Scope:

A blockchain by design is a decentralized network of nodes, wherein each node holds data in terms of immutable transactions. Cybersecurity is always looking to improve security at micro levels in order to prevent data/information theft. This project aims at providing opportunities and challenges of using blockchain in general settings in cyberspace.

Objective:

The main objective of this report is to showcase the impact that the blockchain is creating in the field of cybersecurity.  This report also explains the rise of security levels for combining blockchain technology in enterprise and business technologies.

Literature Overview:

When it comes to the application of blockchain to the field of cybersecurity, many research works are being done these days. One of the most recent survey papers in the realm of blockchain and cybersecurity was performed by Salman et al. In this study, the authors highlight the challenges and problems associated with the use of security services in the centralized architecture in various application domains, and provide a comprehensive review of current blockchain-enabled methods for such security service applications in areas of authentication, confidentiality, privacy, access control, data and resource provenance, and integrity assurance in distributed networks[1]. 

Yli-Huumo et al. conducted an SLR in 2016 to determine what research results had been published in relation to the general concept of blockchain technology. They excluded legal, economic, and regulatory research from their review and focused on papers about blockchain technology. They found 80% of the research papers focus on Bitcoin Projects, in particular on a common theme of security and privacy[2].

From a security point of view, researchers developed various techniques targeting privacy concerns focused on personal data. Data anonymization methods attempt to protect personally identifiable information (PII). G. Zyskind, A.S. Pentland, published a paper in 2015 on Decentralizing Privacy: Using Blockchain to Protect Personal Data[3]. In this paper they mainly focussed on the data between users and applications which can be secured and remain untampered by being stored and passed through a blockchain. They created a platform for which users are not required to trust any third-party and are always aware of the data that is being collected about them and how it is used. In addition to this, the blockchain technology recognizes the users as the owners of their personal data. 

B. Benshoof, A. Rosen, A.G. Bourgeois, R.W. Harrison, in 2015 presented a new DNS called D3NS, a system to replace the current top-level DNS system and certificate authorities, offering increased scalability, security, and robustness[4]. D3NS is based on a distributed hash table, and uses a Bitcoin blockchain-based domain name ownership system. It answers previous criticism that a DHT as a substitute for the DNS will not suffice.

B. Qin, J. Huang, Q. Wang, X. Luo, B. Liang, W. Shi, Cecoin in 2017 proposed a distributed ledger of PublicKey Infrastructure (PKI)[5] to avoid potential failure of a central repository of PKI’s. recognition for token. A new token named Cecoin was proposed. In Cecoin, the certificates can be treated as currencies and recorded on the blockchain, which removes the single point failure problem. 

C. Cai, X. Yuan, C. Wang, in 2017 proposed a blockchain based distribution of hashed search indices to allow for keyword searching of encrypted data[6]. Due to their high reliability and scalability, distributed storage platforms draw much attention to handling massive amounts of data. The encryption is considered a necessary function for production systems like Storj to protect user and data privacy. But it prohibits the nodes from performing a content search. They observed that an integration protocol with searchable encryption and keyword search via a distributed hash table allows the nodes in a network to search over encrypted and distributed data.

S. Ram Basnet, S. Shakya in 2017 proposed the use of blockchain to secure file sharing between nodes within a Software Defined Network (SDN) [7] which protects privacy and availability of resources against non-trusting members. In this paper, they constructed a small data center by using OpenStack, managed the SDN network by OpenDaylight controller and blockchain network by using the Ethereum platform.

S.C. Cha, J.F. Chen, C. Su, K.H. Yeh, in 2018 proposed a blockchain gateway between IoT devices, specifically wearable devices, and their end-users in order to protect data privacy. User device preferences are encrypted and stored on the blockchain for retrieval only by that user. A robust digital signature mechanism was proposed for the purposes of authentication and secure management of privacy preferences.

It is always a hot issue for the related security problem in mobile devices and wireless networks, which has been studied by many researchers.  Nowadays, one of the typical methods in malware detection is feature extraction like signature and permission information.  J. Gu, B. Sun, X. Du, J. Wang, Y. Zhuang, Z. Wang, developed a consortium blockchain network in 2017, consisting of a consortium identification chain shared by test participants and a public chain shared by users to solve the question of detecting malware codes and extracting the relevant evidence from mobile devices.

