by Scott J. Carlson | Jan 8, 2019 | Blockchain
Ledgers of transactions have existed for millennia, mostly validated by some centralized authority to vouch for their accuracy. Although centralized authorities have done an excellent job; there are times when it might not be in your best interest to trust any centralized authority to validate the authenticity or accuracy of information or to prove transactional validity. In cases where this is true, Digital Ledger Technology (DLT) can come to the rescue. For a DLT to work, lots of participants must agree to participate in proving that the information or transactions are accurate. Each of these participants are given a copy of the data and then they all execute specialized computer programs, each proving that the integrity and availability of the information is factually accurate. When enough participants agree that the accuracy is there, the transaction is confirmed, thus affirming TRUTH without relying on a single third party.
If you are an enterprise level officer reading this article, you are likely to be called upon to increase the trust level or PROVE to your customers, clients, patients, or constituents that you can still be trusted. In 2019, building solutions based on an enterprise DLT are likely to be part of your technology solution to this business ask.
I’m hoping terms like Bitcoin, Ethereum, and Blockchain aren’t crossing your eyes for the first time. These, the technology that backs them, and conversations surrounding them have been the talk of major news publications and the internet-at-large for a year or more now, driven primarily by the price fluctuations of the crypto-currency value. What you may not have realized, is that the technology foundation underneath cryptocurrencies is DLT.
As you probably saw on the news or experienced first-hand, the value of the cryptocurrencies plummeted in the last half of 2018 and many startups in the ecosystem have declared the equivalent of bankruptcy. To some, this is a sign that the world is just not ready AT ALL for digital currency or shows that it was not ready for new types of funding models, as seen with the ICO craze. To others, like me, this is a time to review the ecosystem of products that were (or were not) developed for these cryptocurrencies, see which technologies stuck, and then see which solutions are bordering on becoming enterprise ready so that we can realize the benefits.
As I look into what is coming in 2019, I see that we are ready as an industry to drop the word “blockchain” for enterprise-level conversations and instead focus on DLT.
Although most enterprises do not need a monetary cryptocurrency, some may want a utility token in which to exchange value between corporate entities, or reward employees for good deeds (PayPal Employee Reward Token), but often enterprises just want to prove the truth instead of exchanging value. Enterprises likely will focus on building trust with this technology because there is a large trust gap in the world today.
The area of focus I see in 2019 is Trust Delivery.
Trust is delivered with DLT because you can ensure the data has not been modified. In many cases, you can ensure that the integrity is present, that privacy is preserved, and that the centralized entity has not taken steps to leak the data, access the data, or modify the data to suit their own needs. I believe people in the world want to see transparent proof that enterprises are moving to the next level to protect them. In fact, consumers are likely to move toward a model where they start with distrust and enterprises must build that trust back up. There have been far too many data breaches for consumers to believe otherwise.
In 2019, a number of uses cases will likely be focused on by enterprises, all of which will need services, tools, and foundational infrastructures to appropriately deliver them:
- Proof that data is private, and that privacy is preserved as data is transferred
- Proof that data has been written as intended, preserves its integrity, and can only be updated and accessed by the intended owner
- Proof that no third party has accessed the data
- Proof that entities have monitored all of the above
All of the above need tools, infrastructures, blueprints, and expertise. Enterprises are looking to be fast or slow followers in the area of DLT, which means many of them are lacking the internal skill to deliver a quick technology solution when asked by their management. I don’t want to focus on the skills gap in the world of DLT or encryption, but I instead want to just point-out that expertise will need to be externalized in this space. This is one of the few areas which I would personally recommend going outside of your company to initially or permanently build your expertise.
If I were to give three pieces of advice to start 2019, it’s this:
- Never invent your own cryptography: One of the top sins of information security is to invent your own cryptography – which in the world of DLT is the number one rule. Enterprises should bring in trusted builders, libraries, and methods to ensure that the foundation of their trust infrastructure is sound.
- Always get a second opinion if you are delivering a trust solution: There is a reason international standard recommendations like SANS, PCI, NIST, and HIPAA require third-party audits. These are required because no matter how good YOUR experts are, humans are fallible and you’ll always want to bring in one or many external parties to ensure your code is reviewed, tested, audited, pen tested, attacked, monitored, etc. Your level of diligence should match the importance of your application and the data within. Plus, your customers will appreciate it.
