Blockchain in cyber security

Transcript

1. Blockchain in cyber security Mitigating cyber threats with decentralized blockchain

   applications Koshik Raj

2. ➔ Background and basics of blockchain ➔ Blockchain in cybersecurity

   ➔ Characteristics of the blockchain ➔ Threats in the decentralized ecosystem Agenda

3. ➔ Several cypherpunks attempted to implement cryptocurrencies in 1990s. ◆

   Bit gold, DigiCash Satoshi Nakamoto Published the idea in a paper: "Bitcoin: A Peer-to-Peer Electronic Cash System" on Oct 2008. ➔ The Bitcoin implementation wanted to achieve decentralized accounting system Background

4. Why was it created?

5. Trust issues ➔ We approach trusted third party for certainty

   ➔ This has led to the centralization of power Alice Bob

6. ➔ Cyber attacks on major institutions. ◆ Sony pictures, JP

   Morgan Chase data breach. ◆ Target customer confidential data breach. ➔ Expensive transaction fee. ➔ Subprime mortgage crisis in 2008. Centralization concerns

7. Decentralization problem (Byzantine failure) ➔ Trustless entities ➔ How to

   believe on single truth?

8. Enter Bitcoin

9. How Bitcoin solved it?

10. Distributed Ledger Technology (DLT) ➔ Each node holds a copy

    of the ledger ➔ Blockchain + P2P+ Consensus algorithm = DLT

11. Blockchain 1234 1234 1235 1235 1236 Cryptographic primitives: ➔ Hash

    functions ➔ Digital signatures

12. Consensus mechanism ➔ Algorithm to reach a global truth ➔

    Consensus mechanism solves the byzantine generals’ problem. ➔ Bitcoin’s proof-of-work is the first and well known consensus algorithm

13. Blockchain in cybersecurity? ❝ ❞ Protection of computer systems from

    damage to their hardware, software or data data

14. Data related attacks? Denial of service SQL injection/ XSS/ Phishing

    Eavesdropping Backdoor

15. Characteristics that will revolutionize cyber security Immutability Non repudiation redundancy

    incentivization

16. Tamper proof ledger - Immutability ➔ Data appended to blockchain

    infeasible to modify ➔ Any changes to block header, transactions could easily be detected by any node ➔ Bad actors will be penalized for cheating ➔ With time the difficulty of modification drastically increases

17. Prevention of DoS attacks - Redundancy ➔ Lack of backup

    nodes are the reasons for most of the DoS attacks ➔ Blockchain nodes provide redundant nodes ➔ The protocol (GAS) makes sure that only deterministic logic could be executed ➔ Decentralized name services such as Namecoin are some of the early applications

18. Decentralized digital identity - Digital signatures ➔ Public key cryptography

    as a backbone for self sovereign identity management ➔ Decentralized identity foundation develops open standards to build decentralized identity ecosystem ◆ Partners - Sovrin, Microsoft, Hyperledger, Corda ➔ Key features: ◆ Privacy preserving storage ◆ Identities ◆ Verification of claims

19. Decentralized storage - Fair incentivization ➔ Decentralized data storage can

    be built by leveraging decentralized storage and the p2p payment feature ➔ Decentralizing storage reduces security concerns of user data ➔ FileCoin, Sia, Storj implements incentivization techniques for storage through dedicated consensus mechanism

20. Threats for decentralization platforms Centralization Need for Secure communication between

    nodes Securing keys Smart contract vulnerabilities

21. Centralization ➔ Few of the consensus algorithms have introduced centralization

    ➔ Cryptocurrency exchanges are the huge cause of centralization ➔ Centralization systems suffer from all the traditional cyber attacks Solutions: DEXs, Better consensus algorithms

22. Securing keys ➔ Unsafe to store private keys on devices

    where hundreds of applications have access to the device's storage. ➔ There is no recovery service in a decentralized ecosystem Solutions: Hardware/ paper wallets, use advanced tool/ protocols (MultiSig, Gnosis Safe)

23. Smart contract vulnerabilities ➔ Contract scripts are vulnerable to attacks

    if they do not follow the guidelines ➔ Reentrancy, timestamp difference, integer overflow/ underflow are few of the known ones Solutions: Contract analysis tools: MythX, Securify by Chain security)

24. Securing node communication ➔ Even though most of the data

    flows through the decentralized ledger, some times p2p communication is needed. ➔ State channel communication and enterprise DLT are the examples Solutions: Raiden, Lighting network, Corda DLT

25. Conclusion