Learn more >
by Saritha Arunkumar, Sridhar Muppidi | Published July 18, 2019
This article highlights the blockchain security reference architecture that can be applied across blockchain projects and solutions for various industry use cases and deployments that span on-prem and Software as a Service (SaaS) environments. It examines the security risks and threats that are unique to blockchain, and then introduces key blockchain security controls, alongside business controls and conventional security controls. Finally, the article illustrates a blockchain security reference architecture and security model that can be used to secure any blockchain solutions.
We strongly recommend that you review the solutions that you design and architect against this blockchain security model to ensure that all measures are in place to adequately secure your blockchain solutions.
Blockchain is a shared, replicated, and permissioned ledger with consensus, provenance, immutability, and finality. The shared ledger ensures that participants can decide which assets to share, and enables them to know the identity of the other participants that they are dealing with. Blockchain also provides participants with provable endorsement, which comes with confidentiality — information shared only on a need-to-know basis.
It’s no secret that blockchain and blockchain applications are not immune to cyberattacks and fraud. Here are a few examples:
The Decentralized Autonomous Organization (DAO), a venture capital fund operating through a decentralized blockchain inspired by bitcoin, was robbed of more than $60 million worth of Ether digital currency (about one-third of its value) through code exploitation.
A theft of nearly $73 million worth of customers’ bitcoins from one of the world’s largest cryptocurrency exchanges, Hong-Kong-based Bitfinex, demonstrated that the currency is still a big risk. The likely cause was stolen keys.
When Bithumb, one of the largest Ethereum and bitcoin cryptocurrency exchanges in the world, was recently hacked, the data of 30,000 users were compromised, and $870,000 worth of bitcoin was stolen. Even though it was an employee’s computer that was hacked — not the core servers — this event raised questions about the overall security.
Addressing and examining the key security issues/risks for blockchain helps ensure the security of blockchain solutions.
Security is about risk management, so it’s important to start with an understanding of the risks associated with blockchain solutions. The specific risks of a blockchain solution depend on the type of blockchain being used. Let’s take a look at the various types of blockchains with decreasing levels of risk and increasing levels of security:
Public blockchains are public and anyone can join them and validate transactions. They are generally more risky (for example, cryptocurrencies). This includes risks where anyone can be part of the blockchain without any level of control or restrictions.
Private blockchains are restricted and usually limited to business networks; membership is controlled by a single entity (regulator) or consortium.
Permissionless blockchains have no restrictions on processors.
Permissioned blockchains allow the ledger to be encrypted so that only relevant participants can see it, and only those who meet a need-to-know criterion can decrypt it.
There are a number of other risks with blockchain solutions, and they can be broadly categorized into three areas:
Business and governance: Business risks include financial implications, reputational factors, and compliance risks. Governance risks emanate primarily from the decentralized nature of blockchain solutions, and require strong controls on decision criteria, governing policies, identity, and access management.
Process: These risks are associated with the various processes that a blockchain solution requires in its architecture and operations.
Technology: The underlying technology used to implement various processes and business needs may not always be the best choice, and this can ultimately lead to security risks.
Some of the examples of these risks are captured in Table 1.
Table 1. Risk category and associated risks with description
It is important to analyze the risks highlighted above in order to then derive a risk model for the blockchain-based solution. Some key considerations for designing a blockchain solution include:
The security of a solution should also be evaluated in the context of its threat model. Blockchain, by nature, has robust record integrity guarantees, however a number of things can go wrong in other parts of a blockchain-based application that can lead to compromise and loss. Some examples include weak access controls, loose key and certificate management protections, and insufficient communication security. The key to properly securing such an application is to develop a comprehensive threat model for it and mitigate identified weaknesses.
One well-known model is the Spoofing, Tampering, Repudiation, Information disclosure, Denial of service attacks, and Elevation of privilege (STRIDE) model that is used to study relationships between the actors and assets, review threats and weaknesses related to these relationships, and propose appropriate mitigations.