- Do not forget the basics: DLT (Blockchain) is simply application code and really strong math. This means that you need all of the common enterprise architecture components WITH IT to deliver a comprehensive solution. Do not forget things like the SANS TOP 20 when you look to build an architecture. People do not first attack the difficult cryptography – they first attack the common easy vectors like password reuse, unpatched infrastructure, or administrative interfaces that you accidentally left exposed to the internet. Please don’t let your DLT solution be compromised because you forgot one of the basics.
As we move quickly into the world of trust in 2019 and your organization looks to speed ahead or just dip their toes into the world of “Enterprise DLT” (aka Blockchain), keep in mind that not only do you have to use trusted and proven math solutions, apply your historic security practices and audit your built product – but you need to have a solid business case to enhance or improve something useful within your company.
To me, in 2019, the number one blockchain business case is Trust building.
by Christina Anderson | Nov 20, 2018 | Blockchain
Blockchain is full of superlatives. The most verifiable, most immutable, most 21st century way to transfer value.
But one of the most widely used superlatives to describe this technology is “most secure.” The idea that blockchain technology finally has a resolute answer to the age-old challenge of secure transactions has an eager audience.
So, Ryan Spanier’s interview with Eléanor Payró of CNN Money Switzerland is timely as he unpacks some of the issues around blockchain security.
- Blockchain networks are hackable. Beyond standard software vulnerabilities, the trust model of a blockchain network can be attacked through a “51% attack.” The goal of this attack is to control the majority of the resources/stake on a blockchain network. If you control the majority, you can define what truth is on the network. For cryptocurrencies, this can result in double spend attacks. Large blockchain networks, such as Bitcoin, are less vulnerable because they require the co-option of significant resources, which soundly outweigh the rewards earned from mining. Check out crypto51.org to see how expensive it would be to acquire 51% of the top cryptocurrency networks. However, other alt-coin networks could be attacked with less than $1,000.
- Blockchain networks also rely on the security of the users. For example, a user needs to secure their private key themselves. If this key is exposed, then an attacker assumes the identity of the user to e.g. spend money from their wallet.
- Secure smart contracts are extremely complex and difficult to develop.
Pressure to shrink time-to-market, the complexity of technology and the lack of a mature blockchain software development library and SDKs as a reference, all contribute to the introduction of vulnerabilities.
Find out more about Kudelski Security’s crypto assessment services, algorithm design and implementation, and custom development.
by Nathan Hamiel | Jul 30, 2018 | Black Hat, Blockchain, IoT, Kudelski Security
As Black Hat continues to draw closer we wanted to take a moment to highlight some talks that we are excited about. There is a lot of great content, so picking just a few was difficult, but these are the presentations that I and some of my colleagues are looking forward to attending.
AI & ML in Cyber Security – Why Algorithms are Dangerous
By Raffael Marty
The topic of AI disciplines is one I spend quite a bit of time talking about myself. It seems you can’t turn anywhere these days without encountering some product claiming to use a subset of AI in some “advanced” way. A healthy dose of real-world challenges helps cut through the marketing hype and get to core issues. This talk is a much-welcomed reality check.
Blockchain Autopsies – Analyzing Ethereum Smart Contract Deaths
By Jay Little
Blockchain technologies aren’t just for cryptocurrencies. This technology is gaining more and more acceptance in the business world and being used or evaluated to solve a range of business challenges. Blockchain technologies aligned with business challenges, like Ethereum Smart Contracts, have a higher chance of success and longevity. Understanding how these contracts work as well as the various risks they present, is critical.
Applied Self-Driving Car Security
By Charlie Miller, Chris Valasek
Come on, who doesn’t love the thought of hacking self-driving cars? What’s even better is getting this information from the experts on the subject. In the not too distant future, we will share the road with people taking a nap, eating lunch, and texting. Okay, we do that now, but in the future people may not have control of their cars the way they do today. Highlighting these risks now helps us avoid running into them tomorrow. This presentation promises to be informative and entertaining.
Understanding and Exploiting Implanted Medical Devices
By Billy Rios, Jonathan Butts
Self-driving cars are one thing, but IoT gets scarier when it’s inside your body. Increased attack surface from a device inside your body is the stuff of nightmares and Hollywood movies. This presentation promises to shed light on these risks.
WebAssembly: A New World of Native Exploits on the Browser
By Justin Engler, Tyler Lukasiewicz
WebAssembly is a technology supported by all of the major browsers that allows for the compilation of languages like C, C++, and Rust for the web. WebAssembly makes a promise of better performance and increased security, but is it a lot of hot air? This talk highlights this technology and the security risks it introduces.
