Blockchain Security – A Delicate Balance Between Keeping Hackers Out and Letting Users In

HodlX Guest Post  Submit Your Post

 

Originally created to support Bitcoin, blockchain technology is becoming more popular as people discover its uses beyond cryptocurrencies. One study found that 81 of the 100 largest companies in the world are actively pursuing blockchain-related solutions. In light of this newfound popularity, concerns over blockchain security arise.

So, let’s explore blockchain security and how it works, as well as some practical examples. But before we start, let’s all take a moment to appreciate the irony of blockchain security being questioned when it was created to provide more security in the first place.

As someone who has been involved with Web 2.0 and Web 3.0 development for years, I know security is never taken lightly. Keeping your product secure without compromising its usability is another challenge – much like keeping your house safe without locking the door.

Understanding blockchain security requires grasping the key security attributes of a blockchain network. To put it another way, what are the main focus points when it comes to making sure that a blockchain network is secure?

Transaction integrity

To begin with, blockchain transaction contents should not be changed during transitions. In other words, the transaction’s integrity should remain intact. It all comes down to the very definition of a blockchain, which is a chain of blocks that contains transaction records.

Once the transaction has been validated by all nodes in the network, it becomes immutable, (i.e., it cannot be altered after validation). Every transaction in the chain is verifiable, immutable and time-stamped.

Tamper-resistance

In order to be tamper-proof, a blockchain must prevent tampering, both with the objects within an active transaction, as well as with the historical data already stored in the blockchain blocks. This is ensured by using methods like the SHA-256 hashing algorithm, public-key cryptography and Digital Signature.

As an example, the Bitcoin blockchain discourages tampering because it would result in automatic exclusion from the network. A node operator responsible for approving transactions and adding new blocks to the chain is actively discouraged from tampering with the records as it will be easily discovered.

If a node becomes inactive and no longer in consensus with the rest of the network, the node operator stops receiving mining rewards. To put it another way, Bitcoin node operators don’t have any reason to mess with the ledger.

Regardless of the consensus mechanism behind them, all blockchains should rely on incentivizing node operators not to tamper with the records. This incentivization mechanism ensures that the distributed ledger remains tamper-proof regardless of how much it grows and how many blocks are added to it.

This is similar to a security guard in a bank who would have no incentive to steal if they were rewarded for protecting the money instead. The reward encourages honest behavior and discourages any thoughts of attempting to tamper with the records.

Consistency

Blockchain’s ledger should be consistent. In other words, it means all blockchain nodes should update the record simultaneously. A blockchain network, as we know, is made up of many nodes. Since blockchain is a distributed network, every time a new block is added, all nodes should be updated simultaneously.

This is similar to having an orchestra of musicians playing different instruments all in harmony. It is important that each musician is in tune with the others in order to produce a beautiful sound.

Similarly, the nodes in a blockchain network need to be in harmony in order to keep the ledger consistent. That’s a lot of pressure. What happens if one of the musicians (nodes) makes a wrong note? Do they have to start the whole song (blockchain) over again?

Resistance to attacks

Among the types of attacks that may occur on blockchain networks are DDoS (distributed denial of service) attacks, double-spending attacks, majority consensus attacks (51%) and Sybil attacks, in which malicious attackers present bogus identities in order to cause Byzantine faults.

In the case of the latter, Sybil attack resistance comes with significant complexity, performance and cost tradeoffs.

According to one research, among the systems with strong Sybil attack resistance are PoW (proof-of-work)-like mechanisms that rely on some form of scarce resource constraint (CPU, memory or otherwise) and PoS (proof-of-stake)-like systems that rely on staking of resources (e.g., cryptocurrencies, stablecoins, reputation tokens).

Combinations of the two – for instance, when PoW bootstrapping is used in conjunction with PoS execution – also show resistance.

Overall, it is essential that a security system protects ledger contents and transactions against such malicious attacks – analogous to having a robust lockset on a door that protects against burglary attempts while allowing entry to those with the key.

Data and network access

Access to blockchain data is another critical aspect of security. For blockchain to function properly, every user or node must be able to view the records saved on the ledger at any time. The ability to access this data is critical for blockchain users since it guarantees that everyone remains informed of the latest blockchain updates.

One of the technologies that ensure the security of assets while maintaining easy accessibility is MPC (multi-party computation). The MPC technology prevents the risk of a ‘single point of compromise’ by eliminating the need to store sensitive information at one location.

Multiple parties receive the private key split into shares, encrypted and divided among them. If a private key is lost or stolen, it can be reconstructed dynamically from input from all parties.

Therefore, even if one party is compromised, the blockchain transaction cannot be executed using only that shard. It’s like a bank vault with multiple locks that are opened using different keys by different people. Even if one key is stolen, the thief can’t open the vault without the other keys.

Pseudo anonymity

Pseudo-anonymity in blockchain means that only addresses are revealed – not the names of the users behind them. This helps protect user privacy and allows them to perform transactions without revealing their identity, creating a trustless and secure financial ecosystem.

However, the lack of transparency in a blockchain can also be a double-edged sword. While it protects user privacy, it also makes it difficult to track down bad actors and hold them accountable for their actions. This lack of transparency can create an environment ripe for fraud and abuse.

According to Chainalysis, ransomware attackers extorted at least $457 million from victims in 2022. So, to ensure a secure and trustworthy system, it is equally important for users to hold bad actors accountable – hence, transparency needs to be balanced with privacy.

In a way, it’s like finding the right balance between a castle’s security and its friendliness. Too much security can make it difficult to access the castle, while too little can make it vulnerable to attack from outsiders.

Similarly, too much transparency in a blockchain can lead to privacy violations, while too little can lead to fraud and abuse. So, if you want to keep your castle safe, make sure you find the middle ground between ‘Fort Knox’ and ‘Disneyland.’

Final thoughts

It cannot be overstated how important blockchain security is in preventing unwanted intrusions. However, usability should also be considered. Developers need to consider attackers as well as users when creating blockchain security solutions.

Giving equal attention to usability does not mean sacrificing security. Instead, keeping the user in mind is key to designing effective security systems. Some already exist, and it will be great to see more in the future.

Blockchain security solutions should be like a mama bear – tough enough to keep intruders away but gentle enough to give users a hug when they need it.


Taras Dovgal is a serial entrepreneur with over 10 years of experience in systems development. With a passion for crypto since 2017, he has co-founded several crypto-related companies and is currently developing a crypto-fiat platform. As a lifelong startup and web development enthusiast, Taras’ goal is to make crypto products accessible to mainstream consumers – not just techies.

 

Check Latest Headlines on HodlX

Follow Us on Twitter Facebook Telegram

Check out the Latest Industry Announcements
 

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/Space creator/Vladimir Sazonov

Source: https://dailyhodl.com/2023/02/15/blockchain-security-a-delicate-balance-between-keeping-hackers-out-and-letting-users-in/