Blockchain is spreading across all industries far beyond its initial fintech applications. Companies in different sectors are expanding and diversifying their blockchain initiatives. Indeed, blockchain appears to be entering a new era of broader, more practical adoption, even as those who were skeptical start to grasp its long-term potential. So, how secure is blockchain technology?
The demand for blockchain is soaring at an alarming rate as companies see it's potential. Blockchain promises transparency, scalability and, most importantly, security. Let's take a look at the challenges and vulnerabilities of this burgeoning field of technology.
Security by the blocks
The term blockchain refers to a chain of digital blocks with transaction records. Each block connects with other blocks on either side to form a chain. This makes it hard to alter a single record as one would have to change the block with the record and those connected to it to avoid detection. In addition to this, blockchain has other built-in characteristics that offer extra security. These include:
Cryptography seeks to prevent third-parties from accessing data from private messages during a communication process. Blockchain uses two types of cryptographic algorithms: hash functions and asymmetric-key algorithms.
Asymmetric cryptography (or public-key) securely encrypts messages between two computers. Anyone can use another person’s public key to encrypt a message. However, one can only use a corresponding private key to decrypt an encrypted message.
Paired private and public keys let users send and receive payments. Private keys generate digital signatures for the transaction. Network members then use the wallet's public key to confirm the signature’s authenticity before adding the transaction to the blockchain. After approval, the transaction is immutably recorded into the ledger, and balances are updated.
On the other hand, the Hash function receives data input of any size and returns an output with a predictable and fixed size. Irrespective of the input size, the output will always have the same size. So, for as long as the input remains constant, the resulting hash will be the same. Hashes are used as unique data block identifiers in the blockchain. Each block's hash is created in relation to the previous block's hash, creating a chain of blocks. If someone changes a block, they will also have to change the entire history of that blockchain. The hash identifiers are what make blockchain secure and immutable.
Blockchain technology relies on a decentralized, digitized, and distributed ledger model. Meaning, it distributes data to nodes (users) on the blockchain network. When a user makes a change, the network validates it; then, miners add the transaction into a new block that’s then added to the blockchain. Miners are users rewarded for updating the blockchain.
Decentralization makes blockchain more robust and secure than proprietary centralized models that are currently in the market. If a user attempts to change a single block, they'd need to change the previous blocks before any new blocks could be mined. If not, the nodes would detect the fraudulent behavior and discard the changes. And since thousands of nodes confirm new blocks, it's less likely for anyone to beat their computing power to add a bad one.
Consensus is another attribute that makes blockchain technology secure and fault-proof. It involves all peers of a blockchain network coming together and agreeing about the distributed ledger's present state. Consensus ensures that every new block added to the chain is the only version of the truth agreed upon by all the nodes in the blockchain.
The consensus protocol is reliable as it bases on goals like mandatory collaboration, cooperation and participation of every node. It also ensures that every node has equal rights and that a joint agreement is achieved. Consensus is the brain of blockchain. Without it, blockchain would fail. A good example of consensus is the Proof of Work (PoW). In PoW, 'miners' in a network have to provide the computing power needed to verify transactions and maintain the blockchain – which is a lot. They also need to ensure the network's immunity against hackers. Miners compete to chain the blocks together and can achieve that if they get 51% of votes from the nodes.
But the 51% vote is perhaps the biggest threat to this model. If a minority of colluding nodes own more than 50% of the mining power, they will control the network. They could prevent other nodes from adding new blocks. They'd also expose the network to fraud. But the good thing is that consensus is too expensive. It needs lots of energy and computing power to succeed.
Blockchain produces tamper-resistant ledger transactions that make it immune to fraud and hacks. But people with bad intentions can manipulate the known vulnerabilities in the blockchain infrastructure. In fact, they've been successful in a range of scams and hacks over the years. Some common examples include DAO's code exploitation, Bitfinex's stolen keys, and Bithumb's insider hacks. These security issues have been a point of concern for many businesses that want to explore blockchain technology. Blockchain creates unique security challenges for a range of reasons:
- Protection moves from centralized to decentralized
- It combines an asset and its means of protection in one token
- Digital wallets have proven easy to exploit
- Malicious transfer of value can be instant and irreversible
Blockchain security threats
Blockchain security threats fall into three main groups:
Endpoint vulnerabilities: this is where technology and humans meet. Think devices, digital wallets, private key and password, breach, client-side of the application. A hacker can gain access to an account if any of this endpoint is compromised. But the threat is only limited to a victim's account and nothing further. Besides, companies are now using cold wallets along with hardware security models (HSM) that are difficult to compromise.
Untested code: the original code by Satoshi Nakamoto that resulted in the creation of Bitcoin Blockchain is unbreakable. But the same cannot be said for all code in apps built upon the blockchain. Developers who are in a rush to outdo their peers risk producing inadequately tested code on the live blockchain. Considering the decentralization aspect, the risk is higher because of the irreversibility of blockchain.
Ecosystem/third-party risks: the security of this technology relies on the entire ecosystem. This includes other solution providers like smart contracts, payment platforms, fintech, wallets, etc. With other parties in play, a blockchain application's security is only as strong as its weakest link within the ecosystem.
Does this mean blockchain is not immutable?
No network is 100% secure. And blockchain is not any different. But since the nodes in a blockchain network are distributed, it is almost impossible to alter the chains. It takes a consensus of more than half of the nodes in the same distributed ledger to make any changes. And the fact that all this has to happen within 10 minutes makes it virtually impossible for a hacker to make changes.
Security and privacy
Blockchain technology resolves the security and privacy issues that most organizations struggle with today. Its public key infrastructure maintains the ledger size and prevents any ill-attempts from changing data. Inasmuch as the large and more distributed network makes blockchain more secure, there are concerns around various aspects. For example, by default, the blockchain design doesn't have confidentiality. All data on-chain is visible to all peers in the network.
Blockchain is hard to crack
The blockchain is still in its infancy stages. And like any technology, it is bound to encounter hurdles along the way. But the good thing is that the security issues are addressed quickly. Developers are also coming up with new versions of blockchains to ensure security. Besides, when compared to other technologies, blockchain does a great job storing and exchanging digital value. This explains why health care, supply chain, Wall Street companies, etc., are all adopting the technology.
Frank is a technology visionary and strategic hands-on executive with over 20+ year track record of helping companies revitalize, restructure, and implement complete Unified Communications systems in national and global markets.