Blockchain_Security_-_Zahin_and_Maria.pdf

Transcript

1. A Tale of Alliance: Security Risks in Blockchain Technology Zahin

   Azher Rashid & Maria Shoaib 12-13 November, 2019 @zahinazher @mariashoaib01

2. About me  7 years in the industry  Network

   Security and Automation, Web Development,  Cloud and Machine Learning, 5G  Zahin Azher Rashid @zahinazher  Software Engineer at Ericsson in Stockholm, Sweden  Earned Dual Degree in Cloud Computing and Entrepreneurship  TU Berlin and KTH Royal Institute of Technology Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 2

3. About me  Maria Shoaib @mariashoaib01  M.S. Rochester Institute

   of Technology, New York on a Fulbright  Software Engineering/Product Development areas  Stemming From Her stemmingfromher.com  Ericsson in Stockholm, Sweden Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 3

4. Agenda  What is a Blockchain  Key features and

   its importance  How does it work?  Validation and mining process  Is blockchain hackable?  Key Takeaways and References Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 4

5. What is a Blockchain?  Chain of blocks  A

   growing list of records  Blocks are linked using Cryptography  Decentralized ledger  Shared among the peers  Each peer holds a copy  Genesis Block  The first block in the Blockchain  IBM -> Blockchain is a shared, immutable ledger for recording transactions, tracking assets and building trust Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 5

6. Who paved the way for blockchains?  DigiCash (1989) 

   To make untraceable, anonymous transactions  E-Gold (1996)  Digital currency system  B-Money and Bit-Gold (1998)  Decentralized currency system  Ripple Pay (2004)  Exchange digital IOU (debt) contracts  Reusable Proofs of Work (RPOW) (2004)  Prototype for issuing token for computing intensive work  Bitcoin (2009) Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 6

7. Importance of Blockchain Codemotion Berlin 2019 | @zahinazher | @mariashoaib01

   | 13/11/2019 7 Financial crisis in 2009 Lost of Trust Double spending problem Digital token reused Digital Payments Trust and Consensus

8. Key Features Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 |

   13/11/2019 8 Decentralization Transparency Immutability Cryptographically Secured

9. Decentralization Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019

   9 Who owns the blockchain?

10. Transparency Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019

    10

11. Immutability Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019

    11 -> a new transaction must be added to reverse the error

12. Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 12

    Cryptographically Secured  Sha256 Encryption  Avalanche Effect  Even if you make a small change in your input, the changes that will be reflected in the hash will be huge

13. How does blockchain work? Codemotion Berlin 2019 | @zahinazher |

    @mariashoaib01 | 13/11/2019 13 https://101blockchains.com/wp-content/uploads/2018/07/How_Does_a_Blockchain_work.jpg

14. Validation and Mining  Peer to peer network  Everyone

    is allowed to join  New node joins  Gets a copy of the blockchain  Validates the blockchain  A new block is broadcasted  Calculate the hash of the data  Check no block is tampered  Redo the proof of work  Consensus of the nodes  All node adds the block to the blockchain  To tamper a blockchain Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 14 Public Blockchain

15. Proof of Work  Solve a complex mathematical problem 

    Increment Nonce until a value is found that gives hash the required zero bits  If blocks are generated too fast  Complexity is increased Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 15 Bitcoin

16. Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 Entities

    using Blockchain Use Cases 16  Bitcoin  Ethereum  Bitcoin cash  Litecoin  Namecoin  Smart contracts  Elections and Voting  Collecting tax  Storing medical records  Stock exchange

17. In order to write secure code you need to know

    how attackers creep in. Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 17

18. Is blockchain hackable? Codemotion Berlin 2019 | @zahinazher | @mariashoaib01

    | 13/11/2019 18

19. Once hailed as unhackable, blockchains are now getting hacked Codemotion

    Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 19

20. Ideally, everyone gets this… Codemotion Berlin 2019 | @zahinazher |

    @mariashoaib01 | 13/11/2019 20

21. Some more… Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 |

    13/11/2019 21 DAO Bitfinex Bithumb

22. 51%  Miners” will review the transactions to ensure they

    are genuine  Second version  Common on smaller blockchains Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 22

23. Creation errors  Security glitches  Larger blockchains  For

    example, legal professionals may encounter smart contracts Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 23

24. Insufficient security  Exchanges are vulnerable  Security practices around

    exchanges are weak Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 24

25. How to protect against this?  Leverage Trusted Platform Modules

    (TPMs) for sensitive code execution  Use API security best practices to safeguard API-based transactions  Use a privileged access management (PAM) solution for escalated actions  Treat the underlying infrastructure of the blockchain solution as critical infrastructure.  https://developer.ibm.com/articles/how-to-secure-blockchain-solutions/ Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 25

26. Key Takeaways  Ethical responsibility to protect our products 

    Blockchain is not auto-immune to hacks  Take measures now Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 26

27. References  https://blockgeeks.com/guides/what-is-blockchain-technology/  https://www.wired.com/story/guide-blockchain/  https://www.coindesk.com/information/what-is-blockchain-technology  https://www.mckinsey.com/industries/technology-media-and-telecommunications/our-insights/how-blockchains- could-change-the-world

     https://www.ibm.com/blockchain/what-is-blockchain  https://medium.com/coinmonks/what-the-hell-is-blockchain-and-how-does-it-works-simplified-b9372ecc26ef  https://cointelegraph.com/news/ethereum-classic-51-attack-the-reality-of-proof-of-work Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 | 13/11/2019 27

28. Thank you! Codemotion Berlin 2019 | @zahinazher | @mariashoaib01 |

    13/11/2019 28 @zahinazher @mariashoaib01