A Survey of Blockchain Security Issues and
Blockchain technologies is one of the most popular issue in recent years, it has already changed people’s lifestyle in
some area due to its great influence on many business or industry, and what it can do will still continue causeimpact in many places. Although the feature of blockchain technologies may bring us more reliable and convenient services, the security issues and challenges behind this innovative technique is also an important topic that we need to concern. Keywords: Blockchain; Smart Contracts; Security
Bitcoin is the first application of blockchain, it’s a kind of
digital currency based on blockchain technologies, using
for trade things on the internet like money as we do in
the real world. Because the success of Bitcoin, people now
can utilize blockchain technologies in many field and service, such as financial market, IOT, supply chain, voting,
medical treatment and storage.
But as we use these tools or services in our daily life,
cybercriminals also get opportunity to engage in cybercrime [16, 18]. For example, 51% attacks is a classic security issue in Bitcoin that hacker try to take control the
system’s mechanism, using the same technology base.
In this paper, we will have a quick study about what
is blockchain in Section 2, then we’ll discuss different application in blockchain and what service do they offer in
Section 3, at the end, we shall talk about the security
issues and those challenges we need to overcome in Section 4. The paper is concluded in Section 5.
2 The Concept of Blockchain
Blockchain technologies is not just only single one technique, but contains Cryptography, mathematics, Algorithm and economic model, combining peer-to-peer networks and using distributed consensus algorithm to solve traditional distributed database synchronize problem, it’s an integrated multi- field infrastructure construction
The blockchain technologies composed of six key elements. Decentralized. The basic feature of blockchain, means
that blockchain doesn’t have to rely on centralized node anymore, the data can be record, store and update distributedly. Transparent. The data’s record by blockchain system is transparent to each node, it also transparent on update the data, that is why blockchain can be trusted. Open Source. Most blockchain system is open to everyone, record can be check publicly and people can also use blockchain technologies to create any application
they want. Autonomy. Because of the base of consensus, every node on the blockchain system can transfer or update data safely, the idea is to trust form single person to the whole system, and no one can intervene it. Immutable. Any records will be reserved forever, and can’t be changed unless someone can take control more than 51% node in the same time.Anonymity. Blockchain technologies solved the trust problem between node to node, so data transfer or even transaction can be anonymous, only need to know the person’s blockchain address.
Figure 1: The structure of block chain
2.1 How Blockchain Works?
The main working processes of blockchain are as follows:
1) The sending node records new data and broad casting to network.
2) The receiving node checked the message from those data which it received, if the message was correct then it will be stored to a block.
3) All receiving node in the network execute proof of work (PoW) or proof of stake (PoS) algorithm to the block.
4) The block will be stored into the chain after executing consensus algorithm, every node in the network admit this block and will continuously extend the
chain base on this block.
2.2 The Structure of Blockchain
Generally in the block, it contains main data, hash of previous block, hash of current block, timestamp and other
information. Figure 1 shows the structure of block. Main data. Depending on what service is this blockchain applicate, for example: transaction records, bank clearing records, contract records or IOT data record. Hash. When a transaction executed, it had been hash to a code and then broadcast to each node. Because it could be contained thousands of transaction records in each node’s block, blockchain used Merkle tree function to generate a final hash value, which is also Merkle tree root. This final hash value will be record in block header (hash of current block), by using Merkle tree function, data transmission and computing resources can be drastically reduced.Timestamp. Time of block generated. Other Information. Like signature of the block, Noncevalue, or other data that user define.
2.3 How to Get Consensus
Consensus function is a mechanism that make all blockchain nodes have agreement in same message, can make sure the latest block have been added to the chain correctly, guarantee the message that stored by node was the same one and won’t happened “fork attack”, even can protect from malicious attacks.
2.4 Proof of Work (PoW)
A proof of work is a piece of data which is difficult (costl or time-consuming) to produce but easy for others to verify and which satisfies certain requirements. Producing a proof of work can be a random process with low probability so that a lot of trial and error is required on average before a valid proof of work is generated. Bitcoin uses the Hashcash proof of work system. When calculating PoW, it’s called “mining”. Each block has a random value called “Nonce” in block header, by changing this nonce value, PoW have to generate a value that makes this block header hash value less than a “Difficulty Target” which has already been set up. Difficulty means how much time it will take when the node calculating hash value less than target value. In order for a block to be accepted by network participants, miners must complete a proof of work which covers all of the data in the block. The difficulty of this work is adjusted so as to limit the rate at which new blocks can be generated by the network to one every 10 minutes.
Due to the very low probability of successful generation, this makes it unpredictable which worker computer in the
network will be able to generate the next block
2.5 Proof of Stake (PoS)
Because Proof of Work method will cause a lot of electricity power and computing power be wasted, Proof of Stake
doesn’t need expensive computing power. With Proof of Stake, the resource that’s compared is the amount of Bitcoin a miner holds – someone holding 1% of the Bitcoin can mine 1% of the “Proof of Stake blocks” .
