If you think Blockchain is secure, this talk from two experts on the matter will make you think again. Dr Melanie Rieback – CEO of Radically Open Security – and Dr Klaus Kursawe – GridSec.org – explain why this technology, contrary to common belief, comes with a huge number of risks. One of the main characteristics of blockchain, immutability, though designed for security, turns out to be one of its weakest spots.
Secure by design
The idea of blockchain had existed for a while in computer science, but the concept became well-known with the advent of the bitcoin cryptocurrency that is based on them. Since that point, many use cases have arisen, such as the managemement of supply chains (tracking the life-cycle of your vegetables for example), music distribution, new video games and even online voting.
Let’s start with a definition of blockchain. A blockchain is, in the simplest of terms, a time-stamped series of immutable records of data that is managed by clusters of computers that are not owned by any single entity. Each of these blocks of data is secured and bound – or chained – to each other using cryptographic principles. A shared and immutable ledger, the information it contains is open to anyone and everyone to see, which is why it feels so ‘democratic’.
The trust distributed between members, the cryptography used to chain the blocks and their immutability is what makes blockchain secure “by design”. Or at least, that is what many people think…
Even though the inherent possibilities of this concept seem endless, Dr Melanie Rieback claims that not everything about this technology has been openly discussed and raises some security questions that few people dare to – and some simply don’t want to – address. Dr Klaus Kursawe investigated the vulnerabilities of blockchains (known in scientific terminology as ‘byzantine fault tolerant total ordering protocols’) in 2000. The general concept has been investigated in computer science for over 20 years – there’s nothing new about it.
In practice, there are downsides to the immutability of blockchains. Think about security updates. Security patches are one of the most important ways of keeping software secure. Programmers make mistakes and introduce bugs, and so programs need to be corrected, especially if the bug introduced creates vulnerabilities. The immutability of blockchain makes this difficult because the data cannot be modified. If the patches include changes in the data structure, they cannot be applied to a blockchain.
Another problem is that when the wrong data gets inserted into the blockchain, it’s impossible to remove it. Think about GDPR and the right of users to remove their personal data. This is not possible with blockchain, even if something ends up in the chain by mistake. There are already cases where “bad” data has been inserted into several public chains. In the bitcoin blockchain alone, people have managed to insert rickrolls, Wikileaks Cablegate files, photographs, Valentine’s Day love messages, and even a tribute to Len Sassaman, a security advocate who was less than positive about blockchain.
Even if blockchain had no vulnerabilities, we would need to be aware that using it doesn’t guarantee security, because the chain software is only a small part of the system. There is a whole ecosystem built around the blockchain, with applications, APIs and complex protocols which can contain bugs.
Anther potential vulnerability comes from mining pools. Mining pools involve a large number of members working together on a chain. In these groups, if 51% of the members agree, then they can basically make decisions on their own without any exernal control. Double spending can occur if the members in a mining pool first spend, then reverse the transaction, without the need for consensus. Even with a big blockchain, reaching the 51% required to take control can be achieved through a very big investment of mining capacity and electricity. It might not be something a normal citizen could achieve, but perhaps a government…
Quantum computing brings another challenge to the mix. The current computing speed of quantum computers could break any system based on any kind of encryption, and blockchain is just one of these. Quantum computers can also use a 51% attack to disrupt the blockchain security system. And here again, those who have the quantum computers first win.
Another issue to consider is the operational security of the endpoint devices. Attacks on members, who often share the same operating systems, libraries and implementations, can occur.
Considering the specific use case of the supply chain, think about the possibility of tracking the tomato you are eating from the moment it was harvested to the moment it’s on your table. How do you actually prove that the actual object and the digital equivalent in the chain are related? You could use a QR code or a bar code, or something more advanced, such as RFID, but there is no guarantee that the sticker/RFID on your tomato or box corresponds to what is in the blockchain (even providing that the RFID was secure to start with).
These factors make it clear that blockchain might not be a good solution where the integrity of the data is of high importance, such as for public voting. The risks of cryptocurrency also should not be taken lightly. Perhaps blockchain is a technology more appropriate for ‘simple’ use cases, where the distributed nature is useful but the well-being of people is not at risk, such as review systems, games or web browser certificate validation.