See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/355576423

Blockchain and cyber security

Article · August 2021

CITATIONS READS
5 2,191

1 author:

Mohammed Qasim Alazzawi

Al-Mustaqbal University College
4 PUBLICATIONS 5 CITATIONS

SEE PROFILE

All content following this page was uploaded by Mohammed Qasim Alazzawi on 25 October 2021.

The user has requested enhancement of the downloaded file.

Emam Reza University of Mashhad
Faculty of Engineering
Copmputer Engineering Department

By:
Mohammed Qasim Obayes

Supervisor:
Dr.
Alireza Movahedian

2021
 TABLE OF CONTENTS
.1 Introduction .......................................................................................................................................... 2

2. Block-chain factors and issues .............................................................................................................. 3

.3 Block-chain security issues ................................................................................................................... 6

4. The fundamentals of block-chain.......................................................................................................... 9

5. Block-chain Use Cases for Cybersecurity ............................................................................................ 11

6. Using the block chain for cybersecurity: pros and cons ..................................................................... 15

TABLE OF FIGURES

Figure 1 Blockchain components.................................................................................................................. 6

Figure 2 Smart Contract Vulnerabilities ...................................................................................................... 9
Figure 3 Block chain Fundamentals............................................................................................................ 10
Figure 4 Block-chain dor cybersecurity cons ........................................................................................... 15
Figure 5 Block-chain in cybersecurity pros ................................................................................................ 17

1
 1. INTRODUCTION

Blockchain technology is a decentralized ledger of digital asset ownership on which

the asset owners, or users, can initiate transfer to other users whose interconnected
computers run blockchain software (“nodes”). The transactions themselves are
encrypted transfer data that, when confirmed (in batches, roughly every 10 minutes),
comprise the “blocks” and when linked sequentially to the referenced prior block,
comprise the “chain.” Confirmation occurs when the first of these nodes, each of
which maintains a current copy of the blockchain, verifies the transaction(s) by
utilizing specialized computational software to solve a complicated encryption
problem. Then, and only then, does this node add the new block sequentially into
the chain, causing the other nodes to validate the solution and update their ledgers
accordingly. This verification yields compensation (e.g., in bitcoins or other
cryptocurrency) to the problem-solving node, a “miner,” for the processing power
expended in first successfully confirming the transaction. Realizing this potential,
global investment banks are beginning to develop public and private blockchain
technology standards and protocols, with a goal of reimagining their daily operations
within the global financial system. While the possibilities for financial innovation
— shared ledgers and smart contracts to name a few — are dizzying, it is important
to remember one thing: the speed and extent of acceptance of blockchain technology
within the global financial services community will ultimately depend on the
security of the network. Earlier this year, Interpol reported that blockchain can be
repurposed by hackers to export malware to all computers within the network.
Interpol proved this by introducing a proof-of-concept malware that showed the
viability of such a cyberattack. In the event of an actual attack, blockchain’s virtues,
such as decentralization and immutability, would instantly become vices, as the
malware would spread far and wide and the pollution would not be easily erased.

2
The intermediary functions described above are currently critical actions within
global financial services, particularly in relation to financial asset trading; however,
these activities are increasingly expensive, inefficient and, most dangerous of all,
risky. They are expensive because the information technology investment and
maintenance costs are significant. They are inefficient because although trading is
swift for many financial assets, settlement is not, with too much reliance on back-
office human agency and duplication of effort and systems. They are risky because
settlement delay introduces counterparty risk, and data concentration on centralized
servers introduces operational/systems risk. In short, they are increasingly capital-
intensive activities in the post-credit crisis milieu, where despite muted trading
revenue, the demands of regulators grow louder for more transparent [1]

2. BLOCK-CHAIN FACTORS AND ISSUES

This section discusses the key factors and issues related to blockchain
implementation in smart networks, including existing solutions and
recommendations. The following section shows elements in blockchain and related
concerns

