The slides aims to demystify the concepts of Blockchain, its common use cases and the security considerations around it what would need to consider when developing their own solutions leveraging a distributed ledger technology (DTL)
1. A practical approach to Blockchain implementation
27th January 2019
$Shivanthan Balendra
Head of Cyber Security Center
Batelco - Bahrain
2. Key Objectives of this presentation
• Lets talk Blockchain
• What is the architecture?
• What are the different types?
• What a common use cases?
• What does it take to build your Blockchain solution?
• Key challenges and security issues?
2
3. What is Blockchain
“
3
Blockchain (Book)
Block (Page)
Transactions (Text)
Blockchain is a consensus-based secure decentralized public or private
database which stores information immutably over a peer-to-peer
network”. (Distributed Ledger Technology – DLT)
Book Analogy Easily detect
removal of pages
Easily identify
dodgy activity
Impossible to
tamper entries
4. Key Characteristics of Blockchain
4
Once a transaction is written on Blockchain, it cannot be alteredImmutability1
You don’t have to trust anyone to trust the ledger’s dataTrust in Algorithm2
The transactions are verified by peers together through a
decentralized collaborative algorithms
Decentralized3
Employs cryptographic capabilities for unbreakable
security across hundreds of participating nodes
Confidentiality4
Entries can be verified by any one on the network based on a
consensus algorithm
Auditability5
7. Blockchain Use cases
7
Election Polling Credentials Verification Legal Agreements
(aka Smart Contracts)
Law Enforcement
For Organizations For Governments Compliance Distributed Cloud Storage
8. How to build your own Blockchain solution
8
Decide if its suitable for the
problem you are faced with
Suitability Consensus
.
Type
Build API
Decide suitable type
(Private/Public/Hybrid)
01 02
0304
06 0705
Decide most appropriate
mechanism to be used
Decide suitable platform to
implement Blockchain
Platform
Design instance with
attributes to support
Design Instance
Build or customize APIs to
integrate with your systems
User Interface
Develop admin user
interface to interact
10. Challenges and Limitation (not a silver bullet)
10
Add only list. Not a good fit for frequent data update/deleteirreversibility1
Based on a transaction model, storing small pockets of dataLimited Storage2
Technology is fairly immature and often misunderstood with
Bitcoin
Illiteracy3
Higher short term setup costs prevents its widespread useCosts4
High energy consumption and scalability is often deemed
negative.
Naysayers5
Lack of industry standards governing the entire processGovernance6
11. 51% Attack
(Aim to double-spend affect the networks integrity)
A 51% attack consists of a group of miners who
temporarily control over 50% of the network's mining
Hashrate
Current Hashrate - 36.52 Exahashes/s
(36,520,000,000,000,004,000 Hashes per second)
Eclipse Attack
Sybil Attack
Hacking a Public Blockchain - Bitcoin
11
• Targeted at a single party
• Attempts to double-spend coins
• Targeted at the Network
• Impersonates multiple identities.
• Spam the network
• Subvert the network's reputation
Book example Quran..
Blockchain is a distributed database existing on various computers at the same time. It is a decentralized ledger tracking digital assets on P2P network.
Blockchain is related to cryptocurrency, but its not cryptocurrency. It’s a technology that allows a distributed ledger to be shared across a P2P network.
Transactions are digital assets, which can be a representation of something physical which is a house or a car or
Digital such as virtual currency or data.
Has not been established in a certain defined way because of the non standard nature of the technology.
It’s a 5 layer approach.
Starting at the bottom…Base layer.. Similar to a database Core to the data within the system. Which cryptography, hashing algorithms, size of the data blocks etc..
Network layer – networking between your blockchain. Connects the different nodes to each other.
Consensus Layer – whether you opt for proof of work or proof of stake..
Incentive layer – its function does not affect the functioning of the blockchain. Its not a requirement within a blockchain. Any change you make within this layer doesn’t affect the blockchain at all.
Smart Contract layer..
Similar to the 7 layers of the OSI model for network communication..
Data - It’s the base layer where all the cryptographic algorithms & protocols are present
Network - peer-to-peer connections and also validates relay network and node validation.
Consensus - POW, POS, DPOS etc and it also consist of the user and mining permissions.
Insensitive - No have direct impact on blockchain but responsible for miner reward distribution and transaction fees
Application - Front end, helps to interact with blockchain
Private v/s public – like internet and intranet. Private is permission based, read can be public and write can be only granted to authorized nodes.. Consensus can be regulated and appointed to a few nodes. (most suitable for public sector use)..
Scalability issue - Transactions per second/block size limitations etc.. block creation time of 10 minutes and the block size limit
Transaction processing capacity maximum is estimated between 3.3 and 7 transactions per second
Privacy issues - In fact, there are many ways a person’s identity could potentially be exposed in bitcoin transactions. Bitcoin have to divulge their personal information to that exchange to create an account.
Election - fraudulent data to be entered into the system.. Transparency – Tamper proof… Auditability - every record, or vote, receives a date, timestamp, and hash of the previous block.. Accessibility - elections could be safely conducted online
Credentials verification – Verifying qualifications, college degrees etc.. Cannot happen overnight.. Require a robust DLT ecosystem, with participation from every sector of society
Legal agreements – smart contracts - By leveraging new technology, a legal service or law firm can implement a variety of contracts as self-executing programs on a blockchain. (Real Estate Deeds, Rental Contracts, Trusts
Powers of Attorney, Sales Contracts)
Law enforcement - blockchain holds the potential to completely transform how law enforcement stores, shares, and secures its data
GDPR – Right to be forgotten.. Not possible without the implementation of additional capabilities/controls/measure
Design - what things are you looking for inside your Blockchain) – Permissions, Assets, Key Management, Address formats etc
Data storage – BC is a transaction based model meant for storing transactions in the form of hashes. It is not meant for storing data. Current block size is 1 Mb, with SegWit you can go up to 4 MB and the current size of the bitcoin blockchain is 200Gb.
Hashrate - number of double SHA-256 computations performed in one second in the bitcoin network for cryptocurrency mining.
Eclipse - An eclipse attack is particular useful when a payer has sent some bitcoins to you in some transaction, then decides to also doublespend the same bitcoins. The doublespender (or payer) will use the eclipse attack to prevent you from knowing that there is also a doublespend transaction
Sybil -