Page 35 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 35
tency between at least similar implementations is 8.4.3 Issue: Monopolistic Possibilities in DLT Use
desirable to avoid unnecessary fragmentation that
would delay the emergence of industry ‘standards’ Dimensions Affected: Network, Consensus, Data
for a sector. Model, Execution, Application, External
While the DLT ecosystem is still nascent, consider-
8.4.2 Issue: Denial of Service ations of risks to fair competition still arise. This may
manifest as inability for others to participate in the
Dimensions Affected: Network, Consensus, DL or allowing interoperability with other DLs; inabil-
External ity to access encryption key or access to technolo-
gies based on enforcement of patents in a relatively
Specific Threat: Distributed Denial of Service new market. These barriers may arise by technology
(DDoS) design or because of market development. 226
DDoS attacks represent an effort to disrupt the Consortium, permissioned DLTs may be prone to
operation of a target system through the consump- inherent competition-related concerns. Simply, they
tion of its resources with an overwhelming number amount to a closed group, with in most cases high
of requests to be processed. In order to maximize qualification barriers. In developing these plat-
227
impact as well as avoiding detection, networks forms, there will invariably need be collaborative
of ‘zombie’ computers controlled by an attacker efforts necessary to implement the chosen DLT to the
(also known as ‘botnets’) may be used. From 2014- particular use case within a vertical. Internal gover-
2015, dozens of attacks were reported, currency nance may ameliorate or exacerbate these concerns,
217
exchanges and mining pools were primary targets on especially if there are governing bodies made of up of
the Bitcoin network, with over 60% of large Bitcoin members who have the power to include or exclude
218
mining pools suffering DDoS attacks versus only 17% members. Cross-border jurisdictional issues may
228
for smaller pools. complicate enforcement by market integrity regula-
219
tors, if they can found jurisdiction over DLTs.
Vulnerability:
While DDoS attacks are more difficult to accom- Risks:
plish on a decentralized, distributed network, DDoS Lack of practical on-chain interoperability between
remains a very popular method of attack on cryp- DLT raises competition concerns, with balkanization
to-currency networks. They are more impactful when of DLTs and with exclusion from technologies and
focused on a greater concentration of miners (and data possible across vertical asset classes. Similarly,
validators), such as the Bitcoin network where sever- mining pools undertaking POW could monopolize
al large mining pools operate. some DLTs or change the underlying protocols.
220
Risks: Mitigation & Recommendations:
An attack on a sizeable mining pool can substan- Market conduct regulators would have to consid-
tially disrupt mining activity and even early detec- er whether there is a dominance of a DLT within a
221
tion and preventative measures can still result be of particular market activity. However, with the rapid
significant negative impact. Attacks on a network evolution of DLs, competition law and regulators
222
(or competing mining pool) may also be placed to may struggle to define these markets, a determina-
cause actors to unnecessarily consume resources, be tion that may also be complicated by cross-jurisdic-
it disrupting a network by occupying nodes with a tional issues.
flurry of fake or invalid requests or other activities
which may burn Gas and cost money to place blocks 8.4.4 Issue: Reliance on and Trust in DLT Nodes
in a state they were in before the DDoS attack. Despite the use of strong cryptography, DLTs are not
necessarily a panacea for security concerns people
Mitigation and Recommendations: may have. Indeed, there is a trade-off between
229
While the Bitcoin client has DDoS prevention meth- replacing costly – and often risky - intermediar-
ods, they are not bulletproof and mining pools and ies with cryptographic key-only access distribut-
223
exchanges typically obtain specialized DDoS mitiga- ed across nodes. For example, for permissioned
230
tion and prevention services, such as those provid- ledgers replacing centralized intermediaries, the
ed by Incapsula or Cloudflare as well as Amazon cost-benefit in using DLTs is somewhat ameliorat-
224
225
Cloud Services. ed by the need to trust permissioned authors rather
Security Aspects of Distributed Ledger Technologies 33
