Page 34 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 34
Vulnerability: • Require more confirmations before accepting a
The ability to deceive a node into accepting an alter- transaction.
nate block chain. • Using delayed timestamp validation.
208
As transaction blocks are added to the blockchain,
the odds increase that a longer chain of transaction
blocks does not exist which would invalidate the 8�4 DLT Availability
transaction and create an assurance of finality. As
209
the blockchain is not centralized, all transactions are 8.4.1 Issue: Interoperability between DLTs
typically ‘irreversible’ and the victim will likely have
no recourse. Dimensions Affected: Network, Consensus, Data
Model
Risks: Despite a decentralized and often chaotic develop-
Confirmed Transactions� Attacks on transaction ment process in DLTs, there have been some remark-
verification mechanisms can be more common on able improvements in reliability, adaptability, secu-
POW networks, such as Bitcoin. They primarily target rity, scalability and speed of DLTs from technology
merchants who wait short periods of time (such as generation to generation. Ethereum, launched in
accepting ‘instant payments’) before sending the 2014, is the most popular of the public DLTs, using
payor assets in exchange for the payment and/or its native programmatic component called ERC-20
accept ‘unconfirmed’ or one/low confirmation trans- to launch a number of innovative dApps. So-called
actions. Transactions are bundled into a block to smart contracts represent the business end of DLTs
210
be added to the blockchain periodically (every 8-10 dApps, automating manual process in what the
minutes with Bitcoin.) Newer blocks added to the maximalists understand to be ‘code as law.’
blockchain are at greater risk of being reversed by the The caveat though is that these parallel develop-
presence of a longer confirmed chain on the network. ments have resulted in the balkanization of the ‘Layer
Additional risk occurs with merchants such as cryp- 1’ enabling technologies and platforms, including in
to-currency exchanges, whose deposit of coins sent many cases that the dApps and payment tokens can
to the attacker’s wallet would be an irreversible trans- only be used on one type of DLT. Each DLT class then
action risk on the blockchain. This could significantly is an island of excellence. This trend is likely to contin-
increase the chances of a successful double-spend, ue for a number of years until, at least, some measure
drain a node's computational resources, or simply of reliable and secure interoperability between DLTs is
slow down the transaction confirmation rate. 211 ensured through, as yet, mainstream innovation. This
lack of interoperability and standardization introduc-
Mitigation and Recommendations: es elements of inconsistency in use, which may affect
In certain instances - especially pertaining to block- the longevity of storing data on a DLT, with resultant
chains using POW - double-spending attacks can security, privacy and compliance implications.
be mitigated by waiting longer periods of time to
confirm a larger number of block confirmations. Risks:
While this may increase transaction latency and Although good and important work is being done
finality it will add a significant additional measure of by the various DLT consortia, this may yet lead to
security providing sufficient time to identify a previ- silo’ed – and incompatible – blockchain initiatives.
213
ous spend. Operators of a DL should continue to So-called ‘forking’ of existing DLTs may also intro-
diversify network to make it difficult for the attacker duce fragmentation and slow down transaction
to find division points. processing speeds. Interoperability required to
214
215
For timejacking, several solutions are recommend- connect these silos may introduce security and effi-
ed to mitigate such an occurrence, currently consid- ciency risks to the respective blockchain operations
ered to be a minor attack and capable of mitigation. number of initiatives to enhance interoperability
212
For Bitcoin and other POW DLTs, these include: between DLTs to facilitate secure communication
between separate and independent chains.
216
• Using the node's system time instead of the net-
work time to determine the upper limit of block Mitigation & Recommendation:
timestamps and when creating blocks. Although the various DLT initiatives may address
• Tightening the acceptable time ranges. different market sectors and thus require nuanced
• Use only trusted peers. design and implementation, some level of consis-
32 Security Aspects of Distributed Ledger Technologies
