Security and Block chain
The concept of public and private in the context of Block chains is less to do with sharing but more to do with who can authenticate a transaction or not. In a public Block chain – like bitcoin –every node can authenticate a transaction. But in the case of permissioned ledger or private Block chain, you select a certain number of entities who have preferential rights to authenticate that transaction. So when we come to access, that’s where we come to the privacy bit.
So what does this do in terms of security and in terms of confidentiality?
On the security front – the database is replicated across different nodes and each can view the transaction – as a result, any change which is made to the database all the nodes in a system have to verify that and authenticate that change. Even in a private Block chain, for example in a supply chain, confidentiality is an issue. Not everything in a supply chain transaction is meant to be viewed by all the actors and you need to restrict access. This decentralization and relative freedom of access has led to some unexpected consequences: Because anyone can read and write transactions, bitcoin transactions have fueled black market trading. Since the consensus protocol is energy consuming, the majority of users operate in countries with cheap electricity, leading to network centralization and the possibility of collusion, and making the network vulnerable to changes in policy on electricity subsidies.
Both of these trends have led to an increased interest in private block chains, which could ultimately give businesses a greater degree of control.
Primarily used in financial contexts, private block chains give their operators control over who can read the ledger of verified transactions, who can submit transactions, and who can verify them. The applications for private block chains include a variety of markets in which multiple parties wish to participate simultaneously but do not fully trust one another. For example, private block chain systems supporting land and physical asset registries , commodities trading , and private equity distribution are all being tested. As these systems develop and evolve, they, too, may encounter unexpected consequences, some of which will have repercussions for the security of the system and the assets it manages or stores. As in software and product development, considering security at an early stage alleviates the difficulty of making fundamental changes to a product to address a security flaw later on.
It simply means that Block chain as a solution cannot be used for everyone.
To understand the inherent security risks in block chain technology, it’s important to understand the difference between public and private block chains.
There are generally three categories of block chain-like database applications:
1. Public block chains
A public block chain is one in which anyone in the world can read, anyone in the world can send transactions to and expect to see them included if they are valid, and anyone in the world can participate in the consensus process – the process for determining what blocks get added to the chain and what the current state is.
As a substitute for centralized or quasi-centralized trust, public block chains are secured by crypto economics – the combination of economic incentives and cryptographic verification using mechanisms such as proof of work or proof of stake, following a general principle that the degree to which someone can have an influence in the consensus process is proportional to the quantity of economic resources that they can bring to bear. These block chains are generally considered to be “fully decentralized”.
2. Consortium block chains
A consortium block chain is one where the consensus process is controlled by a pre-selected set of nodes; for example, one might imagine a consortium of 15 financial institutions, each of which operates a node and of which 10 must sign every block in order for the block to be valid.
The right to read the block chain may be public, or restricted to the participants, and there are also hybrid routes such as the root hashes of the blocks being public together with an API that allows members of the public to make a limited number of queries and get back cryptographic proofs of some parts of the block chain state. These block chains may be considered “partially decentralized”.
3. Fully private block chains
A fully private block chain is one where write permissions are kept centralized to one organization. Read permissions may be public or restricted to an arbitrary extent. Likely applications include database management, auditing, etc internal to a single company, and so public readability may not be necessary in many cases at all, though in other cases public auditability is desired.
Private block chains. Compared to public block chains, they have a number of advantages:
- The consortium or company running a private block chain can easily, if desired, change the rules of a block chain, revert transactions, modify balances, etc. In some cases, eg national land registries, this functionality is necessary as an attempt to create a government-uncontrollable land registry would in practice quickly devolve into one that is not recognized by the government itself
- The validators are known, so any risk of a 51% attack arising from some miner collusion does not apply
- Transactions are cheaper, since they only need to be verified by a few nodes that can be trusted to have very high processing power, and do not need to be verified by ten thousand other systems
- Nodes can be trusted to be very well-connected, and faults can quickly be fixed by manual intervention, allowing the use of consensus algorithms which offer finality after much shorter block times
Given all of this, it may seem like private block chains are unquestionably a better choice for institutions. However, even in an institutional context, public block chains still have a lot of value and in fact this value lies to a substantial degree in the philosophical virtues that advocates of public block chains which are freedom, neutrality and openness.
