Block Chain Analysis Assignment 2022

Verified

Added on 2022/10/19

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

STUDENT NAME – ASSIGNMENT NO
BLOCKCHAIN SECURITY ANALYSIS
Name
Course
Professor
University
City/state
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

STUDENT NAME – ASSIGNMENT NO
Abstract
The blockchain alongside its own features has in the recent past received significant attention
and has been used in numerous fields since its inception in 2008. Nevertheless, the security
issues surrounding blockchain technology have been exposed more often than not and cyber-
attacks have resulted in relatively large losses. The paper provides a discussion on the blockchain
technology, offering a systematic analysis of the security of every layer of the blockchain. It also
discusses the challenges that have been brought as a result of network supervisions of the
blockchain and concludes with a summary of the progress in research in protecting the
technology.
1. Introduction
Blockchain technology has a huge potential with various applications as well as provides
numerous opportunities for different infrastructure. The technology promotes management of
resources besides making communication secure as well as efficient. Trust, reliance and privacy
are enhanced when carrying out financial transactions among different parties with the use of
blockchain. This is because the technology lowers the likelihood of fraud and automatically
generates a record of activities, including creating an automated background check of a member
using the system (Aitzhan & Svetinovic 2016). As a result of the decentralized features,
blockchain results in increased reliability besides lowering the risks that are experienced when
looking to enter into a business agreement with an unfamiliar person or party.
At the moment, almost everyone is using advanced technology for the purposes of
communication via the internet. Voice calls, messages, video calls, pictures are currently able to
directly travel from the sender to the receiver over the internet regardless of their geographical
location. For the case of such a transaction, a trusted third party must be maintained between the
24 May 2019 2

STUDENT NAME – ASSIGNMENT NO
receiver and the sender (Bach, Mihaljevic & Zagar 2018). When it comes to the case of transfer
of money, a third party has to be trusted to allow completion of the transaction. But with the use
of blockchain, a perfect security would be availed for the transaction.
2. Literature Review
2.1. Analysis of Blockchain Security
With the advent of blockchain technology being widely adopted, numerous and different kinds of
attacks have been established. Such cases include theft or loss of billions of digital currencies
and attack of various exchanges, among other events. Based on the data released by BCSEC (a
blockchain security company based in China), 2018 recorded an increased number of blockchain
security incidents that resulted to economic losses of approximately 2.1 billion dollars. The
number of blockchain security events increased from 15 in 2017 to 138 in 2018. These are just
part of the exposed incidents as the number of attacks are projected to be on the increase with the
increasing worth and application of blockchain (Banerjee, Lee & Choo 2018).
Figure 1: Economic losses as a result of blockchain security issues (’10,000) (Wang et al. 2019)
Notwithstanding the fact that blockchain technology remains in the early stages of rapid
expansion and the various security accidents experienced so far have made security features to be
very essential requirements in the development of blockchain systems. The security risk could be
24 May 2019 3

STUDENT NAME – ASSIGNMENT NO
from external attackers or even internal parties. The acceptance, popularity and potential of
blockchain renders fresh demands on the security as well as protection of privacy on the storage,
application as well as transmission of data alongside putting forth new challenges to the
prevailing solutions of security, mechanisms of authentication, protection of privacy, and
protection of data alongside information regulation (Dorri et al. 2017).
2.2. Security Analysis of Individual Blockchain Layers
The present structure of blockchain may be separated into the following layers: application,
incentive, smart contract, network, consensus, as well as data layers (not in their systematic
order). The analysis of security aspect of each of the aforementioned layers is done
2.2.1. Application layer
The main function of this layer is to cover matters of security of centralized nodes, which
includes exchanges involving transactions of digital currencies as well as management of huge
volumes of funds. Such nodes are present at most of the failure points of the full blockchain
system and the vulnerability of attacks is often high whereas the cost is relatively low. A
combination of these characteristics usually make the layer a preferred target of many attackers.
Exchange DDoS: as a result of the network bandwidth demand being high especially in the
trading arena, occurrence of a DDoS attack makes it a very serious issue not only for the arena
but also for the whole industry. Should the trading arena attack be by DDoS, the arena will not
only incur losses but also a great reduction in the volume of the transactions involving
blockchain currency which would in turn have an indirect impact on the increase and decrease of
the value of blockchain currency (Eyal et al. 2016).
24 May 2019 4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