A Proof of Stake method might provide increased protection from a malicious attack on the network. Additional protection comes from two sources: International Journal of Network Security
Figure 2: Public blockchain
Figure 3: Consortium blockchain
1) Executing an attack would be much more expensive.
2) Reduced incentives for attack. The attacker would need to own a near majority of all bitcoin. Therefore, the attacker suffer severely from his own attack.
2.6 Type of Blockchain
Blockchain technologies can be roughly divided into three types.
1) Public blockchain: Everyone can check the transaction and verify it, and can also participate the process of getting consensus. Like Bitcoin and Ethereum are both Public Blockchain. Figure 2 shows public blockchain.
2) Consortium blockchains: It means the node that had authority can be choose in advance, usually has partnerships like business tobusiness, the data in blockchain can be open or private, can be seen as Partly Decentralized. Like Hyperledger and R3CEV are both consortium blockchains. Figure 3 shows consortium blockchains.
3) Private blockchain: Node will be restricted, not every node can participate this blockchain, has strict authority management on data access. Figure 4shows private blockchain. No matter what types of blockchain is, it both has
advantage. Sometimes we need public blockchain because its convenience, but sometimes we maybe need private control like consortium blockchains or private blockchain, depending on what service we offer or
what place we use it.
Figure 4: Private blockchain
3 Application of Blockchain Technologies Blockchain technologies can be using in many area, not only in financial application, but also in others industries.
3.1 Digital Currency: Bitcoin Bitcoin’s data structure and transaction system was built by blockchain technologies, makes Bitcoin became a digital currency and online payment system. By using encrypted technique, funds transfer can be achieved and
doesn’t need to rely on central bank. Bitcoin used public keys address sending and receiving bitcoin, recorded the
transaction and the personal ID was anonymous. The process of transaction confirm needs other user’s computing power to get consensus, and then records the transaction to network.
3.2 Smart Contract: EthereumSmart Contract is a digital contract that controls user’s
digital assets, formulating the participant’s right and obligation, will automatically execute by computer system.
It’s not only just a computer procedure, it can be seen
as one of a contract participants, will response to message what it receive and store the data, it can also send
message or value to outside. Smart Contract is just like a
person can be trusted, can hold the assets temporarily and
will follow the order which has already been program .
Ethereum is an open source blockchain platform combining Smart Contract, offering decentralized virtual machine to handle the contract, by using its digital currency
called ETH, people can create many different services,
applications or contracts on this platform .
3.3 HyperledgerHyperledger is an open source blockchain platform, started in December 2015 by the Linux Foundation, to support blockchain-based distributed ledgers. It is focused on ledgers designed to support global business transactions, including major technological, financial, and supply chain companies, with the goal of improving many
aspects of performance and reliability. The project aims International Journal of Network Security,
to bring together a number of independent efforts to develop open protocols and standards, by providing a modular framework that supports different components for different uses. This would include a variety of blockchains with their own consensus and storage models, and services for identity, access control, and contracts.
3.4 Other ApplicationsThere still have many use case of blockchain technologies, like protection of Intellectual property, traceability in supply chain, identity certification, insurance, internationalpayments, IOT, patient’s privacy in medical treatment or prediction market .
4 Security Issues and ChallengesSo far, blockchain has been gotten many attention in different area, however, it also exists some problems and
challenges needs to face it .
4.1 The Majority Attack (51% Attacks)With Proof of Work, the probability of mining a block depends on the work done by the miner (e.g. CPU/GPU
cycles spent checking hashes). Because of this mechanism,people will want to join together in order to mining more
blocks, and become “mining pools”, a place where holding most computing power. Once it hold 51% computing
power, it can take control this blockchain. Apparently, it cause security issues [3, 4]. If someone has more than 51% computing power, then he/she can find Nonce value quicker than others, means he/she has authority to decide which block is permissible.
What it can do is:
1) Modify the transaction data, it may cause doublespending attack [11, 17].
2) To stop the block verifying transaction.
3) To stop miner mining any available block.
A majority attack was more feasible in the past whenmost transactions were worth significantly more than the
block reward and when the network hash rate was muchlower and prone to reorganization with the advent of new
mining technologies .
4.2 Fork ProblemsAnother issue is fork problem. Fork problem is related to decentralized node version, agreement when the software
upgrade. It is a very important issue because it involving a wide range in blockchain.
• Types of Forks
When the new version of blockchain software published, new agreement in consensus rule also changed
Figure 5:Hard Fork to the nodes.
Therefore, the nodes in blockchain network can be divided into two types, the New Nodes
and the Old Nodes. So here come four situations:
1) The new nodes agree with the transaction ofblock which is sending by the old nodes.
2) The new nodes don’t agree with the transactionof block which is sending by the old nodes.
3) The old nodes agree with the transaction ofblock which is sending by the new nodes.