• Decentralization In block-chain technology, decentralization entails

dispersing functions throughout a system rather than having all units
connected with and controlled by a central authority; in other words, there is
no central point of control, and this absence of centralized authority in a
blockchain is what makes it more secure than other technologies. Each
blockchain user, called a miner, is assigned a unique transaction account, and
blocks are added once the miners are validated. The decentralized nature of
the data records used in blockchain technology exemplifies its revolutionary

3
 quality; blockchain networks use consensus protocols to secure nodes. In this
way, transactions are validated and data cannot be destroyed. While the
decentralized nature of networks allows for peer-to-peer operations, it also
poses major challenges to personal data privacy [2].
• Consensus model Consensus refers to agreement among entities, and
consensus models help decentralized networks make unanimous decisions.
This allows for all records to be tracked from a single authority. Blockchain
technology requires consensus algorithms to ensure that each next block is
the only true version; that is, the algorithms ensure that all nodes agree that
each new block added to the blockchain carries the same message. Consensus
models guarantee against ‘‘fork attacks’’ and can even protect against
malicious attacks. The three main features of consensus models are as
follows:
o Consistency- this protocol is safe and consistent when all nodes
produce the same output.
o Aliveness- the consensus protocol guarantees aliveness if all
participating nodes have produced a result.
o Fault tolerance- the mechanism delivers fault tolerance for recovery
from failure nodes
• Transparency and privacy

The most appealing aspect of blockchain technology is the degree of privacy it

offers, but this can create some confusion regarding transparency. Blockchain
networks periodically (i.e., every 10 minutes) self-audit the digital value ecosystems
that coordinate transactions; one set of these transactions is called a block, and this
process results in two properties: transparency and impossibility of corruption. In a
blockchain, the identity of the user is hidden behind a strong cipher, making it

4
particularly difficult to link public addresses to individual users. The question thus
arises of how blockchain can be regarded as truly transparent. Blockchain is already
regarded as a powerful technology. It organizes interactions in such a way that
greatly improves reliability while also eliminating the business and political risks
associated with managing processes through central entities, thus reducing the need
for trust. Blockchain networks create platforms that can simultaneously run different
applications from different companies, enabling seamless and efficient dialogue and
the creation of audit trails through which everyone can verify that everything is being
processed correctly [3].

• Blockchain components

Fig. 1 shows many of the essential components of a blockchain. Detailed

descriptions of each component are as follows [4]:

Ledger: Contains the current world state of the blockchain transactions.

Smart Contract: Encapsulates the business network transactions into code. A
transaction call causes the ledger state to be retrieved and set.
Consensus network: A set of data and processing peers that continually
maintain the replicated ledger.
Membership: Manages identity and transactional certificates and other aspects
of access rights.
Events: Generates notifications about important actions in the blockchain
(such as new blocks) as well as notifications related to smart contracts with
no event distribution .

5
 Figure 1 Blockchain components

3. BLOCK-CHAIN SECURITY ISSUES

1) Transaction Malleability: During contracted transactions, the agreement does

not immediately cover all the information in the hashed transaction; therefore,
it is rare but possible for a node to change a transaction in the network in such
a way that the hash is not validated. Christian Decker and Roger Wattenhofer
6
 defined transaction malleability as when transactions are intercepted,
modified, and rebroadcast, thus leading the transaction legal entity to believe
that the original transaction was not confirmed .
2) Network Security: An eclipse attack occurs when an opponent controls pieces
of network communication and logically divides the network to increase
synchronization delay; an example is a simple denial of service attack to
improve selfish mining and double-spending. In eclipse attacks, an attacker
selects and hides information from one or more participants, potentially by
delaying the delivery of blocks to a node [5].
3) Privacy: Privacy and confidentiality are still major concerns with blockchain
transactions because each node can access data from another node, and anyone
viewing the blockchain can see all transactions. Studies have suggested
various ways to overcome this problem, but these methods are only practical
for specific applications, and they do not cover all issues. Due to the enormous
number of data transmissions, communications involving important data in
the network might be attacked by some adversaries through attacks such as
the man-in-the-middle (MitM) attack and the DoS/DDoS attack. IoT poses
many unique privacy challenges, such as data privacy and tracking concerns
for phones and cars. In addition, voice recognition is being integrated to allow
devices to listen to conversations to actively transmit data to cloud storage for
processing.
4) Redundancy: Expensive duplication for the purpose of eliminating the
arbitration that allows each node of the network to have a copy of every
transaction. However, it is both financially and legally illogical to have
redundant brokering; banks are not willing to perform every transaction with
every