Squeezing a Key Through a Carry Bit
By Filippo Valsorda
Although this presentation isn’t some destruction-of-the-Internet-style vulnerability, it demonstrates a great example of why no small bug should be ignored. In an amazing feat of crypto engineering, by exploiting a single bit bug, the presenter shows how a cryptographer’s worse nightmare comes true. Secret keys can be recovered in about 500 submissions on average. Don’t miss this highly technical talk on the cryptography track that shows a small bug can yield a big result.
Kudelski Security Events
We also have a few events happening while we are out in Vegas.
Join us for our Kudelski Security Bash party Tuesday night from 6-9pm in the Foundation Room at Mandalay Bay.
We are also doing a couple of breakout debriefs from 4:30-6pm on Wednesday, August 8th, and Thursday, August 9th. Wednesday’s session is on IoT and Operational Technology security. Thursday’s session is on Blockchain. Use the following link to RSVP for these sessions.
If you are hanging out for Defcon as well, check out our presentation:
Reaping and Breaking Keys at Scale: When Crypto Meets Big Data
Presented by Yolan Romailler and Nils Amiet.
In this talk, we show how we collected over 300 million public keys leveraging our scanning infrastructure and our open source fingerprinting tool, Scannerl, and tested them for vulnerabilities such as the recent ROCA vulnerability or factorization using batch-GCD. We performed this analysis on a 280 vCPU cluster and are able to test new keys against our dataset in just a few minutes thanks to a novel in-house distributed implementation of the algorithm. As a result of our research, we could have impersonated hundreds of people, mimicked thousands of servers and performed MitM attacks on over 200k websites. Fun stuff.
If you see any of us around the week after next, say hello. See you at Black Hat and Defcon!
by Vishruta Rudresh | Apr 12, 2018 | Blockchain
Current blockchain technologies expose institutions to security risks that plague current business processes and much more. Early demonstrations of vulnerabilities in blockchain implementations have helped us compile the following list of security risks.
While blockchain does provide integrity, it does not, however, entirely prevent the possibility of unrelated data being added to the blockchain. The phrase ‘ holds true in a blockchain system of records, just as is with a centralized database. This trustless nature of blockchain could be leveraged to buy and sell malware between anonymous persons. At Black Hat Asia 2015, Interpol demonstrated a proof of concept malware that subverted the underlying blockchain of Bitcoin. In another instance, researchers from the University of Newcastle also introduced a botnet command and control to send messages to bots on the Bitcoin network.
One might argue that there are several processes that enable specific transactions to be verified by specific nodes (validators) in a blockchain network, thereby uploading the integrity of the transaction and the trustful nature of the Blockchain. However, such processes seem to have inherent flaws. For instance,
- Sharding: a process that requires the use of transaction receipts for one shard to communicate with the next can introduce significant faults (i.e. reversion of subsequent transactions) if a specific subset of validators was to wrongly validate transactions to which other members of the same blockchain refer to.
- Blockchain pruning: a process that involves downloading block headers (a hashed version of past data) and the underlying data of the most recent blocks and then cross-referencing them with other nodes (rather than downloading the entire database) has some serious security challenges – if an attacker were to convince a user/node that the fraudulent block headers they verify are genuine, the malicious header would then become part of the Blockchain network and hence, all subsequent transactions can/would be corrupted.
The caveat with blockchains is that their pseudo-anonymous nature can help protect the identity of malicious persons as well. Furthermore, blockchains, if designed to be a public, some data (public keys used by the persons involved in the transaction, personal data, etc.) on the blockchain are made available for the public to glean information and determine the identity of a person. In addition, blockchain data being foremost in the functioning of smart contracts provided they are not designed or implemented as per the best security practices, stand to pose the potential risk of sensitive data leakage as well.
Smart Contract Risks
Smart contracts are essentially programs that run on the distributed ledger. As is with any software, the more complex a smart contract, the more prone it is to errors. Generally, the function and the security of smart contracts code depends on the coder’s abilities. A review by Peter Vessenes found that large numbers of template contracts available on the web for the Ethereum scripting system contained significant vulnerabilities. In June 2016, approximately US$50 million in assets was drained from a newly formed digital venture capital fund, the DAO, due to an unintentional flaw in its smart contract code.
