Enterprise Blockchain Security 2020-4

Enterprise Blockchain Security 2020-4

February 1, 2021 | Mina Hao

This chapter analyzes security threats facing enterprise blockchains.

Threats to the Underlying Layer

Storage and computation facilities, as carriers of blockchain systems and applications, are vulnerable to unauthorized access.

Physical devices, if with vulnerabilities unpatched, have themselves and their physical environments (equipment rooms) exposed to potential risks, such as unauthorized device access and compromise. The virtualization technology, which is the basis of cloud-based blockchain services, is vulnerable to resource abuse and broken access control. As the carrier of cloud-based blockchain service systems and applications, the virtualization technology (container, virtual machine (VM), and virtual network) dynamically creates and deletes virtual applications depending on the platform’s management function. As resources are used on a shared basis, security risks arise, including race condition for resources, resource abuse, and broken access control (VM escape, container escape, and virtual local area network (VLAN) hopping).

P2P networks are crucial to blockchain operations and faced with various network and communication risks. The blockchain technology adopts the P2P network architecture, allowing only permissioned nodes to join a consortium blockchain. The risk in this aspect is compromise by malicious nodes that bypass the permission or identity check mechanism. Besides, nodes and networks may suffer such attacks as network communication interception, network routing attacks, and network denialof- service (DoS) attacks. Typically, consortium blockchains are prone to Sybil attacks, where an adversary generates fake faulty nodes to make consensus impossible.

Threats to the Core Layer

The consensus mechanism/algorithm design is flawed, which may result in the crash of the trust system.

A consensus mechanism is an algorithm used to achieve the necessary agreement between nodes on a blockchain. It is the core capability of blockchains. A design or implementation flaw in a consensus mechanism may allow attackers to launch consensus attacks, weakening decentralization and lowering the degree of trust in data on the blockchain. Current consensus attacks include 51% attacks, timestamp tampering attacks, bribery attacks, selfish mining, and double-spend attacks.

Cryptographic algorithms, faced with challenges of enhanced computing power and new computation models, are at risk of being cracked in future.

The blockchain technology employs a large number of cryptographic algorithms, including hash (digest) algorithms and asymmetric algorithms. Hash algorithms may suffer hash collision attacks, leading to identity impersonation, false transactions, and consensus mechanism failure.

Asymmetric cryptography algorithms, when attacked, may affect the encryption and digital signature process, hence message disclosure, private key exposure, or identity spoofing. With the development of cryptography technologies and adoption of new technologies such as quantum computers, cryptographic algorithms now in wide use are faced with an increasing risk of being cracked.

A vulnerable operating environment of smart contracts may prevent contracts from being executed securely and fairly. VMs where smart contracts are executed and authentication and control mechanisms may contain vulnerabilities that allow attackers to consume network, storage, and computing resources by deploying malicious smart contract code and disrupting the normal business order, which may give rise to other threats. Smart contracts, after being deployed, are seldom updated, making the impact of malicious smart contracts last longer.

If the implementation of smart contract code is prone to any vulnerabilities, risks such as business fraud may arise. The language and code implementation of smart contracts may contain security vulnerabilities and backdoors, such as transaction order dependency, timestamp dependency, misoperation errors, and reentrancy attacks that once threatened the security of Ethereum. These vulnerabilities, when exploited during contract calls and execution, will affect the correctness and integrity of the contract processing logic, resulting in untrusted contract behavior and financial losses.

Ledger records are publicly accessible. If the ledger contains sensitive information or associates accounts with true user identities, or links between blockchain transactions are leveraged to guess sensitive information, blockchains are at risk of user privacy disclosure.

Threats to the Service Layer and User Layer

An insecure access and node management mechanism may allow unauthorized users or malicious nodes to gain access to a consortium blockchain, giving rise to the risk of exposing internal data of the consortium blockchain. Some consortium blockchains use a weak consensus mechanism for the purpose of better performance and at the same time use trusted nodes as a complement to the trust mechanism. In this case, unauthorized node access would probably lead to 51% attacks or ledger tampering, affecting the consensus result.

Any vulnerabilities in ledger applications or in the logic design and implementation of service functions may disrupt the secure operation of services.

Application security relies on the service logic, service code, and how thoroughly tests are conducted. Related risks include the logic error, trojans, and backdoors.

User and management functions are responsible for management of blockchain users, platform users, and platform functions, with the potential risk of identity spoofing, improper permissions, privilege escalation, and misoperation.

Threats to Cross-Layer Functions

Cross-layer functions include development, operations, security, and supervision and audits, which are paramount to the proper running of the blockchain platform, services, and business. They are exposed to the risk of insufficient management of resources and business lifecycle management. Traditional monitoring, operation and maintenance (O&M), and disaster recovery functions are prone to the risk of improper administrative privileges and loss of control over the management process. Besides, crosschain service management should take cross-chain data disclosure into consideration.

To be continued.