Blockchain applications often incorporate external components — Identity and access management (IAM) systems, multi-factor authentication (MFA), public key infrastructure (PKI), and regulatory and audit systems — that are owned and managed by actors. These systems need to be carefully scrutinized before they can become part of the overall solution as they are developed or controlled by third parties. These should be taken into consideration for the threat model in a blockchain solution.
Figure 1 takes into consideration the various factors and derives a threat model that can be applied in a blockchain-based implementation.
Figure 1. Threat model in a blockchain solution
The threats illustrated in Figure 1 can be classified into three main categories:
Individual blockchain-based applications are sufficiently different that it’s not feasible to build a universal threat model. Yet these apps are frequently associated with a number of similar actors, assets, and use cases. In this article, we propose a threat model for these common elements that can be used as a template that would serve as a starting point for more detailed security analysis in specific projects.
For a secure blockchain solution, start by developing a risk model that can address all of the business, governance, technology, and process risks.
Next, evaluate the threats to the blockchain solution and develop a threat model as shown in Figure 1.
Define the security controls that mitigate the risks and threats based on the following three categories:
Treat the underlying infrastructure of the blockchain solution as critical infrastructure.
Partition and adopt best practices for namespacing to regulate access.
Define and enforce the appropriate endorsement policies based on business contracts.
Enforce identity and access controls to access the blockchain solution and data.
Enforce the hardware security module (HSM).
Use a privileged access management (PAM) solution for escalated actions.
Use API security best practices to safeguard API-based transactions.
Leverage a secrets-store for both application and privileged access.
Adopt a data classification approach to safeguard data/information.
Use privacy-preserving technologies for sensitive information.
Protect applications from vulnerabilities and safeguard data.
Enforce access control in smart contracts.
Leverage Trusted Platform Modules (TPMs) for sensitive code execution.
Secure communications both internally and externally.
Use corporate security standards and systems to ensure a secure software development lifecycle, application scanning, and appropriate security policies.
Enforce identity and access management capabilities for user on-boarding.
Mandate multi-factor authentication.
Use strong cryptographic key/certificate management.
Leverage security incident and event management.
Leverage hardware security.
Enforce application security.
Enforce infrastructure security.
Perform full-scope penetration testing and vulnerability assessment.
Define and implement security governance.
Ensure that compliance and legal controls are in place.
Define, scope, and implement operational controls.
In the absence of generally accepted security standards and regulations, the state of blockchain application development is clearly nascent. From a security assurance standpoint, blockchain business network ecosystems that are nearing implementation require a comprehensive risk management approach that leverages cybersecurity risk frameworks, best practices, and cybersecurity assurance services to effectively mitigate risks.
Understanding that most enterprise-based blockchain systems require assessment and authorization (A&A) and authority to operate (ATO) processes to determine whether they comply with regulatory and privacy requirements, our approach emphasizes that the blockchain ecosystem, participant nodes, and actors have a shared security responsibility.
In the previous sections, you saw that in order to build a secure blockchain solution it is important to assess the risks and threats, and derive the security controls. Using the security controls in a blockchain architecture leads to the blockchain security reference model, which can be applied across all blockchain solutions.
Figure 2. Blockchain security reference architecture
The key takeaways for this article are summarized in the blockchain security model shown in Figure 3, which highlights the most important parts of securing a blockchain solution. These include:
Figure 3. Security model for a blockchain-based solution
This article has explained the essential components needed to secure a blockchain solution. Going forward, we strongly recommend that you review the solutions that you are designing and architecting against this blockchain security reference architecture and blockchain security model to ensure the security of your blockchain solutions.
For more blockchain security resources, see the Related Content links below and the Resources links in the right-hand column.
Acknowledgements: The authors would like to thank the following colleagues for their contributions to this article: Adewale Omoniyi, Dmitriy Beryoza, Kapil Singh, Jeff Tennenbaum, and Alessandro Sorniotti.
Everyone is placing bets on how the blockchain technology will revolutionize the way organizations and institutions transact business. Let's look…
Get started with this secure, distributed, open ledger technology by completing a pattern series that shows you how to build…
See how the security controls required in a cross-domain solution map to their implementation within a Hyperledger Fabric blockchain.
Back to top