Advantages of public block chains generally fall into two major categories:
- Public block chains provide a way to protect the users of an application from the developers, establishing that there are certain things that even the developers of an application have no authority to do
- Public block chains are open, and therefore are likely to be used by very many entities and gain some network effects. To give a particular example, consider the case of domain name escrow. Currently, if A wants to sell a domain to B, there is the standard counterparty risk problem that needs to be resolved: if A sends first, B may not send the money, and if B sends first then A might not send the domain. To solve this problem, we have centralized escrow intermediaries, but these charge fees of three to six percent. However, if we have a domain name system on a block chain, and a currency on the same block chain, then we can cut costs to near-zero with a smart contract: A can send the domain to a program which immediately sends it to the first person to send the program money, and the program is trusted because it runs on a public block chain. Note that in order for this to work efficiently, two completely heterogeneous asset classes from completely different industries must be on the same database – not a situation which can easily happen with private ledgers
As the implications of the invention of have become understood, a certain hype has sprung up around block chain technology. This is, perhaps, because it is so easy to imagine high-level use cases. Block chain technology offers new tools for authentication and authorization in the digital world that preclude the need for many centralized administrators. As a result, it enables the creation of new digital relationships.
Is the data dynamic with an auditable history?
Paper can be hard to counterfeit because of the complexity of physical seals or appearances. Like etching something in stone, paper documents have certain permanence. But, if the data is in constant flux, if it is transactions occurring regularly and frequently, then paper as a medium may not be able to keep up the system of record. Manual data entry also has human limitations. So, if the data and its history are important to the digital relationships they are helping to establish, then block chains offer a flexible capacity by enabling many parties to write new entries into a system of record that is also held by many custodians.
One of the first decisions to make when establishing a block chain (public or private) is about the network architecture of the system. Private block chain operators can control who is allowed to operate a node, as well as how those nodes are connected; a node with more connections will receive information faster. Likewise, nodes may be required to maintain a certain number of connections to be considered active. A node that restricts the transmission of information, or transmits incorrect information, must be identifiable and circumvent-able to maintain the integrity of the system. A private block chain underlying commodities trading may grant more-central positions in the network to established trading partners, and may require new nodes to maintain a connection to one of these central nodes as a security measure to ensure it behaves as expected.
Another security concern in the establishment of network architecture is how to treat uncommunicative or intermittently active nodes. Nodes may go offline for innocuous reasons, but the network must be structured to function (to obtain consensus on previously verified transactions and to correctly verify new transactions) without the offline nodes, and it must be able to quickly bring these nodes back up to speed if they return.
The process used to get consensus (verifying transactions through problem solving) is purposely designed to take time, currently around 10 minutes. Transactions are not considered fully verified for about one to two hours, after which point they are sufficiently “deep” enough in the ledger that introducing a competing version of the ledger, known as a fork, would be computationally expensive.
While the risks of building a financial market or other infrastructure on a public block chain may give a new entrant pause, private block chains offer a degree of control over both participant behavior and the transaction verification process. The use of a block chain-based system is a signal of the transparency and usability of that system, which are bolstered by the early consideration of the system’s security. Just as a business will decide which of its systems are better hosted on a more secure private intranet or on the internet, but will likely use both, systems requiring fast transactions, the possibility of transaction reversal, and central control over transaction verification will be better suited for private block chains, while those that benefit from widespread participation, transparency, and third-party verification will flourish on a public block chain.
If high performance, millisecond transactions are what is required, then it’s best to stick with a traditional-model centralized system. Block chains as databases are slow and there is a cost to storing the data – the processing (or 'mining') of every block in a chain. Centralized data systems based on the client-server model are faster and less expensive at present.