The distributed nature of blockchain architecture makes it difficult to shut down a malicious program. An instance of this is the presence of rogue wallets (a very large number of malicious wallets) that push large amounts of spam transactions to the blockchain network. This increases the processing time, resulting in a potential denial of service (nodes will be checking the validity of the fraudulent transactions)
The security of the blockchain is limited to the strength of the cryptographic algorithms used and implemented. For instance, blockchains (Bitcoin) are known to use ECSDA as one of their underlying cryptographic algorithms, however, ECSDA is vulnerable to fault attacks. Furthermore, some blockchain implementations rely on software solutions to generate and manage cryptographic keys. However, software solutions tend to have weakened random number generators, making them susceptible to brute force attacks
In foresight, it can be stated that blockchains face quantum computing risks as well. Quantum computing is being advocated to threaten the very premise of asymmetric cryptography. Popular security algorithms that are used for securing information through a complicated challenge (e.g. RSA, ElGamal) is said to be resolved in a shorter period of time through the use of quantum computing. Thereby incentivizing attackers who otherwise would have refrained from breaking a cryptographic algorithm.
Some consensus protocols are slow to compute, providing a window of opportunity for an attacker to creep into the network. Few other protocols do not have the concept of penalties to the participating nodes, making it easier for a malicious user to attack. There is also the possibility of Consensus Hijack or the 51% attack – if more than half of the computers working as nodes to service the network tell a lie, the lie will become the truth.
‘51% attack’ was highlighted by Satoshi Nakamoto when he launched Bitcoin. This enables a group of attackers to achieve consensus in their favor. Another consequence of such an attack is in the perspective of adoption. Any chain coming under attack might see an outflow of participants, leading to the question of which chain should be considered as the “main” one to follow (due to the potential fork of the “main” chain) as well as potentially crippling the value of that chain.
This risk is associated with upgrading the blockchain software. Nodes which do not get upgraded in a timely manner run the risk of working on an outdated chain, resulting in an ordinary chain to be forked into two chains (new and old chains). This, however, could be mitigated by implementing a fixed-time notice period prior to regulator-issued major protocol updates being made effective.
Sidechains (mechanism that allows tokens from one blockchain to be securely used within a completely separate blockchain but still moved back to the original chain if necessary), in certain cases, pose the risk of a user not contributing the relevant mining power to secure that chain because the user no longer has an interest in tracking the data and maintaining the operation of a sidechain. Furthermore, there is also the potential risk of a sidechain gateway, a mechanism used to transfer assets and messages between chains, being invalidated. An instance of this can be illustrated in the case of a Bitcoin sidechain where a user will “lock” Bitcoins in an address on the main Bitcoin Blockchain and then issue proxy tokens for these on the sidechain, allowing users to exchange sidechain tokens for the original token and also transact with others on that sidechain (this mechanism is called a 2-way peg). If, however, the initial “locking” transaction is later considered invalid, then subsequent proxy-token transactions would also be affected. Additionally, owners of proxy tokens that had been affected would not be able to convert these back to the original asset via the pegging mechanism.
A benefit, however, is that fraudulent transactions or attacks on a sidechain do not affect the validity of data held in the parent chain. But, in the event that a sidechain was to be put out of service, the benefit becomes an unmanageable bane on the parent chain, subjecting it to high-stress levels as the sidechain users migrate their transaction volumes to the parent chain.
Error in logic and poor implementation of blockchain, smart contracts, or identity management enables attackers to obtain access to the blockchain and steal personally identifiable information. It can also result in fraudulent transactions such as:
- Double-spending: This involves sending two transactions, one of which will cancel the other.
- Hacked key: This type of transaction is broadcast to the network but has not been conducted by the true owner. This happens when a third party obtains unauthorized access to a key.
- Non-compliant transaction: This type of transaction is mainly applicable to permissioned, regulated networks. It involves broadcasting a message either from an unauthorized address or against predefined business rules (Note: Hyperledger solves this issue with a blend of enrolment (authorization) certificates and single-use transaction certificates to allow transactions).
Furthermore, misconfigurations or absence of patches can help attackers compromise security vulnerabilities in the code that operates the Blockchain or the application built on Blockchain. There have been several instances of these reported over the years – In August 2016, the Hong Kong-based Bitfinex cryptocurrencies exchange suffered a breach when security vulnerabilities within individual organizations and service providers were exploited. In this attack, almost 120,000 Bitcoin were removed from customer accounts and similarly, in November 2017, a single user involuntarily triggered a software flaw that froze roughly 70 crypto-purses worldwide.
