Page 13 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 13

Security Aspects of Distributed



                                                               Ledger Technologies










            3  INTRODUCTION     1


            3�1   Overview nature of the risks and vulnerabilities  consensus - by a specific number of nodes will new
            Distributed ledger technology (DLT) is a new type of   data be added to a DLT system.
            secure database or ledger that is replicated across   But while there are ground-breaking new technol-
            multiple sites, countries, or institutions with no   ogies such as smart contracts associated with DLTs,
            centralized controller. In essence, this is a new way   they have in many cases ported security issues from
            of keeping track, securely and reliably, of who owns a   the  ‘centralized’ non-DLT world, as well  as  created
            financial, physical, or digital asset. The most popular   new sets of vulnerabilities particular to the compo-
            incarnation of DLT is called a blockchain, of which a   nents of DLT-based ecosystems. In many cases the
            number of varieties have been developed.           vulnerabilities are caused by simple coding errors
               The emergence of DLTs and various types of dis-  and exploitation thereof by bad actors. While we
            tributed ledgers (DLs) has led to a wellspring of   enumerate a number of security-related risks and
            development of ostensibly decentralized ecosystems   vulnerabilities, standard risk considerations apply.
            using protocols such as blockchain. The idea is that   These  include  strategic;  reputational;  operational,
            the system is ‘trustless,’ pivoting around the concept   business continuity; information security; regulatory;
            of a consensus mechanism provided by distributed   information technology; contractual; and supplier.
            ‘nodes’ that replaces the need to have a trusted cen-  This report canvasses broadly the security aspects
            tral party controlling data and its use. Trust is placed   of and threats to DLTs and its variants, alongside the
            in these ‘nodes’ on a decentralized bases, who must   risks, and vulnerabilities. Some of the vulnerabilities
            give consent for data to be placed on a ledger. Data   canvassed include entities and individuals who con-
            is placed on a DL by ‘miners’ or their equivalent. The   nect to the network, which includes consumers and
            algorithmic consensus process that facilitates this is   merchants; miners, validators, forgers, minters who
            the (new) trust agent.                             process and confirm – ‘mine’- transactions on the a
               DLTs are theoretically secured via cryptograph-  DL network; and sets of rules governing the opera-
            ic keys that allow access to adding and/or viewing   tion of the network, its participants and which blocks
            data on a DL indicate whether data has been tamped   are added to the chain.
            with, and through the use of a range of ‘consensus   Clearly then - as with the emergence of the com-
            protocols’ by which the nodes in the network agree   mercial internet in the 1990s – there are still a num-
            on a shared history. Only if there is agreement – a   ber of ‘teething problems, but notably great resourc-



                                                                   Security Aspects of Distributed Ledger Technologies  11
   8   9   10   11   12   13   14   15   16   17   18