4) The old nodes don’t agree with the transactionof block which is sending by the new nodes.Because of these four different cases in getting consensus, fork problem happens, and according to these four cases, fork problems can be divided into two types, the Hard Fork and the Soft Fork. In addition to distinguish the new nodes and the old nodes, we have to compare the computing power of new nodes with old nodes, and assume that the computing power of new nodes are more than 50
• Hard Fork
Hard Fork means when system comes to a new version or new agreement, and it didn’t compatible with previous version, the old nodes couldn’t agree with the mining of new nodes, so one chain became two chains. Although new nodes computing power were stronger than old nodes, old nodes will still continue to maintain the chain which it though was right. Figure 5 shows the hard fork problem. When Hard Fork happens, we have to request all nodes in the network to upgrade the agreement, theInternational Journal of Network Security
Figure 6: Hard Fork happens because the old node verification requirement is much stricter than the new node
Figure 7: Compatible hard fork
nodes which haven’t been upgrade will not continue to work as usual. If there were more old nodes didn’t upgrade, then they will continue to work on the other completely different chain, which means the ordinary chain will fork into two chains. Figure 6 shows the reason of why hard fork will happens.
• Soft Fork
Soft Fork means when system comes to a new version or new agreement, and it didn’t compatible with previous version, the new nodes couldn’t agree with the mining of old nodes. Because the computing power of new nodes are stronger than old nodes, the block which is mining by the old nodes will never be approve by the new nodes, but new nodes and old nodes will still continue to work on the same chain.
Figure 7 shows the soft fork problem.
Figure 8: Soft Fork happens because the new node verification requirement is much stricter than the old node
When Soft Fork happens, nodes in the network don’t have to upgrade the new agreement at the same time, it allows to upgrade gradually. Not like Hard Fork, Soft Fork will only have one chain, it won’t affect the stability and effectiveness of system when nodes upgrade. However, Soft Fork makes the old nodes unaware that the consensus rule is changed, contrary to the principle of every nodes can verify correctly tosome extent.
Figure 8 shows the reason of why softfork will happens.
4.3 Scale of BlockchainAs blockchain growing, data becomes bigger and bigger, the loading of store and computing will also getting harder and harder, it takes plenty of time to synchronize data, in the same time, data still continuely increase, brings a big problem to client when running the system . Simplified Payment Verification (SPV) is a
payment verification technology, without maintain full blockchain information, only have to use block header
message. This technology can greatly reduce user’s storage in blockchain payment verification, lower the user’s
pressure when transaction drastically increased in the future.
4.4 Time Confirmation of Blockchain Data
Compared to traditional online credit card transaction,usually takes 2 or 3 days to confirm the transaction, bitcoin transaction only have to use about 1 hour to verify, it’s much better than the usual, but it’s still not good enough to what we want it to. Lightning Network is a solution to solve this problem .
Lightning Network is a proposed implementation of Hashed Timelock Contracts (HTLCs) with bi-directional
payment channels which allows payments to be securely routed across multiple peer-to-peer payment channels.
This allows the formation of a network where any peer International Journal of Network Security.on the network can pay any other peer even if they don’t directly have a channel open between each other.
4.5 Current Regulations Problems
Use Biction for example, the characteristics of decentralized system, will weak the central bank’s ability to control the economic policy and the amount of money, that makes government be cautious of blockchain technologies, authorities have to research this new issue, accelerate formulating new policy, otherwise it will have risk on the market.
4.6 Integrated Cost Problem
Of course it will have lot of cost including time and money to change existing system, especially when it’s an infrastructure. We have to make sure this innovative technology not only create economic benefits, meet the requirements of supervision, but also bridge with traditional organization, and it always encounter difficulties from internal organization which is existing now.
There’s no doubt that blockchain is a hot issue in recent years, although it has some topics we need to notice, some
problems has already been improved along with new technique’s developing on application side, getting more and
more mature and stable.The government have to make corresponding laws for this technology, and enterprise should ready for embrace blockchain technologies, preventing it brings too much impact to current system.
When we enjoy in the advantage of blockchain technologies bring to us, in the same time, we still have to
stay cautious on its influence and security issues that it could be have.
This study was supported by the National Science Council
of Taiwan under grant NSC 105-2410-H-005 -023 -MY2.
The authors gratefully acknowledge the anonymous reviewers for their valuable comments.
This article tries to bring in a small glimpse of a new technology named block chain that is recently revolutionizing the world. It brings to us after a short introduction of what it is, the characteristics that it has and that makes It separate from all others like transparent, immutable, open source etc. It also goes on to add a small description about the new technology of the Bitcoin the success of which has helped to revolutionize the world of monetary transaction and has worked as a base on which the block chain technology has expanded itself to new heights and spread far and wide. It then moves on to describe the 3 main types of block chain (Public, Private and consortium) and talks to us about some of the applications in which it is being used like ethereum, bitcoin etc. It then winds up by talking about some of the problem that this technology is facing like huge number of attacks, fork problems and the current regulations guiding it.
Looking for best IT Management Assignment Help. Whatsapp us at +16469488918 or chat with our chat representative showing on lower right corner or order from here. You can also take help from our Live Assignment helper for any exam or live assignment related assistance.