Anonymous authentication can safeguard the privacy and security of users when accessing public Wi-Fi hotspots. Nevertheless, most of the current privacy-enhanced authentication schemes either do not take account of users’ accountability or are implicitly dependent on trusted third parties, and thus in practical settings are undeployable. In order to overcome this problem Y. Niu, L. Wei, C. Zhang, J. Liu, Y. Fang, in 2017 presented a paper that designs and implements an access authentication scheme to simultaneously and efficiently provide anonymity and accountability without relying on any trusted third party[9]. They utilized the unmodified Bitcoin blockchain as the powerful platform to manage and determine ownership of access credentials in a peer-to-peer fashion and introduce a completely decentralized Bitcoin mixing protocol that allows users to anonymously exchange their access credentials offline. Anonymity is provided using the existing CoinShuffle protocol.
Y. He, H. Li, X. Cheng, Y.A.N. Liu, C. Yang, L. Sun observed in 2018 that Blockchain is a decentralized, secure digital ledger of economic transactions that can be configured to not only record financial transactions, but that blockchain-based cryptocurrencies are gaining that market capitalization[10]. Thus they suggested a truthful reward system based on blockchain for distributed P2P applications that would apply a crypto-currency such as Bitcoin to motivate users to cooperate.  Users who assist with a successful delivery receive compensation in this process.

Justification of the title:

As more people join the worldwide web and technology continues to develop, more data will be created and more hackers will seek to steal or manipulate the data. Blockchain technology is scalable and immensely useful for the future of the Internet, enabling users to protect their data more effectively.

From the above literature review it is clearly evident that blockchain is emerging as a very viable technology when it comes to protecting businesses and other entities from cyber attacks. A system can ensure that it is invulnerable to hackers by using blockchains, unless every single node is wiped clean at the same time. Some companies already implement blockchain in this area to prevent the occurrence of DDoS attacks.

Analysis:

The  primary studies highlight that almost half (45%) of all studies on cyber security applications of blockchain are concerned with the security of IoT devices. Data storage and sharing is the second most popular theme, weighing around 16%. The studies include blockchain applications for searching encrypted cloud-based data and for preventing the tampering of file names and data contained within. Networks are the third commonest theme, accounting for 10%, and are mostly concerned with how blockchain can provide security and authenticity to virtual machines and containers. Data privacy and public key infrastructure are the fourth commonest theme, each with a proportion at 7%. The blockchain applications allow for end users to authenticate in some way with another entity or service so that they do not need to rely on a vulnerable central server of information. The fifth commonest theme is about Domain Name Systems (DNSs) and how blockchain can effectively host DNS records in a distributed environment to prevent malicious changes and denial of service attacks. The last common themes on our list are related to Wi-Fi, web, and malware, each accounting for 3%.

Based on the most security-focused blockchain applications , we discuss how blockchain was applied to improve cyber security in IoT, data storage and sharing, network security, private user data, navigation and utility of World Wide Web:

IoT — Permissioned blockchains (such as Hyperledger Fabric) are applied to implement permitted access control for devices (nodes) in the network to securely track data management and prevent any malicious access.

Data storage and sharing — Both public and private distributed ledgers are used to eliminate a single source of failure within a given storage ecosystem, protecting its data from tampering. That is, blockchain helps to ensure that data stored in the cloud remains resistant to unauthorized changes, hash lists allow for searching of data that can be maintained and stored securely, and data exchanged can be verified as being the same from dispatch to receipt.

Network security — the majority of works in this category use blockchains to improve Software Defined Networks (SDNs) and use containers for authentication critical data to be stored in a decentralized and robust manner

Private user data — The reason could be due to the irreversibility nature of blockchain (everybody has a copy of the ledger), which makes it hard to be used for privacy purposes, particularly in data protection. 

Navigation and utility of the World Wide Web — Blockchain is used to improve the validity of the wireless Internet access points connected by storing and monitoring the access control data on a local ledger.

The recent increase in reported incidents of surveillance and security breaches compromising users’ privacy call into question the current model of centralised data management i.e the model without blockchain, in which third-parties collect and control massive amounts of personal data. 

In the financial space Bitcoin has shown that transparent, auditable computation is possible through a shared network of peers supported by a public ledger. We can  describe a decentralized personal data management system that ensures users own and control their data. We can implement a protocol that turns a blockchain into an automated access-control manager that does not require trust in a third party. Unlike Bitcoin, transactions in our  proposed system are not strictly financial – they are used to carry instructions, such as storing, querying and sharing data.

Those typical security and access control standards today are built around the notion of trust where a centralized trusted entity is always introduced, which harms user transparency and privacy.Furthermore, they are designed around one logical server and multiple clients. As a consequence, access control is often carried out within the server side application, once the client has been authenticated. IoT reverses this paradigm by having many devices serving as servers and possibly many clients, taking part in the same application. More importantly, servers are significantly resource‐constrained, which results in the minimization of the server side functionality. Subsequently, access control becomes a distributed problem. Blockchain is a universal digital ledger that functions at the heart of decentralized financial systems such as bitcoin, and increasingly, many other decentralized systems such as Storj, a decentralized peer‐to‐peer cloud storage network.

