Deja vu Security and Peach Tech founder Akshay Aggarwal's slides from Deja vu Security's December 2017 Security Summit.
Security Landscape of Blockchain Technologies
ICOs and Smart Contracts have become popular. This talk will look at the underlying economic, technology, and process fundamentals underpinning Smart Contracts and ICOs. Specifically, Akshay will share his experience with design decisions and implementation issues to avoid, and look into the future of Smart Contracts and ICO security.
1. BLOCKCHAIN, SMART CONTRACTS, AND ICOS:
BUILDING SECURITY INTO THE DECENTRALIZED DIGITAL ECONOMY
dejavusecurity.com
IN PARTNERSHIP WITH:
2. BLOCKCHAIN, SMART CONTRACTS, AND ICOS:
BUILDING SECURITY INTO THE DECENTRALIZED DIGITAL ECONOMY
Akshay Aggarwal
CEO, Peach Tech
Security Landscape of Blockchain Technologies
dejavusecurity.com
4. Former Microsoft Director
MS CS UC Davis
20 years in Security
Founder, Deja vu Security
Akshay Aggarwal
CEO, Peach Tech
A Security Analysis of the Bitcoin Mining Ecosystem
- Mick Ayzenberg, Adam Cecchetti, Akshay
Aggarwal
Securing the Enterprise Blockchain*: Research Note
- Akshay Aggarwal
5. Blockcha
in
numbers
13-15
Transactions per second
capacity of ETH
64 use cases
For blockchains In survey of 200
companies by McKinsey & Co.
135
Number of startups with ICOs
since 2014 by CB Insights
701,834Highest number of daily ETH
transactions on December 4,
2017 by Etherscan
$400MM
Investment by Banking sector by
2019 by McKinsey & Co
$20B
Estimated size of Blockchain
market by 2024 by TMR
9 out of 10
Position of Seattle in top 10
cities for blockchain
development in 2016 by
Deloitte
15%
Of banks using blockchain in
2017 according to IBM
6. Blockchain security issues
have often caught
organizations unaware!
The List
1RETURN in Bitcoin creates 184 Billion Bitcoins
Mt. Gox lost $460MM to transaction
malleability*
Gatecoin hacked using server disruption and
reboot
Recursive attack against DAO resulting in $50MM
loss and hard fork
1.2 million in Bitcoins hijacked in 'social engineering’
attack input.io
CoinDash ICO hacked by address manipulation with
$7 million stolen
Veritaseum Ether wallet hacked with $8 million
stolen by thwarting 2FA
Blockchain
(In)Security
8. Key aspects of blockchain
Distributed
Ledger
Database
1
Decentralized
peer to peer
communication
2
Transparent
with
pseudonymity*
3
Irreversible**
Records
4
Computational
logic
5
15. ICOInitial coin offering (ICO) is an unregulated and
controversial means of crowdfunding via use of
cryptocurrency, which can be a source of capital for
startup companies
Legal & regulatory - PlexCorps
Foundational
Technical implementation
Operational integrity - CoinDash
Scalability
Future proofing
16. Smart
Contractsare self-executing contracts with the terms of the
agreement between buyer and seller being directly
written into lines of code.
Legal & regulatory
Foundational
Technical implementation
Operational integrity
Scalability
Future proofing
17. Cryptocurrency
is a digital currency in which encryption techniques
are used to regulate the generation of units of
currency and verify the transfer of funds, operating
independently of a central bank.
Legal & regulatory
Foundational
Technical implementation
Operational integrity
Scalability
Future proofing
18. Supply Chain
ManagementA blockchain application use case for the enterprise
Legal & regulatory
Foundational
Technical implementation
Operational integrity
Scalability
Future proofing
20. Predications for the
future
5 years before
blockchain
reaches full
potential
Implementation
of proof of
stake or
membership
Massively
scalable
blockchain
Enterprise
adoption with a
20-30 viable use
cases
Establishment
of legal &
regulatory
framework
More hard forks
21. 3TOTF – evil thoughts
of the future
The (Im)perfect audit trail
Smart contract triggers & forced reconciliation
Blockchain temporal segmentation
A virtual commit with no physical commit
My timing or yours
The offer expires in (predictive commits)
Optimization attacks on private blockchains
The ghost town
23. BLOCKCHAIN, SMART CONTRACTS, AND ICOS:
BUILDING SECURITY INTO THE DECENTRALIZED DIGITAL ECONOMY
Akshay Aggarwal
CEO, Peach Tech
Security Landscape of Blockchain Technologies
dejavusecurity.com
Editor's Notes
Introductions,
turn out
Outline for talk
The Basics – Anything but the math
Wonders of the BC – Value of BC, Use cases
Mapping BC Risk
The future
$20B; https://www.prnewswire.com/news-releases/worldwide-blockchain-technology-market-is-anticipated-to-exhibit-a-cagr-of-587-between-2016-and-2024-elimination-of-third-parties-improves-demand-and-security-of-online-transactions--tmr-611067345.html
64 use cases https://bravenewcoin.com/news/mckinsey-sees-blockchain-technology-reaching-full-potential-in-5-years/ - 135: https://www.cbinsights.com/research/blockchain-ico-tokens-startup-market-map-expert-research/
80% of 3000 : https://securityintelligence.com/news/ibm-study-blockchain-adoption-on-the-rise/
15%: http://fortune.com/2016/09/28/blockchain-banks-2017/
693808 https://etherscan.io/chart/tx
Key takeaway : Not just attacks on BC
Attacks on how BC are orchestrated, implemented, and operated
How Blockchain Works
Here are five basic principles underlying the technology.
1. Distributed Database
Each party on a blockchain has access to the entire database and its complete history. No single party controls the data or the information. Every party can verify the records of its transaction partners directly, without an intermediary.
2. Peer-to-Peer Transmission
Communication occurs directly between peers instead of through a central node. Each node stores and forwards information to all other nodes.
3. Transparency with Pseudonymity
Every transaction and its associated value are visible to anyone with access to the system. Each node, or user, on a blockchain has a unique 30-plus-character alphanumeric address that identifies it. Users can choose to remain anonymous or provide proof of their identity to others. Transactions occur between blockchain addresses.
4. Irreversibility of Records
Once a transaction is entered in the database and the accounts are updated, the records cannot be altered, because they’re linked to every transaction record that came before them (hence the term “chain”). Various computational algorithms and approaches are deployed to ensure that the recording on the database is permanent, chronologically ordered, and available to all others on the network.
5. Computational Logic
The digital nature of the ledger means that blockchain transactions can be tied to computational logic and in essence programmed. So users can set up algorithms and rules that automatically trigger transactions between nodes.
Value-exchange: The use of a blockchain removes the characteristic of infinite reproducibility from a digital asset. It confirms that each unit of value was transferred only once, solving the long-standing problem of double spending. Blockchains have been described as a value-exchange protocol. This blockchain-based exchange of value can be completed more quickly, more safely and more cheaply than with traditional systems.
Emerging technologies, rapidly evolving use cases need a way for us to understand inherent risk
Enterprise blockchains may be Distributed, Permissioned and Secure
1. Proof of stake instead of proof of work for scalability. Next block creator assigned by random selection and other criteria that include stake in system. Suffer from “nothing at stake” problem.