Deloitte Details Cybersecurity Challenges for Distributed Ledger TechnologyRyan Tucker
A new white paper from Deloitte highlights the threats that blockchain technology – also known as Distributed Ledger Technology (DLT) – faces on the cybersecurity front and suggests possible countermeasures. “Security considerations in relation to the cryptographic and immutable nature of blockchain technology include key management, the risk of an attacker overpowering a private blockchain, centralization of authority within the network, [and] privacy and the right to be forgotten,” the firm says.
For key management, the white paper notes there exist multiple well-established best practices for storing and transmitting private keys, such as secure hardware modules. However, cyberattackers have other ways of causing havoc, such as a denial-of-service (DOS) attack, which undermines the capability of processing transactions.
“Where a ledger uses a proof-of-work [POW] consensus mechanism, an attacker (possibly an insider in one of the participating entities) could create a disproportionate number of nodes and then reverse blocks and amend historical transactions at will,” Deloitte says. For example, if each participant in a POW blockchain utilizes only 10 nodes, spinning up 1,000 nodes on Amazon could enable 100 blocks to be reversed. “For this reason, POW consensus is not recommended for permissioned blockchains,” says the firm. Consensus tools like Proof of Authority or Practical Byzantine Fault Tolerance ought to be deployed instead.
In this context, centralization can prove highly vulnerable, because “compromising this authority can put the entire system at risk,” it adds. Therefore, when implementing permissioned blockchains, peers should operate in a decentralized network to limit this possibility.
Finally, there is the right to be forgotten – a requirement to remove data – something Deloitte says can be hard to implement on platforms where data is immutable. Sometimes it’s possible to prune a blockchain of blocks older than a set number of years. Another approach is to encrypt all data written to the chain.