From the hoard of security risks posed by blockchain technology, it would be a misstep to state that “Blockchain s are inherently secure.” They do pose the risks and threats associated with traditional software solutions and do require a comprehensive framework to identify and respond to security threats and risks related to any blockchain implementation.
by Vishruta Rudresh | Apr 3, 2018 | Blockchain
Blockchain, the technology underlying cryptocurrencies like Bitcoin, Blockstream, Ethereum, Ripple, is considered a phenomenon by its proponents and is touted as a solution to all of the inefficient information processing systems. Critics, however, remain wary of its applications and socio-economic benefits. Either way, Blockchains and their applications are expected to grow exponentially, thereby urging us to question their security challenges and risks.
Blockchains are in part a computing infrastructure, a transaction platform, a decentralized or distributed accounting ledger, and a peer-to-peer network. They are considered to be reliable, transparent (to an extent), autonomous, and immutable. Blockchain also evokes trust among its users via mass validation and secure authentication, while providing integrity and confidentiality.
In summary, blockchains seem to pose the capabilities that could disrupt the Internet as we know it (IPFS as a replacement for HTTP). However, as with any technology, there are grave challenges and risks associated with it. In part two of our series, we’ll delve into specific security challenges and risks that blockchains face.
In part one, we’ll illustrate the security challenges that plague blockchains. While each specific implementation or use case of a blockchain brings its own security challenges and risk implications, there are, however, some common challenges.
Blockchains and their applications have uncertain legal and compliance requirements due to their distributed nature. No known nation has any defined rules or regulations regarding them. Additionally, current security standards and regulations also seem ambiguous in a blockchain ecosystem and pose a formidable challenge in implementing the same technically. For instance, GDPR (General Data Protection Regulation) requires companies to implement “right to be forgotten” regarding data collected from EU citizens. This, however, can be grueling to implement considering its distributed nature (multiple parties have the data from the ledger and would be difficult to track and delete all concerned data).
Also, security policy implementations such as incident response management, vulnerability management, etc. would be hard to document and implement considering the distributed nature of blockchains. For instance, ensuring timely patching of all instances of the blockchain in a consistent manner would be difficult and poses unique risks to organizations that implement blockchains.
Finally, with increasing range of blockchain offerings, there exists the unique challenge of constructing a detailed threat model on which organizations can perform a risk assessment. The extent to which a compromise can impact the overall blockchain ecosystem is still quite unclear considering it also lacks the clarity of oversight and auditability that most traditional centralized systems offer.
- Blockchain harbors unique operational constraints. For instance, centralized logging and monitoring are essential for enterprise environments but have not been addressed in blockchains.
- Blockchains have inherent issues pertaining to scalability, latency, storage, and performance in their current form.
- Blockchains have a large attack surface. Their distributed nature allows confidential information like payment data to be replicated in a number of places, potentially offering hackers more places to get their hands on it.
- Blockchains have interoperability challenges. Using different distributed ledgers will likely bring the need for data sharing between them. Exchanging data will require translation of formats and protocols, which currently are in the nascent stages.
- Unlike traditional systems, where a server administrator is capable of tracking attempted break-ins into a customer or user account, in blockchains, a malicious user can try limitlessly to decrypt or try to reproduce a private key associated to a given ledger. Tracking attempted break-ins with blockchain is close to impossible, and one is not aware until after the hacker has succeeded.
- The veracity of each entry in blockchain rests on who controls the private key for each compromise of the private key can jeopardize portions of the blockchain and the data it holds.
- Lack of tools to combat illegal activity. Though it might be possible to identify who owns an address used for money laundering, despite attempts at obfuscating the transaction, it is not possible to block these types of transactions in advance.
- The consensus-based nature of adoption combined with the cross-application and industry aspirations of blockchain technology means protocols may not evolve sufficiently fast or in correlation with more complex business needs.
- Another challenge that arises with users is that the blockchain network could be more trustworthy than the machine used to access it. Though the record of the transactions would be verifiable, the intent to perform that transaction might not be.
- Reverting previous actions or fraudulent transactions in a decentralized chain is not easy, and its ramifications are uncertain as well.
Keeping in the mind the challenges that blockchains bode, it is recommended that organizations determine if their application truly requires a blockchain implementation or not. If it does, it is best to follow known security implementation standards for applications and cryptographic implementations. Additionally, ensure to use multiple signatures for authorizing and processing transactions; use standardized libraries for smart contracts (Smart contract security best practices), and use post-quantum crypto such as SPHINCS as a future-proof solution against quantum computing.