STUDENT NAME – ASSIGNMENT NO
Illegal access to exchange severs: exchanges are where lump sum amount of money are normally
deposited thus making them an easy target for attackers. As soon as the attackers get the server
authority (access the exchange server illegally), they immediately modify its main information.
Thereafter, the attackers can be able to abscond with the funds key, interfere with the amounts
being transacted or even leak very confidential and information, resulting in huge economic as
well as reputational devastating effects to exchange.
Infection by malicious program: as soon as a malicious program has been planted into an
exchange system, it is most likely to result in large volumes of leakage of sensitive information
among them key as well as wallet files. The key tends to be everything, and once the sensitive
information is leaked, it normally means that the exchange company loses control over all the
assets (Heilman, Baldimtsi & Goldberg 2016). In 2014, the Mt. Gox exchange experienced an
attack. The institution’s key file had been kept locally in clear manuscript and there was leakage
of key file wallet.dat as a result of infection by Trojan leading to loss of large volumes of assets
that rendered Mt. Gox bankrupt. It is of importance to acknowledge that the attacker used two
years in slowly transferring asset in a bid to avoid recovery of the loss by the community through
hard forks in the attack.
2.2.2. Smart Contract layer
This is not merely a computer program which may be automatically executed, instead it is a
participant of the system. This layer is responsive to received messages and may receive as well
as store value besides sending out value and information. The smart contracts have numerous
security attacks, including the following:
Re-entrancy Attack: this attack is based on the concept of hijacking the control flow of the
contract and destruction of the atomicity of transaction that may be comprehended as a logical
24 May 2019 5

STUDENT NAME – ASSIGNMENT NO
race condition challenge (Kakavand, Kost De Sevres & Chilton 2017). DAO was for instance
attacked in which the attacker adopted vulnerability in the contract in launching a re-entrancy
attack and ended up gaining $60 million. In a bid to recover the funds lost, a decision was made
by Ethereum community to conduct a hard fork, reversing all transaction records from the
beginning of the attack as well as fixing the susceptibilities in new contract branch. Below is the
description of the susceptibility and a basic variety of the DAO contract.
Solidity development security: there are several possible bugs that can arise when smart
contracts are being written. Some of these include the following:
Race condition – one of the major risks that may result when a peripheral function gets called is
that the behaviour of calling may result to the control flow being hijacked, thus creating chances
for the unintended alteration of the contract data. This kind of bug can come in different forms
including re-entrant as well as cross-function race conditions (Karame 2016).
Integer underflow and overflow: during programing, one should think of the possibilities of
occurrence of an overflow, how transfer of the state of unit variables will be done as well as who
bears the authority of modifying such variables.
24 May 2019 6

STUDENT NAME – ASSIGNMENT NO
Transaction-ordering dependence: this is where an attacker creates his own transaction by using
information in the incomplete transactions and attempt to get the transaction that he has created
to be completed ahead of others.
2.2.3. Incentive layer
This layer’s role is to provide particular incentives that are aimed at encouraging nodes to take
part in security verification process of the blockchain technology. The safety of the blockchain is
a factor of the participation of the numerous nodes. For instance, the bitcoin blockchain security
is dependent on great harsh power that is created through participation of numerous nodes that
are involved in various security checks and proofs, rendering it not possible for an attacker to
offer a greater volume of totalling (Khan & Salah 2018). The process of verification done by any
node often consumes electric power as well as computing resources. Encouraging node
participation is attained through reward of participants by the blockchain in the nature of
cryptocurrency (virtual currency).
It is required of blockchain projects to acclimate to the market so that they adjust the rewards
automatically as opposed to just reducing them. When the working cost of the node is proximate
or higher than the income in the reward mechanism of blockchain project, they normally decide
to stop working for such blockchain that may easily result in centralization issues.
2.2.4. Consensus Layer
The mechanisms of consensus is the core element that makes blockchain different from other
P2P (peer-to-peer) technologies. The consensus mechanisms that are widely adopted include:
Proof of Work (PoW), Delegated Proof of Stake (DPoS) and Proof of Stake (PoS). On the other
hand, some of the likely attacks include Long-Rang Attack, Bribe Attack, Bribe Attack,
24 May 2019 7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

STUDENT NAME – ASSIGNMENT NO
Accumulation Attack, Sybil Attack as well as Precompiling Attack. The attack methods and their
respective consensus mechanisms are presented in Table 1 below
Table 1: Attack methods and consensus mechanism
2.2.5. Network layer
The transmission of blockchain information majorly relies on the P2P network which depends on
adjacent nodes for transmitting information where it has to be exposing the IP of each other. In
case of an attacker in the network, bringing security threats to the other nodes tends to be quite
simple (Li et al. 2017). The public blockchain network node could be a conventional home
personal computer or even a cloud server among others and the security has to be irregular. A
node must be there having poor security and when it gets attacked, the other nodes will be
directly threatened. Among the major attacks include: eclipse attack and BGP hijacking.
2.2.6. Data layer
The main elements of data layer are block data and signature & encryption system.
Bloc data: this is mainly attacked by malicious information, for instance, subjects that are
deemed to be politically sensitive and virus signatures present in the blockchain. Deleting any
information from the blockchain after it has been written is very challenging due to the presence
24 May 2019 8