7
5) bank or complete other banks’ transactions. Such duplication only increases
costs while providing no conceivable benefit.Regulatory Compliance:
Blockchains exist regardless of the law, and government authorities do not
necessarily change how they do their jobs in response to the existence of
blockchains. Applying blockchain technology in the legal and financial
sectors in non-Bitcoin currencies creates regulatory challenges, but
infrastructure regulation is very similar to blockchain regulation. Yeoh
discussed the key regulatory issues affecting the blockchain and innovation
distributed technology that has been adopted across Europe and the United
States.
6) Criminal Activity: Bitcoin-enabled third-party trading platforms allow users
to purchase or sell a wide variety of products. These processes are anonymous,
making it difficult to track user behavior and impose legitimate sanctions.
Criminal activity involving Bitcoin frequently involves ransomware,
underground markets, and money laundering. Some underground markets that
operate online trade as Tor hidden services use Bitcoin exchange currency,
thus making blockchain availability uncertain because of criminal activity.
Table 2 lists the top 10 item available categories.
7) Vulnerabilities in Smart Contracts: When a program is executed in a
blockchain, a smart contract can have security vulnerabilities caused by a flaw
in that program. For instance, the authors of one study found that ‘‘8,833 out
of 19,366 Ethereum smart contracts are vulnerable’’ to bugs such as ‘‘(i)
transaction-ordering dependence, (ii) timestamp dependence, (iii) mishandled
exceptions, and (iv) reentrancy vulnerability’’. Figure 2 presents the different
vulnerabilities present in smart contracts as well as detailed causes of these
vulnerabilities. Atzei et al. proposed a taxonomy of vulnerability and
categorized the different types of vulnerabilities into levels that represent the
8
 vulnerabilities: solidity, Ethereum Virtual Machine (EVM), and blockchain.
The vulnerability causes contract issues with codifying, security, privacy, and
system performance, including blockchain scalability [6].

Figure 2 Smart Contract Vulnerabilities

4. THE FUNDAMENTALS OF BLOCK-CHAIN

A blockchain is distributed and replicable by nature. It uses the consensus of

participants and the latest achievements in cryptography. As a result, blockchain-
based solutions are more resistant to cyberattacks than non-blockchain systems.

9
 Figure 3 Block chain Fundamentals

• Confidentiality — The blockchain provides extensive capabilities for

ensuring a user’s anonymity. User keys are the only link between a user and
their data. However, these keys are also easy to anonymize. Some networks
also use non-interactive zero-knowledge proofs (zk-SNARK, zk-STARK,
and so on) to maximize users’ confidentiality. As a result, while being open
and offering rich opportunities for transaction tracking, a blockchain allows
users to maintain an unprecedented level of anonymity .

• Data integrity — Blockchains are designed as ledgers where every block is

linked to nearby blocks using cryptographic hash functions. Therefore, once
a transaction is recorded on the blockchain, it can’t be altered or deleted. Any
changes made to the already recorded data are processed as new transactions.

• Availability — Having a large number of nodes ensures blockchain resilience

even when some nodes are unavailable. And as each node in the network has
a copy of the distributed ledger, the correct blockchain remains accessible to
other peers even in the case of a compromised node.

10
Aiming to add all these characteristics to their software products, organizations turn
their attention to blockchain-based solutions. However, the technological
complexity of blockchain technology raises some concerns regarding its
implementation and sustainability. In the next section, we overview the key benefits
and drawbacks of using blockchain technology for cybersecurity [7].

