Security Issues and Challenges

Though game-theory-based consensus mechanisms and cryptographic puzzles make blockchain technology near unfeasible to hack, these techniques do not claim that security issues for blockchain are non-existent. Inherited security features of blockchain make it resistant to attacks but not immune to them [62, 63]. Table 6.1 lists some security issues and challenges in blockchain technology. In this section, we discuss security issues and challenges of blockchain technology.

  • • 51% attacks: It is one of the most severe security issues in blockchain. It is an attack in which a group of miners take control of the more than 50% of the network’s mining hash rate or computing power. In this attack, attackers prevent new transactions from being confirmed and send them to a halt state. Apart from this, attackers are able to reverse the completed transactions of a block and thus are able to spend coins doubly. In the year 2018, several cryptocurrencies such as ZenCash, Gold, Verge, and Ethereum Classic suffered 51% attacks. Attackers have controlled the huge hash power of bitcoin Gold in such a way after increasing the exchange threshold values by bitcoin Gold, attackers were able to spend coins doubly for many days. Being keen eyed on mining pool, executing mining with a higher hash rate or continuously switching to different consensus algorithm can be viable options to deal with this issue.
  • • Exchange hacks: Crypto exchange hacks are often nowadays. Crypto exchanges are the most vulnerable targets for the attackers. A crypto exchange is based on centralised single point failure mechanism which makes it more vulnerable to be targeted by attackers. Security problems for exchange hacks can be divided into two categories: client side and server side. In client side category,

6 • Emerging Solutions for DDoS Attack 113

TABLE 6.1 Security issues and challenges of blockchain

FEATURE

DESCRIPTION

Scalability
  • • There has been enormous data quantity in every block of blockchain.
  • • Whenever a new transaction occurs, its complete information has to be added to the ledger. Therefore, as the payment history increases, there exists a danger of sudden failure of blockchain.
  • • Block size is also the main factor for scalability issue.
  • • Response time for getting a transaction validated is usually larger during peak times.

Security management
  • • Security management in small blockchain-based project is easier to achieve. As the size of the project increases, it is difficult to achieve.
  • • "Who has the right to change the password?" is a debatable point.
  • • Private keys are considered as the digital identity and security credential on blockchain and attackers are always there to steal them.
  • • Complex codes of smart contract can expose open vulnerabilities of the blockchain system.

Standardisation
  • • Lack of inter-operability between blockchain networks.
  • • Lack of standardisation and benchmarks to regulate blockchain networks.
  • • There is no uniformity in blockchain protocols resulting into inconsistency in blockchain security and mass adoption.
  • • Consistent data communication is needed in open blockchain systems.

Integration in existing infrastructure
  • • There is a need for restructuring the whole previous hardware and software systems to employ blockchain with their organisation.
  • • Lack of skilled labour in this particular domain for managing complexity of peer-to-peer networks.

Real time
  • • During peak time, transaction time gets slower. There is a need to enable offline transactions.
  • • Public blockchain systems are inappropriate for real time due to high background activity.

Profitability
  • • Proof-of-Work consensus mechanism wastes a large amount of resources. However, there exist other consensus mechanisms that provide possible solutions to it.
  • • Transaction costs are also large and central to the systems.

(Continued)

114 Distributed Denial of Service (DDoS) Attacks

TABLE 6.1 Security issues and challenges of blockchain (Continued)

FEATURE

DESCRIPTION

Lack of awareness and understanding
  • • Main challenge of blockchain technology is that small and medium businesses are unaware of this technology and its functionalities.
  • • There is lack of investment from small and medium businesses.

Productivity paradox
  • • Speed and efficiency of blockchain in peer-to-peer network comes at the cost of high aggregate cost.
  • • Every node tends to perform the same task as other nodes perform at the same time because every node attempts to mine the other block to find the solution at the earliest.

Security and privacy challenges
  • • Pseudo anonymity feature of cryptocurrency raises some serious security and privacy issues in blockchain as some applications of blockchain need smart transactions and contract leads to known digital identity.
  • • Though, blockchains are more secure than traditional computer systems, however, attackers can attack the applications built on blockchain.

Environmental cost
  • • Huge energy consumption of blockchain leads to adverse effects on environment.
  • • Blockchain are built on cryptocurrencies like bitcoin and consensus mechanisms like PoW that consume a large amount of resources for validating the transactions.

there exist many issues like cross site scripting attacks (XSS), open redirects which facilitate attacker in performing phishing-like attack, and issues related to SSL. An XSS attack injects malicious Java script into the web page that successfully extracts the wallet address. Attackers can redirect user to a seemingly legitimate crypto exchange link through open redirects. In this attack, a link with original exchange domain can make a user to download a malicious script unknowingly. In server side category, key-value injections, race conditions, and authentication issues are some of the challenges.

• Social engineering: Social engineering is also one of the major challenges that blockchain technology is currently facing. It comes in many forms but its main motive is always to steal private keys, login credentials, or cryptocurrencies. Phishing is the most common social engineering attack [64]. Some fake mails can be sent by

6 • Emerging Solutions for DDoS Attack 115

attackers with information like enhancing wallet security through two-factor authentication mechanisms. Users are convinced to send their login credentials through these kinds of mails.

  • • Software flaws: Though blockchain technology has proved its worth by dealing with all types of attacks, the applications that utilise this technology are still prone to many bugs. In the previous year, the damage associated with software bugs in cryptowallets and decentralised apps was almost $24 million. It is very important that any software application that is built on top of the Distributed ledger technology (DLT) must undergo rigorous testing and verification. Testing process should include penetration testing, code reviews, and audits for smart contract. Before using any blockchain-based application, one must ensure that that it must undergo through a third-party scrutiny process.
  • • Malware: It is the most common challenge to the security of any online process. In blockchain technology, it is related to malicious block-mining software, crypto-exchange hack codes, or any other code that can shut down the servers or steal cryptocurrencies from a user, for example, cryptojacking malware. It is the type of malware which exploits vulnerabilities of blockchain and cryptocurrencies. This malware helps attackers to have unauthorised access of a computer’s resources to mine cryptocurrencies. This malware does not steal currencies implicitly but induces performance issues like create backdoors for other types of malicious codes. Vigilance of users can help them dodging these types of malware.
 
Source
< Prev   CONTENTS   Source   Next >