STUDENT NAME – ASSIGNMENT NO
of data undelete feature. This means that users need to ensure that they write accurate
information in the blockchain. In case the blockchain contains malicious information, the
blockchain will be exposed to numerous hitches.
It was pointed out by a group of researchers from the RTWH Aachen University as well as the
Goethe University Frankfurt that out of the 1,600 documents that are included in the Bitcoin
blockchain, about 59 files were associated with illegal pictures of children as well as privacy
violations and content deemed to be politically sensitive (Lin & Liao 2017). Approximately 1.4
per cent of the about 251 million transaction of the bitcoin blockchain is composed of other data.
This means that only a small percentage of these transactions composed of unwanted or unlawful
content. However, it is worth noting that even such a small percentage of unwanted or unlawful
content can still put expose blockchain partakers to security risks.
Signature & encryption system: cryptography is the main element for ascertaining security and
interfering with blockchain resistance, and blockchain technology depends mainly on research
outcomes of crystography that offers a main assurance for the blockchain’s integrity of the
information, verification as well as non-repudiation. The encryption technology is of specific
importance as a backbone of blockchain. For instance, the hash algorithms of SHA1 and MD5
were very popular in the preceding years but failed to prove that they were insufficiently secure.
Currently, the widely used algorithm in bitcoin is that of SHA256. Pass, Seeman & Shelat 2017).
Up to date, this algorithm has proved to be secure but with the ongoing technological
development and advancement research, the future safety of this algorithm cannot be accurately
predicted or guaranteed. Hence, when blockchain applications are being designed, it is important
to select the encryption system more carefully because of its safety and security implications on
blockchain. Current methods of mainstream signature are inclusive of group signature, aggregate
24 May 2019 9

STUDENT NAME – ASSIGNMENT NO
signature, proxy signature, blind signature, ring signature, blinded verifiable encrypted signature
as well as interactive incontestable signature, among others.
2.3. Blockchain security features
Use ledger: ledger ought to record every blockchain transaction. The ledger is not mutable. It
may not be possible to edit or even delete the available data. In blockchain technology, this kind
of ledger is decentralized application. As a result, no one is able to access the transaction details
or any other data that is deemed to be sensitive from the ledger (Tosh et al. 2017). People are
only able to read the information contained in the leger but cannot change it.
Chain of block is yet another security feature where every block has to contain a hash value.
Such blocks are linked by the previous hash and in case an attacker gets access to the transaction
and tries to change the data, the hash will be altered thus affecting the entire chain. As a result,
the sensitive data or information will be protected even more (Zyskind, Nathan & Pentland
2015).
Blockchain technology is one of the decentralized applications (Zheng et al. 2016). In most
cases, it will support P2P communication hence in a blockchain network, the node is treated as
computers. Such a large number of nodes (running into thousands) needs to contain the copy of
distributed ledger which should be used to authenticate the transaction. Suppose any of the nodes
is not in agreement with the transaction, the transaction will not proceed and would thus be
cancelled. This would offer transaction protection against fraud because attackers will be
automatically stopped.
24 May 2019
10

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

STUDENT NAME – ASSIGNMENT NO
3. Evaluation
The paper discusses security of blockchain technology. From the various papers reviewed, it has
been established that there are some security problems still facing blockchain technology. Such
security issues have an impact on the transaction. There are various types of attacks that can
affect blockchain technology transactions but some solutions to these attacks are also available.
There are also different classes of blockchain networks, including private blockchain, public
blockchain, as well as consortium blockchain. The review paper has only given focus on the
private as well as public blockchain. In general, blockchain is an enhanced trending technology
with great potential to revolutionize and improve global transactions. Numerous applications of
blockchain have been developed while others are still undergoing development based on this
technology. Some of the solutions for the most recent issues touching on blockchain security
have been provided and addressed.
4. Conclusion
Blockchain security is and has been an interesting topic in the past decade due to the increasing
popularity of blockchain technology across the world. The technology is applicable in various
industries and it has the capability of providing better security during transactions involving any
value. As a bourgeoning technology, some of the reasons why blockchain is widely used is
because of its integral data security as well as effective protection of private or sensitive
data/information. The technology comprises of several layers that are designed to enhance safety
and security of transactions and users. Nevertheless, it is important to note that as the application
of blockchain technology increases rapidly, more new kinds of and advanced security threats are
coming up targeting blockchain. Economic losses of billions of dollars have already been
experienced in the blockchain industry but several security solutions have also been developed
24 May 2019
11