The most important aspect of cybersecurity is the CIA triad. Blockchain implementation does not enforce confidentiality aspects as strongly as it enforces the integrity and availability of the information stored inside it. 

Confidentiality: Due to its decentralized nature, the data elements are transparent to all individuals who share their data elements with others in a single blockchain. Because of this, the confidentiality element of this technology is not readily enforceable. Data fed into a blockchain can be seen by all participants with no restrictions.

Integrity:  The data kept inside the blockchain is non editable, hence integrity of on-chain stored data is guaranteed. 

Availability: Availability however depends on the network architecture and topology. Since all the full nodes contain a copy of synced blockchain data, any new transaction is broadcasted by all the nodes in a p2p fashion.

The Challenges:

Recent hacks into blockchain systems and heists from such systems have raised serious questions about whether this new technology can be secured from ongoing, evolving cyberattacks. While the technology is known to provide an environment that is fundamentally safer than other existing centralized systems offer, security professionals warn that the current blockchain ecosystem is still immature, harboring many known as well as unknown defects.

The use of this technology can securely store information in a decentralized system environment, but system security is not the ultimate goal of this technology. For example, Blockchain’s data security is maintained by distribution of the same data to entire nodes. This only makes sense for data whose audits cannot be tampered with but are available to anyone for review. For instance, Blockchain cannot handle data which requires privacy, such as military classified data or corporate business secrets. Further, Blockchain cannot perform other data processing besides storage, such as modification and deletion. This indicates that separate security protections must be implemented to protect the rest of the data processing tasks other than Blockchain at the system level. Therefore, it is dangerous to assume that Blockchain can secure an entire system environment, making it invulnerable to outside cyberattacks

Preventing DDoS attacks using Blockchain: Implementing blockchain technology would fully decentralized DNS, distributing the contents to a large number of nodes and making it nearly impossible for hackers to attack. Domain editing rights would only be granted to those who need them (domain owners) and no other user could make changes, significantly reducing the risk of data being accessed or changed by unauthorized parties.

Software Security:The security of name ownership is tied to the security of both the underlying blockchain and the software powering it. The most important factor in the security of a blockchain is the total cost of attacking the blockchain and tampering with recently written data. Miners often pool their resources to form a mining pool, which is essentially a super node on the network (a lot of computational power behind a single miner node). If the amount of computational power under the control of a single miner (or pool) is more than the rest of the network, called a 51% attack, then that miner has the ability to attack the network and rewrite recent blockchain history, censor transactions (e.g., for name registrations), and steal cryptocurrency using double spend attacks . This is because it will win the leader election for a majority of the time, and produce a blockchain history with more proof-of-work than any disagreeing miner. The more expensive it is to control a majority of the compute power on a blockchain, the more secure the blockchain

Network Latency Spike: As a fork of Bitcoin, Namecoin shares many protocol properties with Bitcoin, including a 10 minute average leader election time (the “latency target”) and a 1MB bandwidth limit on block size (giving throughput of ∼1000 transactions per block). Namecoin on average performed well on the network latency target. As expected, most new blocks were written within 10 and 40 minutes (similar times have also been observed on Bitcoin . where network latency skyrocketed for a couple of weeks (∼1000 blocks are roughly a week). After investigating the issue and having discussions with Namecoin developers, we discovered that the latency spike was caused by software issues in Namecoin. 

Major Software Updates:For major updates, like changes to name pricing, Namecoin requires a “hard fork” in which everyone on the network must upgrade their software, and nodes on previous versions can no longer participate in the network. Anecdotal evidence suggests that it’s hard to get miners to upgrade their software because they don’t have enough incentive to spend engineering hours on maintaining a small cryptocurrency like Namecoin, which is not their main reason for operating a mining pool.

Potential Selfish Mining The signs that we noticed in the incident where miners were not accepting our transactions looked similar to a selfish mining attack . In a selfish mining attack, a miner needs to have a large amount of mining power (more than 33%), people would notice long delays in blocks followed by blocks in very quick succession, and  there will be a lot of rejected blocks. We noticed all these signs, and believe that the unusually high computing power of a single miner led to conditions similar to selfish mining. That is, the miner was able to work on new blocks faster than the others and append them in rapid succession.

Response to the exploitation and remediation process of various attacks on blockchain:

Soft fork – The soft fork will rewrite the previous data in Blockchain utilizing its well-known security flaw called “51% attack” . When a new tree of blocks spans with 51% of all nodes in agreement, the Blockchain will adapt the new tree span instead of others.

