Monday, June 6, 2022

distributed ledger technologies (DLTs)

  •  What are distributed ledger technologies (DLTs)?


In a traditional marketplace, middlemen oversee the exchange of assets. When you receive your paycheck, for example, a bank controls the transaction. The bank validates the check, verifies that the employer holds the required funds in their account, and records the exchange. This record, or ledger, documents the transaction and the resulting change in wealth


Imagine, for instance, that your employer owned the ledger instead of the bank. Your employer could falsely claim that they paid you and manipulate the records to back up their lie. Because of this security risk, neither participant in the exchange should be given sole control of the ledger.


For most of history, the best way to avoid this kind of fraud was to entrust an unbiased intermediary with the ledger and hope that this middleman would faithfully maintain the ledger. In other words, traditionally, two parties who agreed upon a transaction relied on a third-party institution to carry out and record the exchange


Blockchains & distributed ledgers explained


Distributed ledger technologies, like blockchain, are peer-to-peer networks that enable multiple members to maintain their own identical copy of a shared ledger. Rather than requiring a central authority to update and communicate records to all participants, DLTs allow their members to securely verify, execute, and record their own transactions without relying on a middleman.


While there are a wide variety of DLTs on the market, they are all comprised of the same building blocks: a public or private / permissioned / permissionless distributed ledger, a consensus algorithm (to ensure all copies of the ledger are identical), and a framework for incentivizing and rewarding network participatio


Public vs. private and permissioned vs. permissionless


Distributed ledgers are categorized as “private” or “public” and “permissioned” or “permissionless” — they can be any combination of any of the two.

To achieve full decentralization, Hedera believes distributed ledgers must be public permissionless networks.


Private / Permissioned: 

This type of network offers no decentralization

The applications and the network nodes running those application must both be invited to join the network and meet certain criteria or provide a form of identification


Private / Permissionless: Requires that applications deployed in production be invited to join the network and can be removed without warning at any time. The nodes which constitute the network and run said applications can freely and anonymously join and contribute, typically in exchange for a network’s native cryptocurrency. 


Public / Permissioned: Allows applications to be deployed in production or removed, without having to notify anyone, reveal their identity, or meet any application criteria requirements. The nodes which constitute the network and run said applications must be invited to join the network.


Public / Permissionless: This type of network is the most decentralized. Applications can be deployed in production or removed, without having to notify anyone, reveal their identity, or meet any application criteria requirements. Additionally, the nodes which constitute the network can freely and anonymously join and contribute, typically in exchange for a network’s native cryptocurrency.


Reaching consensus


Although every node on a permissioned or permissionless distributed ledger maintains and updates their own copy of the ledger, it is imperative that each of these ledgers remains identical. Imagine, for instance, that your copy of the ledger reveals that you have $100 in your account, while the cashier’s ledger holds that you have $1

Without identical ledgers, participants in the network could not make transactions.


In order to keep the distributed ledger consistent, DLTs must have a consensus algorithm, or a method of ensuring that all copies of the ledger agree

A consensus algorithm is a method of synchronizing the data across a distributed system. In the case of a DLT, the consensus algorithm ensures that all copies of the ledger are identical.


Perhaps the most intuitive algorithm is a simple vote. According to this algorithm, each node independently calculates how they think they should update their ledger based on the information available to them


Because DLTs become more secure and transparent when more nodes are added to the network, many other consensus algorithms have been developed to better suit the need for large, efficient, and reliable peer-to-peer networks


Just as DLTs distribute the responsibility of maintaining the ledger to each participant, so do they divide this computational burden. Every node must donate computing power to run the consensus algorithm and process transactions.


DLTs typically reward active membership with cryptocurrency. Cryptocurrency is a virtual, encrypted token which can be exchanged using across a decentralized network. These coins can be exchanged, purchased, or earned by participating in the network.


Therefore, participants have an incentive to contribute computational resources to the network. Not only is their work rewarded in cryptocurrency, the value of that currency may rise as the network grows and more build useful applications on the distributed ledger platform.


Distributed ledger technologies allow businesses and individuals alike to quickly carry out secure transactions without needing to rely on a middleman. By avoiding intermediaries, distributing control of the ledger, and providing a tamper-apparent network, DLTs present a more cost-efficient, accessible, and reliable transaction platform than centralized ledger systems.


Without a central agent, there is no need to pay a central agent. And, without the need for clunky bureaucracy, you can exchange assets directly and immediately. You no longer have to limit the speed of your transaction to the efficiency of expensive bankers, lawyers, or politicians


Moreover, you no longer have to trust bankers, lawyers, or politicians with the ledger and your assets.


Tamper-apparent


Traditional ledgers may provide fast and simple record-keeping, but they are vulnerable to corruption and hacking. Because only one central entity controls the ledger, a corrupt central agent can tamper with the records without the consent or knowledge of the affected members.


Distributed ledgers, however, are inherently resistant to tampering. While a malicious agent could compromise a central system by altering the single ledger, they would need to alter at least a plurality of ledgers to have an impact on a distributed system. 