In short, while we still don’t know the full limits and possibilities of block chains, we can at least say the use cases which have passed inspection have all been about managing and securing digital relationships as part of a system of record.
So what does this do in terms of security and in terms of confidentiality?
On the security front – the database is replicated across different nodes and each can view the transaction – as a result, any change which is made to the database all the nodes in a system have to verify that and authenticate that change. Even in a private Block chain, for example in a supply chain, confidentiality is an issue. Not everything in a supply chain transaction is meant to be viewed by all the actors and you need to restrict access. This decentralization and relative freedom of access has led to some unexpected consequences: Because anyone can read and write transactions, bitcoin transactions have fueled black market trading. Since the consensus protocol is energy consuming, the majority of users operate in countries with cheap electricity, leading to network centralization and the possibility of collusion, and making the network vulnerable to changes in policy on electricity subsidies.
Both of these trends have led to an increased interest in private block chains, which could ultimately give businesses a greater degree of control.
Primarily used in financial contexts, private block chains give their operators control over who can read the ledger of verified transactions, who can submit transactions, and who can verify them. The applications for private block chains include a variety of markets in which multiple parties wish to participate simultaneously but do not fully trust one another. For example, private block chain systems supporting land and physical asset registries , commodities trading , and private equity distribution are all being tested. As these systems develop and evolve, they, too, may encounter unexpected consequences, some of which will have repercussions for the security of the system and the assets it manages or stores. As in software and product development, considering security at an early stage alleviates the difficulty of making fundamental changes to a product to address a security flaw later on.
It simply means that Block chain as a solution cannot be used for everyone.
To understand the inherent security risks in block chain technology, it’s important to understand the difference between public and private block chains.
There are generally three categories of block chain-like database applications:
1. Public block chains
A public block chain is one in which anyone in the world can read, anyone in the world can send transactions to and expect to see them included if they are valid, and anyone in the world can participate in the consensus process – the process for determining what blocks get added to the chain and what the current state is.
As a substitute for centralized or quasi-centralized trust, public block chains are secured by crypto economics – the combination of economic incentives and cryptographic verification using mechanisms such as proof of work or proof of stake, following a general principle that the degree to which someone can have an influence in the consensus process is proportional to the quantity of economic resources that they can bring to bear. These block chains are generally considered to be “fully decentralized”.
2. Consortium block chains
A consortium block chain is one where the consensus process is controlled by a pre-selected set of nodes; for example, one might imagine a consortium of 15 financial institutions, each of which operates a node and of which 10 must sign every block in order for the block to be valid.
The right to read the block chain may be public, or restricted to the participants, and there are also hybrid routes such as the root hashes of the blocks being public together with an API that allows members of the public to make a limited number of queries and get back cryptographic proofs of some parts of the block chain state. These block chains may be considered “partially decentralized”.
3. Fully private block chains
A fully private block chain is one where write permissions are kept centralized to one organization. Read permissions may be public or restricted to an arbitrary extent. Likely applications include database management, auditing, etc internal to a single company, and so public readability may not be necessary in many cases at all, though in other cases public auditability is desired.
Private block chains. Compared to public block chains, they have a number of advantages:
- The consortium or company running a private block chain can easily, if desired, change the rules of a block chain, revert transactions, modify balances, etc. In some cases, eg national land registries, this functionality is necessary as an attempt to create a government-uncontrollable land registry would in practice quickly devolve into one that is not recognized by the government itself
- The validators are known, so any risk of a 51% attack arising from some miner collusion does not apply
- Transactions are cheaper, since they only need to be verified by a few nodes that can be trusted to have very high processing power, and do not need to be verified by ten thousand other systems
- Nodes can be trusted to be very well-connected, and faults can quickly be fixed by manual intervention, allowing the use of consensus algorithms which offer finality after much shorter block times
Given all of this, it may seem like private block chains are unquestionably a better choice for institutions. However, even in an institutional context, public block chains still have a lot of value and in fact this value lies to a substantial degree in the philosophical virtues that advocates of public block chains which are freedom, neutrality and openness.
