Before we begin to understand the security risks associated with private and public blockchains, let us first define what a blockchain is: a ledger of transactions arranged in groups (batches) called blocks. These blocks use cryptographic validation to link themselves together. Simply put, each block references the previous block by a hashing function, which forms a linked chain, hence the name "blockchain".
Blockchains can be visualized as databases with sets of validations that are not stored in central locations nor managed by groups of admins. They are peer to peer networks that exist on multiple nodes (computers) simultaneously in such a way that any interested party can maintain a copy. They are distributed and redundant by nature.
Blockchains can be categorized into two groups:
Public blockchains, including Bitcoin, Ethereum, and most altcoins, are designed to be accessible by anyone with a computer and internet access. They are designed to eliminate a need for intermediaries in any exchange of asset value scenario. Redundancy makes public blockchains slow and resource intensive because of the computational power that is needed to maintain the distributed ledger, but in turn makes them more secure. Public blockchains are most appropriate when a network needs to be decentralized.
Private blockchains partially reintroduce the intermediary. Nodes in a private blockchain network require invitations and must be validated by either the starter of the network or by a set of rules put in place by the starter of the network.
Businesses which set up private blockchains, generally set up a permissioned network. This restricts access to the network for certain transactions. Participants need to obtain an invitation or permission to join. The access control mechanism may vary such that: existing participants could decide future entrants, a regulatory authority could issue licenses for participation, or a consortium could make the decisions. Once an entity has joined the network, it will play a role in maintaining the blockchain in a decentralized manner.
Due to their restrictive nature, private blockchains are sometimes referred to as permissioned blockchains.
Anyone is able to aggregate and publish a group of transactions, provided they can solve a difficult cryptographic puzzle to prove an investment of computing power. The process by which a network of nodes confirms the records of previously verified transactions, and by which it verifies new transactions, is known as a consensus protocol. In the public blockchain system, all users follow an algorithm that verifies transactions by committing software and hardware resources to solving a problem by brute force (i.e., by solving the cryptographic puzzle). The user who finds the solution first is rewarded, and each new solution, along with the transactions that were used to verify it, forms the basis for the next puzzle.
Proof of Work
A proof of work is a piece of data which was difficult to produce so as to satisfy certain requirements. The Production of a proof of work is a random process with low probability, so it requires a lot of trial and error on average before a valid proof of work is generated. Bitcoin uses the Hashcash proof of work.
Now that we are familiar with key blockchain terminology, let us explore the risks associated with public and private blockchains.
Public Blockchain Security Risks
More than half of the network’s hashing power rests in a single country's (China) hands. The concentration of mining power in countries like China is partially due to cheaper electricity prices. This threatens to subvert crypto currency's democratic nature. Giant mining pools and the other massive bitcoin-mining conglomerates can effectively monopolize control over the bitcoin blockchain. This may lead to network centralization and the possibility of collusion and making the network vulnerable to changes in policy on electricity subsidies.
Cyber criminals are increasingly interested in stealing crypto-currency due to their climb in value. They have recently hacked into DAO and Bitfinex exchange. The DAO lost more than $50m, cutting the value of the currency by a third. Bitfinex lost about $65m in a cyber attack in 2016.
Blockchain code is still in its infancy and may be subject to currently unknown security vulnerabilities. In particular, the Ethereum smart contract language is relatively new and there may be zero day attacks which hackers can exploit.
Sometimes, the attacker announces an inaccurate timestamp while connecting to a node for a transaction. The network time counter of node is altered by the attacker and the deceived node may accept an alternate block chain. The serious consequences of this are double-spending and wastage of computational resources during mining process. This also known as a “timejacking attack”.
The double spending attack is a serious threat for the blockchain transaction in which the attacker successfully makes more than one transaction using a single coin resulting in invalidating the ‘honest’ transaction. This attack is most likely to occur with ‘fast payment’ mode.
