![Page 1: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/1.jpg)
© 2018 RSA Conference. All rights reserved.
Blockchain Security improvement or security nightmare?
Dave Huseby, Security Maven, Hyperledger, The Linux Foundation
Marta Piekarska, Director of Ecosystem, Hyperledge r, The Linux Foundation
![Page 2: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/2.jpg)
© 2018 RSA Conference. All rights reserved.
Marta PiekarskaDirectory of Ecosystem, Hyperledger, The Linux Foundation
PhD in User Informed Design of Privacy Tools
10 years of experience in technology companies, including Apple, Yahoo & Deutsche Telekom
4 years in Blockchain: Blockstream & Hyperledger
![Page 3: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/3.jpg)
© 2018 RSA Conference. All rights reserved.
Dave HusebySecurity Maven, Hyperledger, The Linux Foundation
Security Maven
Open source developer for 25 years
Focused on software security and engineering best practices for the last decade
![Page 4: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/4.jpg)
© 2018 RSA Conference. All rights reserved.
The first long-distance trade occurred between Mesopotamia and indusvalley in pakistan ~3000 b.C
We have been exchanging goods for years.
![Page 5: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/5.jpg)
© 2018 RSA Conference. All rights reserved.
How Do You Agree on Assets Balance?
How to track the value of exchanged goods?
![Page 6: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/6.jpg)
© 2018 RSA Conference. All rights reserved.
Traditional Ledgers
![Page 7: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/7.jpg)
© 2018 RSA Conference. All rights reserved.
In the digital world there are many copies that may contain different versions. The challenge: which do you trust as a single source of truth?
Digital World
![Page 8: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/8.jpg)
© 2018 RSA Conference. All rights reserved.
Internet Connected Reality
![Page 9: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/9.jpg)
© 2018 RSA Conference. All rights reserved.
Now we can keep our ledgers in sync—provided we can agree
Potential of Peer to Peer Network
![Page 10: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/10.jpg)
© 2018 RSA Conference. All rights reserved.
The roots of Bitcoin are located in the so called “Cypherpunks” movement a group of technical-skilled activists, who campaigned for protection of privacy and anonymity in the Cyberspace from the beginning of 1990s onwards.
Members of the Cypherpunks were activists like Hal Finney, Nick Szabo, David Chaum, Wei Dai, Phil Zimmermann, Julian Assange and Satoshi Nakamoto, who later developed the Bitcoin.
Blockchain is really old
![Page 11: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/11.jpg)
© 2018 RSA Conference. All rights reserved.
Myth Debunked: Blockchain ≠ Cryptocurrency
![Page 12: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/12.jpg)
© 2018 RSA Conference. All rights reserved.
Cryptocurrency is an application that sits on top of blockchain.
Not the other way around.
![Page 13: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/13.jpg)
© 2018 RSA Conference. All rights reserved.
An append-only systemof record or log of transactions that is multiplied in a number of places
but kept in synch
What is a DLT?
![Page 14: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/14.jpg)
© 2018 RSA Conference. All rights reserved.
• Everyone shares the ledger• No one participant owns it, but all agree• Leverages cryptography and consensus mechanism
technology• No single entity maintains it, the whole network
validates, maintains, and keeps a copy of the database
Properties of Distributed ledgers
![Page 15: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/15.jpg)
© 2018 RSA Conference. All rights reserved.
Block Hash
Prev Hash
Merkel Root
Tx
Tx
Tx
Tx
Block Hash
Prev Hash
Merkel Root
Tx
Tx
Tx
Tx
Block Hash
Prev Hash
Merkel Root
Tx
Tx
Tx
Tx
Block Hash
Prev Hash
Merkel Root
Tx
Tx
Tx
Tx
Block Hash
Prev Hash
Merkel Root
Tx
Tx
Tx
Tx
TIME
It’s ”just” a Chain of Blocks
![Page 16: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/16.jpg)
© 2018 RSA Conference. All rights reserved.
Network nodes both generate their own data and verify data
generated by others
Contain historic record of verified transactions and
easily auditable
Distributed Consensus eliminates costly and inefficient
reconciliation processes
No central repository –each node stores identical copies
of the ledger
Resilient due to network power and cryptographic
integrity
Large economicdisincentive for malicious actors
Facets of distributed, shared ledgers
![Page 17: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/17.jpg)
© 2018 RSA Conference. All rights reserved.
The code or any complex program stored and executed on a blockchain.
There is more! What is a Smart Contract?
![Page 18: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/18.jpg)
© 2018 RSA Conference. All rights reserved.
• Facilitate, verify, or enforce the negotiation or performance of a contract autonomously
• “If, then” statements or when “X happens, then automatically record or execute Y”
• Reinvent how business processes take place• Automate manual or bespoke processes
What is a Smart Contract?
![Page 19: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/19.jpg)
© 2018 RSA Conference. All rights reserved.
All over the global market there are ledgers that organizations and
individuals alike must trust.
![Page 20: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/20.jpg)
© 2018 RSA Conference. All rights reserved.
The Need for Trust The 2018 Edelman Trust Barometer, an annual survey of 33k people in 28 countries, reveals that the trust in key institutions continues to decline. For blockchain,
2018 needs to be the year of scale done well.
![Page 21: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/21.jpg)
© 2018 RSA Conference. All rights reserved.
By 2025, 10% of global GDP will be assets tracked and traded using blockchain-based distributed ledgers
Report by WEF 2017
Everyone wants their own DLT
![Page 22: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/22.jpg)
© 2018 RSA Conference. All rights reserved.
