Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Information security in private blockchains

4.916 visualizaciones

Publicado el

The InfoSec implications of using a blockchain rather than a centralized database to store inter-company information.

Publicado en: Tecnología

Information security in private blockchains

  1. 1. Information security in private blockchains Dr Gideon Greenspan, Founder and CEO
  2. 2. Overview •  Blockchain databases •  Internal risks •  External risks •  Mitigation strategies •  Summary
  3. 3. Centralized databases ClientServer Client Request
  4. 4. Blockchain databases Node Node Node NodeTransaction Block
  5. 5. Blockchain databases Node Node Node NodeTransaction Block Blockchain Consensus created by validator nodes
  6. 6. Ledgers in regular databases Account number Balance 04823872 £ 229.94 20956298 £ 431.05 38103749 £ 183.67
  7. 7. Ledgers in blockchains Public key hash Balance 13B9cMd5Ch9fu6qU4 94gHTfAPFQfq3ZSGx £ 229.94 1FRZvSBc1cRFbmwbz NhhaQTyRJXRujN2Sq £ 431.05 1HDxhfeoSQmVNzTnZ RLe2Z6nJ1LLAuGWpa £ 183.67
  8. 8. Ledgers in blockchains Public key hash Balance 13B9cMd5Ch9fu6qU4 94gHTfAPFQfq3ZSGx £ 229.94 1FRZvSBc1cRFbmwbz NhhaQTyRJXRujN2Sq £ 146.83 1FRZvSBc1cRFbmwbz NhhaQTyRJXRujN2Sq £ 284.22 Multiple entries for one account ⇒ concurrent distributed transactions
  9. 9. Internal risks: regular node •  What can a bad regular node do? ⤫  Spend somebody else’s money ⤫  Create more money ⤫  Spend own money twice ⤫  Flood the network (denial of service) ⤫  Censor transactions •  Why are we so confident? ü  7 years of bitcoin history
  10. 10. Internal risks: validator node •  What can a bad validator node do? ⤫  Spend somebody else’s money ⤫  Create more money ⤫  Spend own money twice ⤫  Flood the network (denial of service) ⤫  Censor transactions ü  Delay transaction confirmation ü  Resolve conflicts with bias
  11. 11. Internal risks: validator majority •  What can a bad validator majority do? ⤫  Spend somebody else’s money ⤫  Create more money ⤫  Spend own money twice ⤫  Flood the network (denial of service) ü  Censor transactions ü  Delay transaction confirmation ü  Resolve conflicts with bias
  12. 12. External risks: network violation ⤫  Denial of service –  Peer-to-peer resilience ⤫  Wiretapping –  Handshaking with digital signatures –  Extend to encrypted communication ⤫  Spoofing / Man-in-the-middle –  Impossible without key compromise –  Transaction source irrelevant anyway
  13. 13. External risks: host violation Blockchain node Centralized client Centralized server Read mine ✓︎ ✓ ✓︎︎ Read all ✓ ✕ ✓︎ Write mine ✓ ✓ ✓ Write all ✕ ✕ ✓
  14. 14. Mitigation: Cold storage •  Offline “cold” private key (air gapped) – Most funds stored in cold address – Refill “hot” address as necessary http://bitcoingarden.tk/trezor-the- hardware-bitcoin-wallet/
  15. 15. Mitigation: Multisignature •  Lock funds under n different keys – Stored on different nodes/devices •  Require m of those keys to spend – Special type of ledger entry •  Variations: – 1 of 2 for key loss – 2 of 2 for host security – 2 of 3 for escrow
  16. 16. Blockchain security: summary Confidentiality ▼ Integrity ▲ Availability ▲ * * Watch: zero-knowledge proofs

×