Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Blockchain in cyber security

Blockchain in cyber security

Workshop/talk on Applications of blockchain in Cyber Security at "Deep learning for Big Data and Cyber Security Applications" Conference

Agenda:
Background and basics of blockchain
Blockchain in cybersecurity
Characteristics of the blockchain
Threats in the decentralized ecosystem

Koshik Raj

July 02, 2019
Tweet

More Decks by Koshik Raj

Other Decks in Technology

Transcript

  1. ➔ Background and basics of blockchain ➔ Blockchain in cybersecurity

    ➔ Characteristics of the blockchain ➔ Threats in the decentralized ecosystem Agenda
  2. ➔ Several cypherpunks attempted to implement cryptocurrencies in 1990s. ◆

    Bit gold, DigiCash Satoshi Nakamoto Published the idea in a paper: "Bitcoin: A Peer-to-Peer Electronic Cash System" on Oct 2008. ➔ The Bitcoin implementation wanted to achieve decentralized accounting system Background
  3. Trust issues ➔ We approach trusted third party for certainty

    ➔ This has led to the centralization of power Alice Bob
  4. ➔ Cyber attacks on major institutions. ◆ Sony pictures, JP

    Morgan Chase data breach. ◆ Target customer confidential data breach. ➔ Expensive transaction fee. ➔ Subprime mortgage crisis in 2008. Centralization concerns
  5. Distributed Ledger Technology (DLT) ➔ Each node holds a copy

    of the ledger ➔ Blockchain + P2P+ Consensus algorithm = DLT
  6. Consensus mechanism ➔ Algorithm to reach a global truth ➔

    Consensus mechanism solves the byzantine generals’ problem. ➔ Bitcoin’s proof-of-work is the first and well known consensus algorithm
  7. Blockchain in cybersecurity? ❝ ❞ Protection of computer systems from

    damage to their hardware, software or data data
  8. Tamper proof ledger - Immutability ➔ Data appended to blockchain

    infeasible to modify ➔ Any changes to block header, transactions could easily be detected by any node ➔ Bad actors will be penalized for cheating ➔ With time the difficulty of modification drastically increases
  9. Prevention of DoS attacks - Redundancy ➔ Lack of backup

    nodes are the reasons for most of the DoS attacks ➔ Blockchain nodes provide redundant nodes ➔ The protocol (GAS) makes sure that only deterministic logic could be executed ➔ Decentralized name services such as Namecoin are some of the early applications
  10. Decentralized digital identity - Digital signatures ➔ Public key cryptography

    as a backbone for self sovereign identity management ➔ Decentralized identity foundation develops open standards to build decentralized identity ecosystem ◆ Partners - Sovrin, Microsoft, Hyperledger, Corda ➔ Key features: ◆ Privacy preserving storage ◆ Identities ◆ Verification of claims
  11. Decentralized storage - Fair incentivization ➔ Decentralized data storage can

    be built by leveraging decentralized storage and the p2p payment feature ➔ Decentralizing storage reduces security concerns of user data ➔ FileCoin, Sia, Storj implements incentivization techniques for storage through dedicated consensus mechanism
  12. Centralization ➔ Few of the consensus algorithms have introduced centralization

    ➔ Cryptocurrency exchanges are the huge cause of centralization ➔ Centralization systems suffer from all the traditional cyber attacks Solutions: DEXs, Better consensus algorithms
  13. Securing keys ➔ Unsafe to store private keys on devices

    where hundreds of applications have access to the device's storage. ➔ There is no recovery service in a decentralized ecosystem Solutions: Hardware/ paper wallets, use advanced tool/ protocols (MultiSig, Gnosis Safe)
  14. Smart contract vulnerabilities ➔ Contract scripts are vulnerable to attacks

    if they do not follow the guidelines ➔ Reentrancy, timestamp difference, integer overflow/ underflow are few of the known ones Solutions: Contract analysis tools: MythX, Securify by Chain security)
  15. Securing node communication ➔ Even though most of the data

    flows through the decentralized ledger, some times p2p communication is needed. ➔ State channel communication and enterprise DLT are the examples Solutions: Raiden, Lighting network, Corda DLT