrency area cross individual systems. A single platform or cryptocurrency cannot be said to be insecure because numerous systems are interconnected. Tramèr offered a comparison between traditional financial systems and the emergence of blockchain-based cryptocurrencies, in which no system is “not hackable” and security concerns are also due to usability problems:

“You don’t have to be an expert to use these cryptocurrencies as safely as possible. At the same time, the struggle for a ‘non-hackable’ system isn’t necessarily the right goal. For example, if you look at the banking system, it’s clear that things are clear They are not “uninhabitable.” People’s credit cards and accounts are constantly being stolen, banks are being hacked, there are many fraud cases, and most of it is regulated by the legal framework and insurance. There is still no similar framework to Appropriately treat security gaps and losses in the crypto space. “

Blockchain platforms, cryptocurrency exchanges and a host of other projects have emerged in the ten years after Bitcoin was founded and numerous altcoins emerged. This inevitably included initial problems and hacks; Fraud and security vulnerabilities were widespread, especially when it came to exchanging cryptocurrencies.

In the meantime, tech specialists and developers have started to use blockchain technology and crypto to create secure and robust systems. Capability research continues to this day, and Jefferies believes technology will continue to advance the development of secure systems in a variety of industries:

Yes, there have been many experiments with use cases where blockchain offers advantages that go beyond traditional technology. […] We see companies and countries looking for digital currencies as digitization enables improved efficiency and control. Within the next 10 years, every major economy will have its own digital currency from the central bank. “