Nowadays, the Blockchain technology is really changing the way in which business is conducted by enabling allowing consumers to bypass middlemen in numerous vital services, this subsequently reduces costs and boosts efficiency. In this way, Blockchain has the potential to reduce poverty throughout the developing world.
But the question is “is this blockchain technology really secure?” or more specifically, “can the blockchain technology offer trust and privacy simultaneously to guarantee private and tamper-free records?
These are questions that should concern government agencies, firms, startups, development institutions, etc. that explore the blockchain technology for more efficient delivery of aids, money remittances, smart contracts, health services and many more. More so, these questions concern social entrepreneurs who are pursuing the potential for cheaper international payments, clearer property rights and broader access to finance.
The blockchain is well understood as a decentralized ledger that can effectively decentralize trust and cut down costs by eliminating intermediaries such as banks. The blockchain technology adds entries to the ledger which are validated by the wider user-community rather than by a central authority.
Each block within the blockchain represents a transactional record and the chain links them. The distributed computer network confirms the record and lists the blocks of transactions sequentially – hence the name blockchain.
Notably, there is nothing of value on the blockchain, just as with printed fiat currency or a bank’s database, and the controversial cryptocurrencies are simply an application of blockchain.
So, is the Blockchain really immutable?
The answer is no. Blockchain can actually be altered.
Perfect immutability does not exist; blockchain, like any other network, is technically susceptible to modification. However, because the computers, or nodes, on a blockchain network are distributed, the computing power or mathematical puzzle needed to make these alterations makes modifying the Blockchain nearly impossible.
To alter a chain within the blockchain, one would need to take control of more than 51 percent of computers in the same distributed ledger and alter all of the transactional records within a very short space of time – within 10 minutes for Bitcoin. Though this could be possible but till date, this has never happened.
Does Blockchain Technology Guarantee Security and Privacy?
Though achieving security and privacy simultaneously in a conventional information system may be very difficult to achieve, blockchain can actually do so by enabling confidentiality through “public key infrastructure” that protects against malicious attempts to alter data, and by maintaining the size of a ledger. The larger and more distributed the network, the more secure it is believed to be.
Other perceived concerns about blockchain include limited scalability, insufficient data privacy and a lack of harmonized industry standards.
For example, even with privacy-enhancing technologies such as encryption and identity management, blockchain transactions can be seen throughout network nodes. These produce metadata and statistical analysis can reveal information even from encrypted data, allowing for pattern recognition.
Data privacy is a particularly thorny issue in the European Union (EU), where the General Data Protection Regulation (GDPR) which takes effect in May imposes stricter conditions for consent and data retention, requiring businesses to protect the personal data and privacy of citizens for transactions in the EU. It also disallows personal data from leaving the EU, giving citizens “full and ultimate control over all their data”.
This is a problem for both public blockchains, which do not control who hosts a node, and private blockchains (also called permissioned blockchains) as data cannot be deleted here. The new regulation also recognizes the “right to be forgotten”, which conflicts with the “immutability of transactions” on the blockchain.
Vitalik Buterin, co-founder of Ethereum, another blockchain system like Bitcoin and Hyperledger, has noted that there is indeed a “scalability trilemma” in which only two of three properties — decentralization, security or scalability — can be attained.
In distributed ledger protocols, every node stores and processes all transactions and maintains a copy of the entire “state” of account balances, contracts, storage, and so on. Running a full node allows users to have privacy and security but it is cumbersome as the number of transactions is constantly increasing, making scalability difficult.
If developers increase the size of a block in order to accommodate more transactions, the volume of data that needs to be stored also grows. Thus, as each node reaches capacity, only a few large companies will have the resources to run them, putting decentralization and scalability at odds. Developers are looking for ways around the trilemma.
It is worth noting that private blockchains do not face such scalability problems and can handle significantly more transactions per second.
To get around data privacy issues, a blockchain operator may store personal data and the reference to this data off-chain with a “hash” of the information – a one-way transformation of data to an unreadable piece of information.
Storing data off-chain means that personal data needs to be held by the individuals themselves or in a more traditional database. Know-your-customer documents, such as a scanned driver’s license or passport, can be stored off-chain using traditional technology, such as a standalone database and application systems.
But storing data off-chain reduces transparency and immutability and increases the risk of lost or stolen personal information as it is spread across other networks.
An emerging solution is “self-sovereign identity”, a digital concept allowing an individual to control personal information and have better control over with whom they share it. As blockchains become components of businesses, institutions, and systems, it will be important to interpret laws and application designs to maximize synergy and balance regulation, innovation, competition, and data privacy.
Notably, the privacy of blockchain depends on users. If encrypted, and keys are held securely, it is not an issue. In many ways, blockchains are more secure than a centralized system.
Blockchain Technology Gives A Clear Potential
Two major Australian banks have successfully used blockchain for bank guarantees relating to commercial property leasing of a shopping center operator. The digitized guarantee created a single information source with lower fraud potential and greater efficiency.
Blockchain’s “irreversible” and encrypted data blocks can also help to fight cybercrime, as a hacker’s attempts to change data will be flagged immediately. As applications of blockchain for cybersecurity emerge, companies and governments are signing up.
US defense contractor Lockheed Martin announced last year that it is integrating blockchain into systems engineering, supply-chain risk management, and software development.
Meanwhile, several Indian states are exploring blockchain-based systems to improve information efficiency and enhance cybersecurity. In 2017, Andhra Pradesh signed up Swiss cybersecurity company WISeKey International to ensure citizens’ information stored in databases remains secure with blockchain.
Recently, Irish company AID: Tech became the first organization in the world to deliver international aid to refugees transparently using blockchain.
In short, blockchain technology can be robust, secure, trustworthy, and private. Ultimately, security is ensured by solid architecture, secure design practices, and effective workflow policies.
So, do the potential benefits of blockchain outweigh the risks? In short, yes, as long as it has been executed properly.
Any system has vulnerabilities. In today’s technology-driven financial sector, supervisory and regulatory frameworks need to enable innovation while ensuring stability, consumer protection, and competition.
This means that new digital products and services must be designed and developed with regulatory, cybersecurity and data-privacy compliance integrated from the outset.
How Secured is the Blockchain Technology?
The whole essence of using the blockchain technology is to let people – in particular, people who don’t trust anyone – to share valuable data in a more secure and inaccessible way.
This is because blockchain stores data using sophisticated math and innovative software rules that are extremely difficult for attackers to manipulate. But the security of even the best-designed blockchain systems can fail in places where the fancy math and software rules come into contact with humans, who are skilled cheaters, in the real world, where things can get messy.
To understand this, let’s start with what makes blockchains “secure” in principle using Bitcoin as an example.
In Bitcoin’s blockchain, the shared data is the history of every Bitcoin transaction ever made: an accounting ledger. The ledger is stored in multiple copies on a network of computers, called “nodes.” Each time someone submits a transaction to the ledger, the nodes check to make sure the transaction is valid—that whoever spent a bitcoin had a bitcoin to spend. A subset of them competes to package valid transactions into “blocks” and add them to a chain of previous ones. The owners of these nodes are called miners. Miners who successfully add new blocks to the chain earn bitcoins as a reward.
What makes this system theoretically inaccessible is two things: a cryptographic fingerprint unique to each block, and a “consensus protocol,” the process by which the nodes in the network agree on a shared history.
The fingerprint, called a hash, takes a lot of computing time and energy to generate initially. It thus serves as proof that the miner who added the block to the blockchain did the computational work to earn a bitcoin reward (for this reason, Bitcoin is said to use a “proof-of-work” protocol).
It also serves as a kind of seal, since altering the block would require generating a new hash. Verifying whether or not the hash matches its block, however, is easy, and once the nodes have done so they update their respective copies of the blockchain with the new block. This is the consensus protocol.
The final security element is that the hashes also serve as the links in the blockchain: each block includes the previous block’s unique hash. Therefore, if you want to change an entry in the ledger retroactively, you have to calculate a new hash not only for the block it’s in but also for every subsequent block.
And you have to do this faster than the other nodes can add new blocks to the chain. So, unless you have computers that are more powerful than the rest of the nodes combined (and even then, success isn’t guaranteed), any blocks you add will conflict with existing ones, and the other nodes will automatically reject your alterations. This is what makes the blockchain tamperproof, or “immutable.”
Here Are Creative Ways to Cheat on Blockchain
So much for the theory. Implementing it in practice is harder. The mere fact that a system works like Bitcoin – as many cryptocurrencies do – doesn’t mean it’s just as secure. Even when developers use tried-and-true cryptographic tools, it is easy to accidentally put them together in ways that are not secure, says Neha Narula, director of MIT’s Digital Currency Initiative. Bitcoin has been around the longest, so it’s the most thoroughly battle-tested.
People have also found creative ways to cheat. Emin Gün Sirer and his colleagues at Cornell University have shown that there is a way to subvert a blockchain even if you have less than half the mining power of the other miners. The details are somewhat technical, but essentially a “selfish miner” can gain an unfair advantage by fooling other nodes into wasting time on already-solved crypto-puzzles.
Another possibility is an “eclipse attack.” Nodes on the blockchain must remain in constant communication in order to compare data. An attacker who manages to take control of one node’s communications and fool it into accepting false data that appears to come from the rest of the network can trick it into wasting resources or confirming fake transactions.
Finally, no matter how immutable the blockchain protocol is, it “does not exist in a vacuum,” says Sirer. The cryptocurrency hacks driving recent headlines are usually failures at places where blockchain systems connect with the real world—for example, in software clients and third-party applications.
Hackers can, for instance, break into hot wallets – internet-connected applications for storing the private cryptographic keys that anyone who owns cryptocurrency requires in order to spend it. Wallets owned by online cryptocurrency exchanges have become prime targets. Many exchanges claim they keep most of their users’ money in cold hardware wallets – storage devices disconnected from the internet. But as the January heist of more than $500 million worth of NEM from the Japan-based exchange Coincheck showed, that’s not always the case.
Perhaps the most complicated touchpoints between blockchains and the real world are “smart contracts,” which are computer programs stored in certain kinds of blockchain that can automate transactions.
In 2016, hackers exploited an unforeseen quirk in a smart contract written on Ethereum’s blockchain to steal 3.6 million ether, worth around $80 million at the time, from the Decentralized Autonomous Organization (DAO), a new kind of blockchain-based investment fund.
Since the DAO code lived on the blockchain, the Ethereum community had to push a controversial software upgrade called a “hard fork” to get the money back – basically creating a new version of history in which the money was never stolen. Researchers are still developing methods for ensuring that smart contracts won’t malfunction.
Decentralization in Question
One supposed security guarantee of a blockchain system is “decentralization.” If copies of the blockchain are kept on a large and widely distributed network of nodes, there’s no one weak point to attack, and it’s hard for anyone to build up enough computing power to subvert the network.
But recent work by Sirer and colleagues shows that neither Bitcoin nor Ethereum is as decentralized as you might think. They found that the top four bitcoin-mining operations had more than 53 percent of the system’s average mining capacity per week. By the same measure, three Ethereum miners accounted for 61 percent.
Some say alternative consensus protocols, perhaps ones that don’t rely on mining, could be more secure. But this hypothesis hasn’t been tested at a large scale, and new protocols would likely have their own security problems.
Others see potential in blockchains that require permission to join, unlike in Bitcoin’s case, where anyone who downloads the software can join the network. Such systems are anathema to the anti-hierarchical ethos of cryptocurrencies, but the approach appeals to financial and other institutions looking to exploit the advantages of a shared cryptographic database.
Private (Permissioned blockchain) systems, however, raise their own questions. Who has the authority to grant permission? How will the system ensure that the validators are who they say they are?
A permissioned system may make its owners feel more secure, but it really just gives them more control, which means they can make changes whether or not other network participants agree—something true believers would see as violating the very idea of the blockchain.
Hence, in the end, “secure” ends up being very hard to define in the context of blockchains. Secure for what? Secure from whom? But according to Narula “It depends on your perspective.