Blockchain in cyber security

Blockchain in cyber security

Workshop/talk on Applications of blockchain in Cyber Security at "Deep learning for Big Data and Cyber Security Applications" Conference

Agenda:
Background and basics of blockchain
Blockchain in cybersecurity
Characteristics of the blockchain
Threats in the decentralized ecosystem

68a8092ba46ca5848bcdfc453d81c4bb?s=128

Koshik Raj

July 02, 2019
Tweet

Transcript

  1. 2.

    ➔ Background and basics of blockchain ➔ Blockchain in cybersecurity

    ➔ Characteristics of the blockchain ➔ Threats in the decentralized ecosystem Agenda
  2. 3.

    ➔ Several cypherpunks attempted to implement cryptocurrencies in 1990s. ◆

    Bit gold, DigiCash Satoshi Nakamoto Published the idea in a paper: "Bitcoin: A Peer-to-Peer Electronic Cash System" on Oct 2008. ➔ The Bitcoin implementation wanted to achieve decentralized accounting system Background
  3. 5.

    Trust issues ➔ We approach trusted third party for certainty

    ➔ This has led to the centralization of power Alice Bob
  4. 6.

    ➔ Cyber attacks on major institutions. ◆ Sony pictures, JP

    Morgan Chase data breach. ◆ Target customer confidential data breach. ➔ Expensive transaction fee. ➔ Subprime mortgage crisis in 2008. Centralization concerns
  5. 10.

    Distributed Ledger Technology (DLT) ➔ Each node holds a copy

    of the ledger ➔ Blockchain + P2P+ Consensus algorithm = DLT
  6. 12.

    Consensus mechanism ➔ Algorithm to reach a global truth ➔

    Consensus mechanism solves the byzantine generals’ problem. ➔ Bitcoin’s proof-of-work is the first and well known consensus algorithm
  7. 13.

    Blockchain in cybersecurity? ❝ ❞ Protection of computer systems from

    damage to their hardware, software or data data
  8. 16.

    Tamper proof ledger - Immutability ➔ Data appended to blockchain

    infeasible to modify ➔ Any changes to block header, transactions could easily be detected by any node ➔ Bad actors will be penalized for cheating ➔ With time the difficulty of modification drastically increases
  9. 17.

    Prevention of DoS attacks - Redundancy ➔ Lack of backup

    nodes are the reasons for most of the DoS attacks ➔ Blockchain nodes provide redundant nodes ➔ The protocol (GAS) makes sure that only deterministic logic could be executed ➔ Decentralized name services such as Namecoin are some of the early applications
  10. 18.

    Decentralized digital identity - Digital signatures ➔ Public key cryptography

    as a backbone for self sovereign identity management ➔ Decentralized identity foundation develops open standards to build decentralized identity ecosystem ◆ Partners - Sovrin, Microsoft, Hyperledger, Corda ➔ Key features: ◆ Privacy preserving storage ◆ Identities ◆ Verification of claims
  11. 19.

    Decentralized storage - Fair incentivization ➔ Decentralized data storage can

    be built by leveraging decentralized storage and the p2p payment feature ➔ Decentralizing storage reduces security concerns of user data ➔ FileCoin, Sia, Storj implements incentivization techniques for storage through dedicated consensus mechanism
  12. 21.

    Centralization ➔ Few of the consensus algorithms have introduced centralization

    ➔ Cryptocurrency exchanges are the huge cause of centralization ➔ Centralization systems suffer from all the traditional cyber attacks Solutions: DEXs, Better consensus algorithms
  13. 22.

    Securing keys ➔ Unsafe to store private keys on devices

    where hundreds of applications have access to the device's storage. ➔ There is no recovery service in a decentralized ecosystem Solutions: Hardware/ paper wallets, use advanced tool/ protocols (MultiSig, Gnosis Safe)
  14. 23.

    Smart contract vulnerabilities ➔ Contract scripts are vulnerable to attacks

    if they do not follow the guidelines ➔ Reentrancy, timestamp difference, integer overflow/ underflow are few of the known ones Solutions: Contract analysis tools: MythX, Securify by Chain security)
  15. 24.

    Securing node communication ➔ Even though most of the data

    flows through the decentralized ledger, some times p2p communication is needed. ➔ State channel communication and enterprise DLT are the examples Solutions: Raiden, Lighting network, Corda DLT