5. BLOCK-CHAIN USE CASES FOR CYBERSECURITY

Although not unbreakable, blockchain has evolved to become one of the most
foolproof forms of transacting in the digital network realm. As designed and
intended, the technology has been credited for its information integrity assurance. If
well-utilised, many sectors can benefit from it.
With the potential of being practical to many utilisations, blockchain can be
implemented into many uses. One of the best uses would be utilising its integrity
assurance for building cybersecurity solutions for many other technologies. Below
are some use cases of future beneficial use of blockchain to strengthen cybersecurity
[8]:

❖ Securing Private Messaging: With the internet shrinking the world into a
global village, more and more people are joining social media. The number of
social media platforms is also on the rise. More social apps are being launched
with each dawn as conversational commerce gains popularity. Huge amounts
of metadata are collected during these interactions. Most social media
platform users protect the services and their data with weak, unreliable
passwords.
Most messaging companies are warming up to blockchain for securing user
data as a superior option to the end-to-end encryption which they currently
use. Blockchain can be used to create a standard security protocol. For

11
 enabling cross-messenger communication capabilities, blockchain can be
used to form a unified API framework. In the recent past, numerous attacks
have been executed against social platforms like Twitter and Facebook. These
attacks resulted in data breaches with millions of accounts being breached and
user information landing into the wrong hands. Blockchain technologies, if
well implemented in these messaging systems, may prevent such future
cyberattacks.
❖ IoT Security: Hackers have increasingly used edge devices, such as
thermostats and routers, to gain access to overall systems. With the current
obsession for Artificial Intelligence (AI), it has become easier for hackers to
access overall systems like home automation through edge devices like 'smart'
switches. In most cases, a large number of these IoT devices have sketchy
security features.
In this case, blockchain can be used to secure such overall systems or devices
by decentralising their administration. The approach will give the capabilities
of the device to make security decisions on their own. Not depending on the
central admin or authority makes the edge devices more secure by detecting
and acting on suspicious commands from unknown networks.
Normally, hackers penetrate the central administration of a device and
automatically gain full control of the devices and systems. By decentralising
such device authority systems, blockchain ensures such attacks are harder to
execute (if even possible).
❖ Securing DNS and DDoS: A Distributed Denial of Service (DDoS) attack
occurs when users of a target resource, such as a network resource, server, or
website, are denied access or service to the target resource. These attacks shut
down or slow down the resource systems.
On the other hand, an intact Domain Name System (DNS) is very centralised,
12
 making it a perfect target for hackers who infiltrate the connection between
the IP address and the name of a website. This attack renders a website
inaccessible, cashable, and even redirectable to other scam websites.

Fortunately, blockchain can be used to diminish such kinds of attacks by

decentralising the DNS entries. By applying decentralised solutions,
blockchain would have removed the vulnerable single points exploited by
hackers.
❖ Decentralising Medium Storage: Business data hacks and theft are
becoming a primary evident cause of concern to organisations. Most
companies still use the centralised form of the storage medium. To access the
entire data stored in these systems, a hacker simply exploits but a single
vulnerable point. Such an attack leaves sensitive and confidential data, such
as business financial records, in the possession of a criminal [9].

