Pro Yearly is on sale from $80 to $50! »

Blockchain in cyber security

Blockchain in cyber security

Workshop/talk on Applications of blockchain in Cyber Security at "Deep learning for Big Data and Cyber Security Applications" Conference

Agenda:
Background and basics of blockchain
Blockchain in cybersecurity
Characteristics of the blockchain
Threats in the decentralized ecosystem

68a8092ba46ca5848bcdfc453d81c4bb?s=128

Koshik Raj

July 02, 2019
Tweet

Transcript

  1. Blockchain in cyber security Mitigating cyber threats with decentralized blockchain

    applications Koshik Raj
  2. ➔ Background and basics of blockchain ➔ Blockchain in cybersecurity

    ➔ Characteristics of the blockchain ➔ Threats in the decentralized ecosystem Agenda
  3. ➔ Several cypherpunks attempted to implement cryptocurrencies in 1990s. ◆

    Bit gold, DigiCash Satoshi Nakamoto Published the idea in a paper: "Bitcoin: A Peer-to-Peer Electronic Cash System" on Oct 2008. ➔ The Bitcoin implementation wanted to achieve decentralized accounting system Background
  4. Why was it created?

  5. Trust issues ➔ We approach trusted third party for certainty

    ➔ This has led to the centralization of power Alice Bob
  6. ➔ Cyber attacks on major institutions. ◆ Sony pictures, JP

    Morgan Chase data breach. ◆ Target customer confidential data breach. ➔ Expensive transaction fee. ➔ Subprime mortgage crisis in 2008. Centralization concerns
  7. Decentralization problem (Byzantine failure) ➔ Trustless entities ➔ How to

    believe on single truth?
  8. Enter Bitcoin

  9. How Bitcoin solved it?

  10. Distributed Ledger Technology (DLT) ➔ Each node holds a copy

    of the ledger ➔ Blockchain + P2P+ Consensus algorithm = DLT
  11. Blockchain 1234 1234 1235 1235 1236 Cryptographic primitives: ➔ Hash

    functions ➔ Digital signatures
  12. Consensus mechanism ➔ Algorithm to reach a global truth ➔

    Consensus mechanism solves the byzantine generals’ problem. ➔ Bitcoin’s proof-of-work is the first and well known consensus algorithm
  13. Blockchain in cybersecurity? ❝ ❞ Protection of computer systems from

    damage to their hardware, software or data data
  14. Data related attacks? Denial of service SQL injection/ XSS/ Phishing

    Eavesdropping Backdoor
  15. Characteristics that will revolutionize cyber security Immutability Non repudiation redundancy

    incentivization
  16. Tamper proof ledger - Immutability ➔ Data appended to blockchain

    infeasible to modify ➔ Any changes to block header, transactions could easily be detected by any node ➔ Bad actors will be penalized for cheating ➔ With time the difficulty of modification drastically increases
  17. Prevention of DoS attacks - Redundancy ➔ Lack of backup

    nodes are the reasons for most of the DoS attacks ➔ Blockchain nodes provide redundant nodes ➔ The protocol (GAS) makes sure that only deterministic logic could be executed ➔ Decentralized name services such as Namecoin are some of the early applications
  18. Decentralized digital identity - Digital signatures ➔ Public key cryptography

    as a backbone for self sovereign identity management ➔ Decentralized identity foundation develops open standards to build decentralized identity ecosystem ◆ Partners - Sovrin, Microsoft, Hyperledger, Corda ➔ Key features: ◆ Privacy preserving storage ◆ Identities ◆ Verification of claims
  19. Decentralized storage - Fair incentivization ➔ Decentralized data storage can

    be built by leveraging decentralized storage and the p2p payment feature ➔ Decentralizing storage reduces security concerns of user data ➔ FileCoin, Sia, Storj implements incentivization techniques for storage through dedicated consensus mechanism
  20. Threats for decentralization platforms Centralization Need for Secure communication between

    nodes Securing keys Smart contract vulnerabilities
  21. Centralization ➔ Few of the consensus algorithms have introduced centralization

    ➔ Cryptocurrency exchanges are the huge cause of centralization ➔ Centralization systems suffer from all the traditional cyber attacks Solutions: DEXs, Better consensus algorithms
  22. Securing keys ➔ Unsafe to store private keys on devices

    where hundreds of applications have access to the device's storage. ➔ There is no recovery service in a decentralized ecosystem Solutions: Hardware/ paper wallets, use advanced tool/ protocols (MultiSig, Gnosis Safe)
  23. Smart contract vulnerabilities ➔ Contract scripts are vulnerable to attacks

    if they do not follow the guidelines ➔ Reentrancy, timestamp difference, integer overflow/ underflow are few of the known ones Solutions: Contract analysis tools: MythX, Securify by Chain security)
  24. Securing node communication ➔ Even though most of the data

    flows through the decentralized ledger, some times p2p communication is needed. ➔ State channel communication and enterprise DLT are the examples Solutions: Raiden, Lighting network, Corda DLT
  25. Conclusion