ConsensusPoW, PoS, POET, RaFT,
BFT, PBFT
Crypto/SecurityPKI, HASH, SHA-256,
zk-SNARK, HE, ECC, EXDSA, SGX
Ledger ConceptsMining, Blocks,
Forks, Parents, Uncles, Merkle Trees
Platform ConceptsNodes, Oracles,
Notaries, Wallet, Smart Contracts
Google These Words
![Page 23: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/23.jpg)
© 2018 RSA Conference. All rights reserved.
No matter what technologySecurity should always be in the
center of your attention
![Page 24: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/24.jpg)
© 2018 RSA Conference. All rights reserved.
• Pushing security to the edges makes wallets and the private keys they store into high value targets.
Moving from Old to New
![Page 25: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/25.jpg)
© 2018 RSA Conference. All rights reserved.
• Graveyard contains analysis of 51 publicly available attacks
Have you heard about Bitcoin Graveyard?
![Page 26: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/26.jpg)
© 2018 RSA Conference. All rights reserved.
API’s with minimal foot-guns.
“ Conversational” wallet interfaces.
Curated crypto library
Documentation, training, and support.
Misuse Resistant Design is Key
![Page 27: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/27.jpg)
© 2018 RSA Conference. All rights reserved.
Hyperledger Crypto Libraryhttps://github.com/hyperledger-labs/crypto-lib
Curated by the community.Minimizes foot-guns.
Supports regulated configurations.Can also use experimental algorithms.
![Page 28: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/28.jpg)
© 2018 RSA Conference. All rights reserved.
Lots of Moving pieces…
Clients
Peers
Consensus Network
Distributed Ledger Organization
![Page 29: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/29.jpg)
© 2018 RSA Conference. All rights reserved.
Clients
Peers
Consensus Network
Front End Middleware Back End
Distributed Ledger Organization
Lots of moving pieces...but no more complicated than the modern web.
![Page 30: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/30.jpg)
© 2018 RSA Conference. All rights reserved.
What do we know?Basic security matters.
Users may not be ready for this.
The same techniques apply as in the old world.
Don’t panic.
![Page 31: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/31.jpg)
© 2018 RSA Conference. All rights reserved.
Blockchain promises to change the way business is conducted and transactions are executed across industries. Precisely how, and the pace at which,
each of these industries adopts blockchain will surely vary.
There will never be one global chain-of-all chains that all industries convert to.
![Page 32: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/32.jpg)
© 2018 RSA Conference. All rights reserved.
Permissionless Public Permissionless Private Permissioned Public Permissioned Private
Public Polls Land tit les, University degrees
Medical recordsBitcoin, Ethereum
Spectrum of BlockchainsPermissioned vs. Permissionless: Who can write to a Blockchain (i.e., accessibility)Public vs. Private: Who can read from a Blockchain (i.e., visibility)
![Page 33: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/33.jpg)
© 2018 RSA Conference. All rights reserved.
Logistics, Insurance,Governments
Healthcare , Supply Chain
Fintech
Blockchain Industries Curve
Diffusion of Innovations Curve, by Everett Rogers
![Page 34: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/34.jpg)
© 2018 RSA Conference. All rights reserved.
Not all problems can be solved with Blockchain
![Page 35: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/35.jpg)
© 2018 RSA Conference. All rights reserved.
This technology is young. It is still early days.
![Page 36: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/36.jpg)
© 2018 RSA Conference. All rights reserved.
When Frenemies try to be FriendsEnterprises are not designed to collaborate
How do you protect IP?
Can Open Source help?
Why join Blockchain consortia?
Which technology to choose?
![Page 37: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/37.jpg)
© 2018 RSA Conference. All rights reserved.
The importance of being EarnestResponsible disclosure in decentralized and anonymous environment?
It is still a Network! DDoS is a Dirty Drag.
Smart Contracts are only as smart as their authors.
We already know most of it, just need to be more cautious
![Page 38: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/38.jpg)
© 2018 RSA Conference. All rights reserved.
Exemplary Deployment: Claims Transparency
![Page 39: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/39.jpg)
© 2018 RSA Conference. All rights reserved.
Exemplary Deployment: Secure Supply Chain
![Page 40: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/40.jpg)
© 2018 RSA Conference. All rights reserved.
Exemplary Deployment: Posture Validation
![Page 41: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/41.jpg)
© 2018 RSA Conference. All rights reserved.
What’s Left to be done?
![Page 42: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/42.jpg)
© 2018 RSA Conference. All rights reserved.
Report a Security Bug
We Have a Bug Bounty—
Use It!hackerone.com/hyperledger
Join a Working Group
wiki.hyperledger.org
Watch the Webinar Replay:
Get Involved!hyperledger.org/webinars/
get-involved
You too can help--the easy stuff.
![Page 43: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/43.jpg)
© 2018 RSA Conference. All rights reserved.
Tineolahttps://github.com/tineola/tineola
A red-team tool for testing Hyperledger Fabric.
You too can help--the hard stuff.
![Page 44: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/44.jpg)
© 2018 RSA Conference. All rights reserved.
Questions?
Marta PiekarskaDirector of Ecosystem, [email protected] HusebySecurity Maven, [email protected]
![Page 45: Blockchain Security improvement or - RSA Conference · 2019-07-26 · Blockchain promises to change the way business is conducted and transactions are executed across industries](https://reader033.vdocuments.us/reader033/viewer/2022042305/5ed07fd83bf672044829d30f/html5/thumbnails/45.jpg)
© 2018 RSA Conference. All rights reserved.
Massive online open-souce course
“ Blockchain for Business”
Publicationshyperledger.org/resources
Comparison of Hyperledger Frameworks
Collection of inte restinguse cases for Blockchain
technologies
On Bitcoinbitcoin.org/en/faq
Just subscribe MIT chainletter
Recommended Reading