By using blockchain, sensitive data may be protected by ensuring a

decentralised form of data storage. This mitigation method would make it
harder and even impossible for hackers to penetrate data storage systems.
Many storage service companies are assessing ways blockchain can protect
data from hackers. Apollo Currency Team is a good example of an
organisation that has already embraced the blockchain technology in their
systems (The Apollo Data Cloud).
❖ The Provenance of Computer Software: Blockchain can be used to ensure
the integrity of software downloads to prevent foreign intrusion. Just as the
MD5 hashes are utilised, blockchain can be applied to verify activities, such
as firmware updates, installers, and patches, to prevent the entry of malicious
software in computers. In the MD5 scenario, new software identity is
13
 compared to hashes available on the vendor websites. This method is not
completely foolproof as the hashes available on the provider’s platform may
already be compromised.
However, in the case of blockchain technology, the hashes are permanently
recorded in the blockchain. The information recorded in the technology is not
mutable or changeable; hence blockchain may be more efficient in verifying
the integrity of software by comparing it to the hashes against the ones on the
blockchain.
❖ Verification of Cyber-Physical Infrastructures: Data tampering, systems
misconfiguration together with component failure have marred the integrity
of information generated from cyber-physical systems. However, the
capabilities of blockchain technology in information integrity and verification
may be utilised to authenticate the status of any cyber-physical infrastructures.
Information generated on the infrastructure’s components through blockchain
can be more assuring to the complete chain of custody.
❖ Protecting Data Transmission: Blockchain can be used in the future to prevent
unauthorized access to data while in transit. By utilising the complete encryption
feature of the technology, data transmission can be secured to prevent malicious
actors from accessing it, be it an individual or an organisation. This approach
would lead to a general increase in the confidence and integrity of data
transmitted through blockchain. Hackers with malicious intent tap into data amid
transit to either alter it or completely delete its existence. This leaves a huge gap
in inefficient communication channels, such as emails.
❖ Diminish Human Safety Adversity caused by
Cyber-attacks: Thanks to innovative technological advancements, we have
recently seen the roll-out of unmanned military equipment and public
transportation. These automated vehicles and weapons are possible thanks to the
14
 Internet that facilitates the transfer of data from the sensors to the remote-control
databases. However, hackers have been on the job to break and gain access to
networks, such as Car Area Network (CAN). When tapped into, these networks
offer complete control access to vital automotive functions to the hackers. Such
occurrences would have a direct impact on the safety of humans. But through
data verification conducted on blockchain for any data that goes in and through
such systems, many adversities would be prevented.

6. USING THE BLOCK CHAIN FOR CYBERSECURITY: PROS AND CONS

Figure 4 Block-chain dor cybersecurity cons

Scalability challenges — Blockchain networks have different limits, such as to the

block volume and number of transactions processed per second. Therefore, you need
to check the scalability of a blockchain platform you want to use as the basis for
your solution. For Bitcoin, these limits are currently 1 MB of data and up to 7
transactions per second (TPS). On the Ethereum network, block generation is limited
to 7 to 15 TPS. Other networks, however, claim to have a much higher transaction
capacity. For instance, Ontology claims to reach 4,000 to 12,000 TPS, depending on
the environment, while the Futurepia network measures up to 300,000 TPS in
laboratory testing [9].

15
Reliance on private keys — Blockchains rely on the use of private keys: long
sequences of random numbers automatically generated by a wallet. Private keys are
used for interacting with the blockchain and, in contrast to user passwords, can’t be
restored. If a user loses their private key, all data encrypted with it will most likely
be impossible to recover.

Adaptability challenges — Though blockchain technology can be applied to almost

any business, companies may face difficulties integrating it. It’s quite challenging to
employ this technology in supply chain systems, for instance, as it may take much
time to re-implement the supply chain logic using a blockchain. Blockchain
applications can also require complete replacement of existing systems, so
companies should consider this before implementing blockchain technology.

Risk of cyberattacks — Blockchain technology greatly reduces the risk of

malicious intervention, but it’s still not a panacea to all cyber threats. The blockchain
also has its weak spots, such as node communication (the eclipse attack), consensus
mechanisms (51% attack), and code vulnerabilities. If attackers manage to exploit
any of these vulnerabilities, it may risk the security of the entire system.

High operation and customization costs — A blockchain requires substantial

computing power and storage capacity. This may lead to higher marginal costs in
comparison with existing non-blockchain systems.

Blockchain literacy — Despite the increasing popularity of blockchain solutions,

there are still not enough qualified blockchain developers and cryptography experts.
Blockchain development requires a large set of skills and rich knowledge of different
technologies, programming languages, and tools.