STUDENT NAME – ASSIGNMENT NO
and some are still under development. There is need to conduct more studies and research aimed
at developing strategies to strengthen the security protection of blockchain. So far, a significant
number of studies about blockchain technology have already been carried out and their findings
documented despite the less attention as well as researches regarding security of blockchain.
24 May 2019
12

STUDENT NAME – ASSIGNMENT NO
5. References
Aitzhan, N.Z. & Svetinovic, D. 2016, ‘Security and privacy in decentralized energy trading
through multi-signatures, blockchain and anonymous messaging streams’, IEEE
Transactions on Dependable and Secure Computing, vol. 15, no. 3, pp. 840-852.
Bach, L.M., Mihaljevic, B. & Zagar, M. 2018, ‘Comparative analysis of blockchain consensus
algorithms’, 41st International Convention on Information and Communication
Technology, Electronics and Microelectronics (MIPRO), IEEE, Opatija, Croatia, pp.
1545-1550.
Banerjee, M., Lee, J. & Choo, K.K.R. 2018, ‘A blockchain future for internet of things security:
A position paper’, Digital Communications and Networks, vol. 4, no. 3, pp. 149-160.
Dorri, A., Kanhere, S.S., Jurdak, R. & Gauravaram, P. 2017, ‘Blockchain for IoT security and
privacy: The case study of a smart home’, 2017 IEEE International Conference on
Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE,
Kona, HI, USA, pp. 618-623.
Eyal, I., Gencer, A.E., Sirer, E.G. & van Renesse, R. 2016, ‘Bitcoin-NG: A scalable blockchain
protocol’, 13th USENIX Symposium on Networked Systems Design and Implementation
(NSDI 16), USENIX, Santa Clara, CA, USA, pp. 45-59.
Heilman, E., Baldimtsi, F. & Goldberg, S. 2016, ‘Blindly signed contracts: Anonymous on-
blockchain and off-blockchain bitcoin transactions’, International Conference on
Financial Cryptography and Data Security, Springer, Heidelberg, Germany, pp. 43-60.
24 May 2019
13

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

STUDENT NAME – ASSIGNMENT NO
Kakavand, H., Kost De Sevres, N. & Chilton, B. 2017, ‘The blockchain revolution: An analysis
of regulation and technology related to distributed ledger technologies’, SSRN Electronic
Journal, vol. 1, no. 1, pp. 1-27.
Karame, G. 2016, ‘On the security and scalability of bitcoin's blockchain’, 2016 ACM SIGSAC
Conference on Computer and Communications Security, Association for Computing
Machinery (ACM), New York, NY, pp. 1861-1862.
Khan, M.A. & Salah, K. 2018, ‘IoT security: Review, blockchain solutions, and open
challenges’, Future Generation Computer Systems, vol. 82, pp. 395-411.
Li, Z., Kang, J., Yu, R., Ye, D., Deng, Q. & Zhang, Y. 2017, ‘Consortium blockchain for secure
energy trading in industrial internet of things’, IEEE Transactions on Industrial
Informatics, vol. 14, no. 8, pp. 3690-3700.
Lin, I.C. & Liao, T.C. 2017, ‘A survey of blockchain security issues and challenges’,
International Journal of Network Security, vol. 19, no. 5, pp. 653-659.
Pass, R., Seeman, L. & Shelat, A. 2017, ‘Analysis of the blockchain protocol in asynchronous
networks’, Annual International Conference on the Theory and Applications of
Cryptographic Techniques, Springer, Cham, pp. 643-673.
Tosh, D.K., Shetty, S., Liang, X., Kamhoua, C.A., Kwiat, K.A. & Njilla, L. 2017, ‘Security
implications of blockchain cloud with analysis of block withholding attack’, 17th
IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, IEEE,
Madrid, Spain, pp. 458-467.
24 May 2019
14

STUDENT NAME – ASSIGNMENT NO
Wang, H., Wang, Y., Cao, Z., Li, Z. & Xiong, G. 2019, ‘An overview of blockchain security’,
China Cyber Security Annual Conference, Springer, Singapore, pp. 55-72.
Zheng, Z., Xie, S., Dai, H.N., Chen, X. & Wang, H. 2018, ‘Blockchain challenges and
opportunities: A survey’, International Journal of Web and Grid Services, vol. 14, no. 4,
pp. 352-375.
Zyskind, G., Nathan, O. & Pentland, S. 2015, ‘Decentralizing privacy: Using blockchain to
protect personal data’, 2015 IEEE Security and Privacy Workshops, IEEE, San Jose, CA,
USA, pp. 180-184.
24 May 2019
15