This article is a summary of the #CybersecurityAfterHours event held in January 2022 with blockchain expert Rohas Nagpal.
The blockchain network essentially comprises a shared ledger system which is composed of unique addresses, data streams, and a ledger of all transactions between different addresses.
At the core a blockchain network comprises these:
- Each entity within the blockchain network has a unique address that has a private key associated with it.
- Using the addresses entities can make transactions and store assets. In order to send assets, entities need to use their private key to verify the transaction.
- The shared ledger keeps track of all transactions within the network.
- In order to access any metadata from within the network, a data stream is used.
Connection to a blockchain network is made through APIs which connect to the nodes of the blockchain. A network can have several nodes which are interconnected via the blockchain core.
Understanding the node
A node essentially comprises of the following:
- A secured operating system to run the network similar to an application;
- A layer to store the private keys, such as ECDSA (elliptic curve digital signature algorithm) keys;
- A blockchain framework;
- The API; and
- Applications, UI, and more.
For instance, an entity such as a bank or any other organization could connect to a blockchain node via APIs, then pass instructions through the node. As instructions are passed through a node, the blockchain network automatically distributes the instructions to all the nodes connected to the network.
How is the technology being used presently and how is it meant to be used?
Two of the most important characteristics of a blockchain are:
- That one can prove with certainty that the data within the network has not been tampered with; and
- Smart asset lifecycle management, which means that any asset can be tokenized without the need to involve a third party.
Since the blockchain is a shared ledger system where everyone is able to view the ledger. Further, everything in the system moves from one address to another. This means that there is no concept of a third party in a blockchain network. Therefore, when assets are transferred within the network, they either reach their location or the entire transfer fails, preventing any data from being stuck in the process.
However, even though the system is intuitive, it is seldom used appropriately. A majority of the use cases of blockchain technology fail. This is mostly because the network is used for a project that it was not built for. Since the blockchain replicates everything across nodes, the blockchain is not meant for handling large amounts of data.
Blockchain is ideal for use cases that revolve around the idea of smart assets.
As blockchain adoption rates are rising, what are the safety measures that technologists must consider while building networks and business models on top of blockchain technology?
There are essentially two types of blockchains to consider; public and hybrid. Although private blockchains are present, their scope is limited. In public or hybrid blockchains, the network or the chains are already running, and to access the network one needs to connect via nodes.
Next, when connecting via nodes, users have the liberty to choose from a variety of operating systems. The best way to secure data is to choose an OS which the user is comfortable with and then harden it. In this scenario, conventional hardening is typically unsuccessful. Therefore, users need to figure out the types of firewalls required, manage access controls, and understand which ports need to be kept open and which must be closed.
After the node is set up, a connection has to be made, which is ideally through an API layer. Here, the user must ensure that the API calls are going out securely, and the credentials are secure.
However, there still looms the threat of an entity breaking into the applications.
In a blockchain, there exist two types of address, namely custodial and non-custodial. For example, if a bank is using a blockchain and the private keys of the customers are stored on the bank’s node it is referred to as a custodial address since the bank has custody of other entities’ private keys. However, when the custody of the private key remains with the user entity, it is referred to as a non-custodial address.
In the case of custodial addresses, the custodian needs to ensure that only authenticated users are able to gain access to the private keys.
In the case of non-custodial addresses, it must be ensured that the endpoint where the private key is stored by the user is secured.
The majority of attacks within the blockchain realm are primarily key-based attacks, where a threat actor gains unauthorized access to the private key of a user which can be used to control several assets stored within the address.
What are some key considerations for cybersecurity professionals and people building on blockchain technology apart from API security in the blockchain framework?
One major part of blockchain technology is the use of smart contracts. Smart contracts are increasingly being breached, and one of the major causes for the same is that they are not properly written. Smart contracts need to be audited thoroughly, even though they do not guarantee absolute security, they can remove many inconsistencies and errors that cause breaches.
Further, the choice of blockchain framework is another important factor. Choosing the wrong framework is essentially a setup for failure.
Do you see blockchain technology being used to resolve cybersecurity challenges?
Blockchain can technically be used to resolve cybersecurity problems, however, it depends on what issues need to be resolved.
For instance, if someone is building a KYC system, it does not make sense to upload user information to the blockchain. However, if the data is passed on to the network in a JSON format where each users’ information is not more than a few KBs, it becomes an excellent use case for blockchain.
From an Indian perspective, one of the best use cases for blockchain technology is the tokenization of assets. Some of the most impactful and innovative use cases for the technology are as follows:
- The Indian market can leverage blockchain to protect, distribute, and monetize intellectual property;
- Bringing immovable property such as lands and real-estate on to blockchain;
- Tokenizing art pieces and collectibles in order to give common people access to these assets as an investment option.
Content to understand the blockchain technology
Mr. Rohas Nagpal offers a free course on blockchain technology called the Blockchain ADDS. The course can be found here: