Blockchain offers an innovative approach to storing information, executing transactions, performing functions, and establishing trust in an open environment. Many consider blockchain as a technology breakthrough for cryptography and cybersecurity, with use cases ranging from globally deployed cryptocurrency systems like Bitcoin, to smart contracts, smart grids over the Internet of Things, and so forth. Although blockchain has received growing interest in both academia and industry in recent years, the security and privacy of blockchains continue to be at the center of the debate when deploying blockchain in different applications. In this article, we refer to [1] and present the security and privacy properties that are desired in the current blockchain systems.
We first discuss the security requirements of blockchain transactions, each of such requirements is targeted at one type of known vulnerabilities. Then, we describe the basic and inherent security properties of blockchain, and present the set of important additional security and privacy properties of blockchain, which are either present in some existing blockchain systems or desired by many blockchain applications. We broadly categorize the security and privacy requirements for blockchain transactions into the following six types:
- Integrity of Transactions
When using online transactions for investment and asset management, equity, bonds, notes, income vouchers, and other assets are managed by different intermediaries. It not only increases the tran-saction costs, but also brings the risk of deliberately falsifying or forging the certificates. Thus, the system must guarantee integrity of transactions and prevent transactions from being tampered with [2].
- Availability of System and Data [3]
The users of online systems should be able to access the data of transactions at any time, anywhere. The availability here refers to both system level and transaction level. At the system level, the system should run reliably even in the event of a network attack. At the transaction level, the data of transactions can be accessed by authorized users without being unattainable, inconsistent, or corrupted.
- Prevention of Double-Spending
An important challenge in trading digital currency in a decentralized network is how to prevent double-spending, namely spending a coin more than once [4]. In the centralized environment, a trusted central third party is responsible for verifying whether a digital currency has been double-spent or not. For transactions performed in a decentralized network environment, we need robust security mechanisms and countermeasures to prevent double-spending.
- Confidentiality of Transactions
In most of the financial online transactions, users wish to have the minimal disclosure of their transactions and account information in an online trading system. The minimal disclosure includes the following: (1) users’ transaction information cannot be accessed by any unauthorized user; (2) the system administrator or the participant of the network cannot disclose any user’s information to others without his or her permission; (3) all user data should be stored and accessed consistently and securely, even under unexpected failures or malicious cyber-attacks. Such confidentiality is desirable in many non-financial scenarios.
- Anonymity of Users’ Identity
The difficulty of efficient and secure sharing of user data among various financial institutions may result in a high cost of repeated user authentication. It also indirectly brings the disclosure risk of users’ identity by some intermediaries. In addition, one or both parties to the transaction may be reluctant to let the other party know their real identity in some cases [5].
- Unlinkability of Transactions
Different from identity anonymity (not revealing real identity), users should require that the transactions related to themselves cannot be linked. Because once all the transactions relevant to a user can be linked, it is easy to infer other information about the user, such as the account balance, and the type and frequency of transactions. Using such statistical data about transactions and accounts in conjunction with some background knowledge about a user, curious or adversarial parties may guess (infer) the true identity of the user with high confidence.
Blockchain is constructed to ensure a number of inherent security attributes, such as consistency, tamper-resistant, resistance to a Distributed Denial-of-Service (DDoS) attack, pseudonymity, and resistance to double-spending attack. However, to use blockchain for secure distributed storage, additional security and privacy properties are required. The inherent and additional security properties are listed as follows:
- Consistency
The concept of consistency in the context of blockchain as a distributed global ledger refers to the property that all nodes have the same ledger at the same time. The consistency property has raised some controversial debate. Some argue that Bitcoin systems only provide eventual consistency, which is a weak consistency. Others claim that Bitcoin guarantees strong consistency, not eventual consistency [6].
- Tamper-Resistance
Tamper-resistance refers to the resistance to any type of intentional tampering to an entity by either the users or the adversaries with access to the entity, be it a system, a product, or other logical/physical object. Tamper-resistance of blockchain means that any transaction information stored in the blockchain cannot be tampered during and after the process of block generation.
- Resistance to DDoS Attacks
A denial-of-service (DoS) attack on a host is the type of cyberattack that disrupts the hosted Internet services by making the host machine or the network resource on the host unavailable to its intended users. DoS attacks attempt to overload the host system or the host network resource by flooding with superfluous requests, consequently stalling the fulfillment of legitimate services.
- Pseudonymity
Pseudonymity refers to a state of disguised identity. In Bitcoin, addresses in blockchain are hashes of public keys of a node (user) in the network. Users can interact with the system by using their public key hash as their pseudo-identity without revealing their real name. Thus, the address that a user uses can be viewed as a pseudo-identity. We can consider the pseudonymity of a system as a privacy property to protect a user’s real name. Although pseudonymity can achieve a weak form of anonymity by means of the public keys, there are still risks of revealing identity information of users [7].
- Unlinkability
Unlinkability refers to the inability of stating the relation between two observations or two observed entities of the system with high confidence. Anonymity refers to the state of being anonymous and unidentified. Although the blockchain in Bitcoin ensures pseudonymity by offering pseudo-identity as support for the anonymity of a user identity, it fails to provide users the protection of unlinkability for their transactions [8].
- Confidentiality of Transactions and Data Privacy
Data privacy of blockchain refers to the property that blockchain can provide confidentiality for all data or certain sensitive data stored on it.
Zecrey official website: Zecrey
Welcome to join our communities and follow us on twitter
Medium:https://medium.com/@zecrey
Twitter: https://twitter.com/zecreyprotocol
Telegram: https://t.me/zecrey
Discord: https://discord.com/invite/U98ghQsJE5
References
[1] Zhang R, Xue R, Liu L. Security and privacy on blockchain[J]. ACM Computing Surveys (CSUR), 2019, 52(3): 1-34.
[2] Zikratov I, Kuzmin A, Akimenko V, et al. Ensuring data integrity using blockchain technology[C]//2017 20th Conference of Open Innovations Association (FRUCT). IEEE, 2017: 534-539.
[3] https://medium.com/zeroknowledge/data-availability-scaling-blockchains-852f9a54fe54
[4] https://www.investopedia.com/terms/d/doublespending.asp
[5] Liu Y, He M, Pu F. Anonymous Transaction of Digital Currency Based on Blockchain[J]. Int. J. Netw. Secur., 2020, 22(3): 442-448.
[6] Emin Gün Sirer. 2016. Bitcoin Guarantees Strong, Not Eventual, Consistency
[7] https://ledgerops.com/blog/blockchains-arent-anonymous-but-they-can-be-05-01-2019/
[8] Singh K, Heulot N, Hamida E B. Towards anonymous, unlinkable, and confidential transactions in blockchain[C]//2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 2018: 1642-1649.
No comments:
Post a Comment