Pro Yearly is on sale from $80 to $50! »

Blockchain in cyber security

Blockchain in cyber security

Workshop/talk on Applications of blockchain in Cyber Security at "Deep learning for Big Data and Cyber Security Applications" Conference

Background and basics of blockchain
Blockchain in cybersecurity
Characteristics of the blockchain
Threats in the decentralized ecosystem


Koshik Raj

July 02, 2019


  1. Blockchain in cyber security Mitigating cyber threats with decentralized blockchain

    applications Koshik Raj
  2. ➔ Background and basics of blockchain ➔ Blockchain in cybersecurity

    ➔ Characteristics of the blockchain ➔ Threats in the decentralized ecosystem Agenda
  3. ➔ Several cypherpunks attempted to implement cryptocurrencies in 1990s. ◆

    Bit gold, DigiCash Satoshi Nakamoto Published the idea in a paper: "Bitcoin: A Peer-to-Peer Electronic Cash System" on Oct 2008. ➔ The Bitcoin implementation wanted to achieve decentralized accounting system Background
  4. Why was it created?

  5. Trust issues ➔ We approach trusted third party for certainty

    ➔ This has led to the centralization of power Alice Bob
  6. ➔ Cyber attacks on major institutions. ◆ Sony pictures, JP

    Morgan Chase data breach. ◆ Target customer confidential data breach. ➔ Expensive transaction fee. ➔ Subprime mortgage crisis in 2008. Centralization concerns
  7. Decentralization problem (Byzantine failure) ➔ Trustless entities ➔ How to

    believe on single truth?
  8. Enter Bitcoin

  9. How Bitcoin solved it?

  10. Distributed Ledger Technology (DLT) ➔ Each node holds a copy

    of the ledger ➔ Blockchain + P2P+ Consensus algorithm = DLT
  11. Blockchain 1234 1234 1235 1235 1236 Cryptographic primitives: ➔ Hash

    functions ➔ Digital signatures
  12. Consensus mechanism ➔ Algorithm to reach a global truth ➔

    Consensus mechanism solves the byzantine generals’ problem. ➔ Bitcoin’s proof-of-work is the first and well known consensus algorithm
  13. Blockchain in cybersecurity? ❝ ❞ Protection of computer systems from

    damage to their hardware, software or data data
  14. Data related attacks? Denial of service SQL injection/ XSS/ Phishing

    Eavesdropping Backdoor
  15. Characteristics that will revolutionize cyber security Immutability Non repudiation redundancy

  16. Tamper proof ledger - Immutability ➔ Data appended to blockchain

    infeasible to modify ➔ Any changes to block header, transactions could easily be detected by any node ➔ Bad actors will be penalized for cheating ➔ With time the difficulty of modification drastically increases
  17. Prevention of DoS attacks - Redundancy ➔ Lack of backup

    nodes are the reasons for most of the DoS attacks ➔ Blockchain nodes provide redundant nodes ➔ The protocol (GAS) makes sure that only deterministic logic could be executed ➔ Decentralized name services such as Namecoin are some of the early applications
  18. Decentralized digital identity - Digital signatures ➔ Public key cryptography

    as a backbone for self sovereign identity management ➔ Decentralized identity foundation develops open standards to build decentralized identity ecosystem ◆ Partners - Sovrin, Microsoft, Hyperledger, Corda ➔ Key features: ◆ Privacy preserving storage ◆ Identities ◆ Verification of claims
  19. Decentralized storage - Fair incentivization ➔ Decentralized data storage can

    be built by leveraging decentralized storage and the p2p payment feature ➔ Decentralizing storage reduces security concerns of user data ➔ FileCoin, Sia, Storj implements incentivization techniques for storage through dedicated consensus mechanism
  20. Threats for decentralization platforms Centralization Need for Secure communication between

    nodes Securing keys Smart contract vulnerabilities
  21. Centralization ➔ Few of the consensus algorithms have introduced centralization

    ➔ Cryptocurrency exchanges are the huge cause of centralization ➔ Centralization systems suffer from all the traditional cyber attacks Solutions: DEXs, Better consensus algorithms
  22. Securing keys ➔ Unsafe to store private keys on devices

    where hundreds of applications have access to the device's storage. ➔ There is no recovery service in a decentralized ecosystem Solutions: Hardware/ paper wallets, use advanced tool/ protocols (MultiSig, Gnosis Safe)
  23. Smart contract vulnerabilities ➔ Contract scripts are vulnerable to attacks

    if they do not follow the guidelines ➔ Reentrancy, timestamp difference, integer overflow/ underflow are few of the known ones Solutions: Contract analysis tools: MythX, Securify by Chain security)
  24. Securing node communication ➔ Even though most of the data

    flows through the decentralized ledger, some times p2p communication is needed. ➔ State channel communication and enterprise DLT are the examples Solutions: Raiden, Lighting network, Corda DLT
  25. Conclusion