Advantages of public block chains generally fall into two major categories:
- Public block chains provide a way to protect the users of an application from the developers, establishing that there are certain things that even the developers of an application have no authority to do
- Public block chains are open, and therefore are likely to be used by very many entities and gain some network effects. To give a particular example, consider the case of domain name escrow. Currently, if A wants to sell a domain to B, there is the standard counterparty risk problem that needs to be resolved: if A sends first, B may not send the money, and if B sends first then A might not send the domain. To solve this problem, we have centralized escrow intermediaries, but these charge fees of three to six percent. However, if we have a domain name system on a block chain, and a currency on the same block chain, then we can cut costs to near-zero with a smart contract: A can send the domain to a program which immediately sends it to the first person to send the program money, and the program is trusted because it runs on a public block chain. Note that in order for this to work efficiently, two completely heterogeneous asset classes from completely different industries must be on the same database – not a situation which can easily happen with private ledgers
As the implications of the invention of have become understood, a certain hype has sprung up around block chain technology. This is, perhaps, because it is so easy to imagine high-level use cases. Block chain technology offers new tools for authentication and authorization in the digital world that preclude the need for many centralized administrators. As a result, it enables the creation of new digital relationships.
Is the data dynamic with an auditable history?
Paper can be hard to counterfeit because of the complexity of physical seals or appearances. Like etching something in stone, paper documents have certain permanence. But, if the data is in constant flux, if it is transactions occurring regularly and frequently, then paper as a medium may not be able to keep up the system of record. Manual data entry also has human limitations. So, if the data and its history are important to the digital relationships they are helping to establish, then block chains offer a flexible capacity by enabling many parties to write new entries into a system of record that is also held by many custodians.
One of the first decisions to make when establishing a block chain (public or private) is about the network architecture of the system. Private block chain operators can control who is allowed to operate a node, as well as how those nodes are connected; a node with more connections will receive information faster. Likewise, nodes may be required to maintain a certain number of connections to be considered active. A node that restricts the transmission of information, or transmits incorrect information, must be identifiable and circumvent-able to maintain the integrity of the system. A private block chain underlying commodities trading may grant more-central positions in the network to established trading partners, and may require new nodes to maintain a connection to one of these central nodes as a security measure to ensure it behaves as expected.
Another security concern in the establishment of network architecture is how to treat uncommunicative or intermittently active nodes. Nodes may go offline for innocuous reasons, but the network must be structured to function (to obtain consensus on previously verified transactions and to correctly verify new transactions) without the offline nodes, and it must be able to quickly bring these nodes back up to speed if they return.
The process used to get consensus (verifying transactions through problem solving) is purposely designed to take time, currently around 10 minutes. Transactions are not considered fully verified for about one to two hours, after which point they are sufficiently “deep” enough in the ledger that introducing a competing version of the ledger, known as a fork, would be computationally expensive.
While the risks of building a financial market or other infrastructure on a public block chain may give a new entrant pause, private block chains offer a degree of control over both participant behavior and the transaction verification process. The use of a block chain-based system is a signal of the transparency and usability of that system, which are bolstered by the early consideration of the system’s security. Just as a business will decide which of its systems are better hosted on a more secure private intranet or on the internet, but will likely use both, systems requiring fast transactions, the possibility of transaction reversal, and central control over transaction verification will be better suited for private block chains, while those that benefit from widespread participation, transparency, and third-party verification will flourish on a public block chain.
If high performance, millisecond transactions are what is required, then it’s best to stick with a traditional-model centralized system. Block chains as databases are slow and there is a cost to storing the data – the processing (or 'mining') of every block in a chain. Centralized data systems based on the client-server model are faster and less expensive at present.
In short, while we still don’t know the full limits and possibilities of block chains, we can at least say the use cases which have passed inspection have all been about managing and securing digital relationships as part of a system of record.
Comments