If you live in the Tech world you may have noticed there’s a lot of talk about Blockchain, in fact, there’s so much talk that sifting through the hype to get to the facts can be an exhausting business. However, one statement I hear quite frequently is, “Blockchain is secure”, this puzzles me, so I’ve attempted to translate it from “hype-speak” to something more considered.
Yes, the information held in a Blockchain is immutable, the fact that each block is cryptographically linked to its predecessor, and copies of the entire ledger are held by multiple parties (nodes), makes altering the data highly improbable (not impossible, simply too time consuming and expensive to be worthwhile). And attempting to alter a single copy of the chain will have no effect as the other nodes in the network will reject the changes. So, from the point of view of data held on the Ledger, it can be considered secure.
However, new blocks are added to the ledger continually and to do this there needs to be interfaces to the real world, and it’s these interfaces that can provide the attack points. For example, to add a new block to a Blockchain you need to have a set of credentials (Keys), often these are stored in “Hot Wallets” which are assessable online. It’s easier to attack the wallet than the chain. And there are attacks against the consensus mechanisms such as “51% attacks” where a malicious actor controls 51% of the computing power of a chain to falsely validate new blocks (which is particularly risky for smaller Blockchains).
There are many others, and if you have some time this article from the MIT Technology Review is worth a read. These are not simply theoretical attacks, they have been successfully executed against live cryptocurrencies (you can read about some of the worst cases of 2017 here).
Don’t get me wrong, I think Blockchain has great potential outside the current cryptocurrency space, but making general statements like “Blockchain is secure” gives a false sense of security (for want of a better word) and could ultimately damage the reputation of the technology. The security of a Blockchain system is a sociotechnical issue and must be addressed accordingly in the same way as any other information system.
So, the next time you hear “Blockchain is Secure” think, “Blockchain is as secure as you make it”.
We’d like to know your views on IoT Security
If you like what you’ve read above, we ask that you complete our short survey (link below) – your insights are valuable!
The results of this survey will be reviewed by our experienced consultants, who will produce a report expanding on the findings. This report will be shared with you, free of charge. In addition, we offer a free 30-minute engagement with our team, should you want to have a further conversation on the topic or simply want to know more about our service – we’d love to hear from you.