Page 37 - FIGI: Security Aspects of Distributed Ledger Technologies
P. 37
Box 2:
Network Security - World Food Program Building Blocks
World Food Program: WFP’s Building Blocks project (WFP, 2018; see also Gerard, 2017; GSMA, 2017:
24–26; Juskalian, 2018) uses blockchain technology to make its voucher-based cash transfers more
efficient, transparent and secure, with the aim of improving collaboration across the humanitarian
system. The Building Blocks project began with a small proof of concept in Pakistan, followed by a
larger pilot in Jordan. WFP claims savings of approximately USD 40,000 per month, equivalent to 98%
of their previous spending, in reduced financial transaction fees associated with purely digital wallets
for beneficiaries.
Security Aspects: To ensure security of the blockchain, there are only 2 nodes used. The solutions
relies on the biometric ID solutions managed by UNHCR and its technical partners. WFP does not
have access to the personally-identifiable information of recipients, but only to its ‘hashed’ version – an
anonymised record that is used only to validate the transaction at point of sale (POS)
real-time gross settlement system (RTGS) – then this 8.5.2 Issue: Trust of Custodial and Safekeeping
breach would in effect be compromising all banks’ Services
databases simultaneously. Risk for loss of funds Safekeeping and record-keeping of ownership of
where credentials are controlled by a single entity securities and rights attached to securities (and law
was demonstrated in the recent compromise of the of negotiable instruments) is a critical component of
credentials used in the transfer of funds through the any functioning economy. It not only proves owner-
(non-DLT, for now) SWIFT network from the Federal ship of assets, but also determines the negotiability
Reserve Bank of New York to the central bank of of any instrument and their use as collateral for cred-
239
Bangladesh, Bangladesh Bank. it or for securing, for example, counterparty risk. In
240
many jurisdictions, assets to be traded, held as collat-
Risks: eral or as proof of ownership are held by authorized
Unauthorized Access to Funds: If a bad actor gains entities such as custodian banks, registrars, notaries,
access to a comprehensive banking blockchain depositaries or CSDs. These are variously known as
that itself accesses all or of part of a core banking custodial and safekeepers who hold them on behalf
network blockchain - or a real-time gross settlement of others to minimize the risk of their theft or loss.
system (RTGS) – then this breach would in effect be A ‘custodian’ holds securities and other assets in
compromising all banks’ databases simultaneously. 241 (usually) unencrypted electronic or physical form.
243
Crypto-assets are, in effect, native digital bearer
Mitigation and Recommendation: instruments. The DNA of the crypto-economy is that
To circumvent or mitigate this type of risk, private key assets are held on tokens that are only accessible
management functions or biometric linked private through the use of a private digital key available to
keys have been suggested.
Figure 7: Hot, cold and Online wallets for storing crypto tokens
These are all largely insecure, with many online wallets held at exchanges having been compromised and value stolen.
Security Aspects: Many of these exchanges are honeypots for hackers, and huge amounts of value belonging to customers
have been stolen through theft of keys stored by these exchanges on behalf of the owners of crypto-tokens.
Security Aspects of Distributed Ledger Technologies 35