16
Lack of governance — The operation and use of blockchain technology in general
and distributed ledgers in particular isn’t well regulated globally. Many countries,
including Malta and the US, already have or are working on cryptocurrency
regulations. Several states in the US have also established frameworks regulating the
legal and business use of blockchains and smart contracts.These are the main
blockchain drawbacks you need to take into account when deciding to implement
this technology to improve your product’s cybersecurity. However, the final scope
of possible disadvantages will change depending on the industry you operate in and
additional tasks you want to solve with the help of the blockchain. let’s take a closer
look at the key advantages of using a blockchain for cybersecurity [11]:

Figure 5 Block-chain in cybersecurity pros

Secure data storage and processing — Blockchain records are immutable and any
change recorded on the blockchain is transparent and non-removable. Therefore,
data stored on a blockchain is protected better than traditional digital or paper-based
records. Safe data transfers — The blockchain enables fast and secure transactions
of data and finances. Features like smart contracts allow for automatic execution of
agreements between several parties.

No single point of failure — Permissionless blockchain systems are decentralized

and, therefore, more resilient than traditional systems. The compromise of a single
node won’t affect the operation or security of the whole blockchain. This means that

17
even in the case of DDoS attacks, the system will operate as normal thanks to
multiple copies of the ledger. Private blockchains, however, can’t offer you this
advantage.

Data transparency and traceability — All transactions on blockchains are

digitally signed and time-stamped, so network users can easily trace the history of
transactions and track accounts at any historical moment. This feature also allows a
company to have valid information about assets or product distribution.

User confidentiality — The confidentiality of blockchain network participants is

high due to the public key cryptography that authenticates users. However, some
blockchain-based startups go a step further and improve this technology. For
instance, Guardtime developed a Keyless Signature Infrastructure (KSI) that allows
users to verify their signature validity without disclosing keys.

Increased customer trust — A blockchain offers data privacy and transparency

that can help businesses gain customers’ trust. Furthermore, in many of today’s
blockchain networks, data owners can be granted full control over their personal data
and decide who can access it and when.

18
1 REFERENCES

[1] B. Sambana, "Blockchain Approach to Cyber Security Vulnerabilities Attacks and Potential
Countermeasures," International Journal of Security and its Applications , vol. 10, no. 01, pp. 1-6,
2020.

[2] M. S. Maleh Yassine, Blockchain for Cybersecurity and Privacy: Architectures, Challenges, and
Applications, CRC Press, 2020.

[3] H. M. 2. Sidi Boubacar ElMamy 1, "A Survey on the Usage of Blockchain Technology for,"
Sustainability, 4 11 2020.

[4] N. M. S. P. M. E. K. a. G. D. Deepak Puthal, "Everything You Wanted to Know About the Blockchain:
Its Promise, Components, Processes, and Problems," EEE Consumer Electronics Magazine, 2018.

[5] Y.-y. F. Bin Liu, "Research on Optimization of Block chain Security Testing," in IEEE International
Conference on Smart Cloud (SmartCloud), 2020 .

[6] A. Mense, "Security Vulnerabilities in Ethereum Smart Contracts," in he 20th International

Conference, 2018.

[7] H. Sinha, "Linked in," Pros & Cons for Trending Usage in Blockchain Technology in Cybersecurity,
02 06 2021. [Online]. Available: https://www.linkedin.com/pulse/pros-cons-trending-usage-
blockchain-technology-harsh-sinha. [Accessed 23 06 2021].

[8] "Cyber managment allince," 04 12 2021. [Online]. Available: https://www.cm-

alliance.com/cybersecurity-blog/the-future-use-cases-of-blockchain-for-cybersecurity. [Accessed
23 06 2021].

[9] D. Drinkwater, "CSO," 12 09 2020. [Online]. Available:

https://www.csoonline.com/article/3252213/6-use-cases-for-blockchain-in-security.html.
[Accessed 23 06 2021].

19
 [10] K. Gagandeep, "Scalability in Blockchain: Challenges and Solutions," in Handbook of Research on
Blockchain Technology, Acadmic Press, 2020, pp. Pages 373-406.

[11] A. Bhattarai, "Blockchain in Cybersecurity, Pros, and Cons," 09 05 2019.

20

View publication stats