There may be bugs in Bitcoin Core that haven't been discovered yet. However, the implementation of alternative client software is helping to uncover unexpected behavior as the network matures.
The most popular mode of storage for crypto-currencies may be insecure. Many users store their private keys in internet based, and thus hack-prone, wallets. The best practice is to avoid using these hot wallets.
The veracity of each entry rests on those in control of the private key of each account.
Regulations and laws sometimes require the use of certain controls that may not be relevant or possible using blockchain.
The legal liability for losses resulting from a failure of algorithmic trust is yet to be determined.
Hackers may employ Blockchain cryptographic algorithms and mechanisms to perform malicious activities without leaving any traces (ex. a sybil attack).
A vulnerability that allows a pool of sufficient size to obtain revenue larger than its ratio of mining power. In this attack, the colluding group of miners will force the honest miners into performing wasted computations on the stale public branch. In other words, the honest miners spend their cycles on blocks that eventually will not be part of the blockchain and they are forced by selfish miners to do so. The selfish mining group will keep their mined blocks private and will secretly perform bifurcation of the blockchain while the ‘honest’ miners continue to waste their computational power to the public branch. The selfish miners will then reveal the blocks to the public branch and the ‘honest’ miners will switch to the recently mined blocks which will make the selfish miner group earn more revenue. This is also known as "Selfish Mining"
Private Blockchain Risks
A node that restricts the transmission of information, or transmits incorrect information, must be identifiable and circumvented to maintain the integrity of the system. Blockchains achieve consensus on their ledger through communication. This communication occurs between nodes, each of which maintains a copy of the ledger and informs the other nodes of new information: newly submitted or newly verified transactions. Private blockchain operators can control who is allowed to operate a node, as well as how those nodes are connected. A node with more connections will receive information faster. Likewise, nodes may be required to maintain a certain number of connections to be considered active.
Another security concern is the treatment of uncommunicative or intermittently active nodes. Nodes may go offline for innocuous reasons, but the network must be structured to function without the offline nodes, and it must be able to quickly bring these nodes back up to speed if they return.
In a private blockchain, operators may choose to permit only certain nodes to perform the verification process. These trusted parties would be responsible for communicating newly verified transactions to the rest of the network.
While the risks of building a financial market or other infrastructure on a public blockchain may restrict certain companies pause, private blockchains offer a degree of control over both participant behavior and the transaction verification process. The use of a blockchain-based system is a signal of the transparency and usability of that system, which are bolstered by the early consideration of the system’s security. Just as a business will decide which of its systems are better hosted on a more secure private intranet or on the internet, but will likely use both, systems requiring fast transactions, the possibility of transaction reversal, and central control over transaction verification will be better suited for private blockchains, while those that benefit from widespread participation, transparency, and third-party verification will flourish on a public blockchain.
Apart from public blockchain and private block chain there is one more blockchain called consortium blockchain. It is a blockchain where the consensus process is controlled by a pre-selected set of nodes; for example, one might imagine a consortium of 15 financial institutions, each of which operates a node and of which 10 must sign every block in order for the block to be valid. The right to read the blockchain may be public, or restricted to the participants, and there are also hybrid routes such as the root hashes of the blocks being public together with an API that allows members of the public to make a limited number of queries and get back cryptographic proofs of some parts of the blockchain state. These blockchains may be considered “partially decentralized”. This kind of blockchain have risks based on how it is implemented.
Author: Raghunadha Kotha
Raghu started his career as a systems programmer building CAD systems, mathematical packages, and compilers/interpreters and designing IDS systems. He received the achievement award from Bell Labs for his work on configuration management tools. Raghu has had opportunities to work in senior roles in many aspects of Information Technology including Application Development, Information Management, and Enterprise Architecture. Over the past 13 years, he has been involved in Pen testing, malware analysis, malware creation, Security Operations/Architecture, Machine Learning, and Security Governance. After holding the Head of Information Security position at a California bank, Raghu is currently working as a Sr. Security Architect at Charlotte based Stalwart Systems.