Hard fork – The hard fork will split the path and create two different versions of a Blockchain. One version will have a new software protocol, but the other version will remain the same software as previously. For those remaining as is, Blockchain will roll back transactions that siphoned off the stolen Ethers by invalidating transactions confirmed by nodes. Users who did not experience “TheDAO” hack should update to the new software protocol, otherwise all of their transactions during “TheDAO” hack will be invalidated. The hard fork will allow for all victims of “TheDAO” hack to get their funds back.

Due to the nature of decentralized systems, the Blockchain system cannot have an organizational hierarchy to respond to cyberattacks already occurring. If such a cyberattack occurs in a centralized system, the system operator or administrator could respond quickly to minimize system damage in several ways, such as 84 terminating a user session, intervening in the application process, or even shutting down the system. 

Most security controls in the Blockchain system heavily depend on inherent security features of Blockchain technology . Hence, the Blockchain system has been secured only within the area of user authentication and authorization, such as the integration of third-party Multi-Sig (ex. Parity Wallet or Bitgo). From the aspect of “single point of failure,” such security improvements within a limited system area would not help to improve overall system security at all. For example, as shown in the series of causal analysis in the previous sections, the only target of all cyberattacks (except for the second Parity Hack) was the user-authentication mechanism. After disabling or bypassing authentication protection, there was no system security component (including Blockchain’s inherent security features) to stop the cyberattacks.

Conclusion:

As blockchain continues to mature as technology, it finds a number of use cases impacting cybersecurity. Through the research done as part of this project, it is evident that Blockchain already provides a lot of practical solutions to counter cyber threats. As observed in the discussion,  Blockchain technology can be used to secure IoT devices through more reliable authentication and data transfer mechanisms. These can prevent hackers from breaching into these devices which often ship with poor security configurations. Similarly, access control issued via blockchain can work as good as RBAC and ABAC policies with added no single point of failure. The problem currently faced in some implementations of solutions based on blockchain include the type and size of data to be put on-chain. The size of data causes performance issues as it needs to be mined and broadcasted over the network. 

We conclude that blockchain is fundamentally suitable for supporting cyberspace, but it clearly needs to be made with a well thought design.

References:

[1]. Salman, M. Zolanvari, A. Erbad, R. Jain, M. Samaka, Security services using blockchains: a state of the art survey, in: IEEE Communications Surveys & Tutorials, 2018, https://doi.org/10.1109/COMST.2018.2863956.

[2]. J. Yli-Huumo, D. Ko, S. Choi, S. Park, K. Smolander, Where is current research onBlockchain technology? – a systematic review, PLoS One 11 (10) (2016) 127.

[3]. G. Zyskind, A.S. Pentland, Decentralizing Privacy: Using Blockchain to ProtectPersonal Data, 2015.

[4]. B. Benshoof, A. Rosen, A.G. Bourgeois, R.W. Harrison, Distributed decentralized domain name service, in: Proc. – 2016 IEEE 30th Int. Parallel Distrib. Process. Symp.IPDPS 2016, 2016, p. 12791287.

[5]. B. Qin, J. Huang, Q. Wang, X. Luo, B. Liang, W. Shi, Cecoin: A decentralized PKI mitigating MitM attacks, Futur. Gener. Comput. Syst. (2017).

[6] C. Cai, X. Yuan, C. Wang, Hardening distributed and encrypted keyword search via blockchain, in: 2017 IEEE Symp. Privacy-Aware Comput., 2017, p. 119128.

[7] S. Ram Basnet, S. Shakya, BSS: Blockchain Security over Software DefinedNetwork, Ieee Iccca, 2017, p. 720725.

[8] S.C. Cha, J.F. Chen, C. Su, K.H. Yeh, A blockchain connected gateway for BLE-based devices in the internet of things, IEEE Access 3536 (2018) no. c.

[9] J. Gu, B. Sun, X. Du, J. Wang, Y. Zhuang, Z. Wang, Consortium blockchain-based malware detection in mobile devices, IEEE Access 6 (2018) 1211812128.

[10] Y. He, H. Li, X. Cheng, Y.A.N. Liu, C. Yang, L. Sun, A blockchain based truthful incentive mechanism for distributed P2P, IEEE Access xx (2018) no. c.

[11] D. Fu, F. Liri, Blockchain-based trusted computing in social network, in: 2016 2nd IEEE Int. Conf. Comput. Commun. ICCC 2016 – Proc., 2017, p. 1922.

[12] Jae Hyung Lee,Systematic Approach to Analyzing Security and Vulnerabilities of Blockchain Systems,Working Paper CISL# 2019-05,February 2019

Check our latest posts here.