Though DLTs are not tamper-proof, they are tamper-apparent. That is, if tampering does occur, the network’s transparency ensures that all members of the network will be aware of the change. Though a participant of a DLT cannot be completely certain that the ledger will remain unaltered, they can rest assured that they will know if tampering does occur.


Immutability and controlled mutability


Some distributed ledgers take security beyond tamper-apparent by establishing immutability, preventing any and all participants from changing established records for any reason.



Members of these immutable DLTs can only view the ledger and carry out new transactions. Even if all participants in the network wished to change the ledger, there would be no pathway within the system’s architecture for that change to occur. Therefore, participants of an immutable distributed ledger can be certain that their ledger is not only tamper-apparent, but tamper-proof


A distributed ledger technology is immutable if it does not provide any participant or group of participants the ability to alter or delete established records.


 In some cases, changing past records could be beneficial. For instance, if a bug in the DLT’s code causes a transaction to be misrepresented in the ledger, immutability would prevent anyone from fixing that problem. The invalid transaction would forever be part of the official ledger. 

 

 Additionally, as laws change to catch up with technology, new government regulations may necessitate a change in record-keeping practices. Immutable systems would not be able to adapt to these changing legal conditions, and would therefore risk violating government standards.

 

 some DLTs opt for controlled mutability. DLTs with controlled mutability allow records to be changed, but place heavy restrictions upon that pathwa

 

 Controlled mutability is the best of both worlds: no malicious participant or group of participants can alter the records without everyone knowing (tamper-apparent), but the DLT can adapt to bugs and changing regulations.

 

 


https://hedera.com/learning/what-are-distributed-ledger-technologies-dlts?utm_term=distributed%20ledger&utm_campaign=Learning+Center+-+DLT&utm_source=adwords&utm_medium=ppc&hsa_acc=1782665900&hsa_cam=11155745237&hsa_grp=106221302541&hsa_ad=466328121346&hsa_src=g&hsa_tgt=kwd-328485320044&hsa_kw=distributed%20ledger&hsa_mt=b&hsa_net=adwords&hsa_ver=3&gclid=CjwKCAjwy_aUBhACEiwA2IHHQCKBLfq4-DlgFTVYEqJmdbgWBJ5IxP2klKiF6AlJ2rn7vnManyh9choCsS0QAvD_BwE



  • Distributed Ledger Technologies


All participants share a consistent copy of the database, there is no central server

 Some participants might not have a full copy

 Network connections are peer-to-peer

 Participants must comply with ledger rules

 permissionless ledger – anyone could join

 permissioned ledger – participation is subject to rules of the members

 Using a type of consensus protocol, to agree on validity of a given transaction

 Transactions – could be financial and/or exchanging of assets and/or services

 Rules for a transaction could be coded into what is called smart contracts

 Uses digital signatures (private/public key) to sign and/or encrypt transactions on the ledger

 Signatures could be linked to identity

 Represents a temporal order of how assets evolve over time


Miner

A miner is a participant in a Blockchain that participates in securing the network and validating new

transactions. The mining and validation process happens via either competitive, voting or luck-based

methods dependant on the consensus protocol chosen. Miners are incentivised to participate in a

Blockchain either because they receive mining rewards in the form of cryptocurrency (eg. Bitcoin) or

because they have a vested interest in accessing and exchanging data on that network (such as a business

that chooses to participate in an industry or market-specific Blockchain).


Consensus protocol

The core difference between a distributed ledger and a traditional database is the way in which datasets

evolve over time. The system allows multiple participants to submit new inputs to a distributed ledger.

Consensus is then used to determine over time which state of the database is considered as valid. This is in

contrast to a traditional database, where multiple participants submit new inputs and one counterparty is

relied on to provide the valid state of the database.


One of the key aspects of a distributed ledger is that the data held within it, is considered valid because all

parties agree to a single “true” version.


In the event that existing participants in a Blockchain decide to

include data in a non-compliant manner with established protocols, an event named a fork occurs.


Forks result in a split of the ledger and the consequent creation of two groups, each validating their

own version of the ledger. In order for participants to be able to continue to interact with each other,

they are required to follow the same fork of the ledger.


The following table gives a brief overview of main consensus protocols in use


Proof of Work

Uses computational power to validate new blocks of data.

To participate in this scheme, participants are required to collate transactions within a

single block and then apply a hash function with the use of some additional metadata.


Proof of Stake

Validators (special nodes) voting on valid blocks whilst posting collateral in order to be able

to participate in the validation process.

Unlike Proof of Work, Proof of Stake relies on proving the user is invested in the underlying

token of value of the network being mined rather than being the owner of a large amount

of computing power


Ripple Protocol

In order to validate new transactions, servers amalgamate outstanding transactions into a

“candidate list.”

All participants then vote on valid transactions to be included in the ledger.


Proof of Elapsed Time

As part of its Intelledger proposal, Intel has devised a means of establishing a validation

lottery that takes advantage of the capability of its CPUs to produce a timestamp

cryptographically signed by the hardware.

Whoever in the chain has the next soonest timestamp will be the one to decide which

transactions will be a part of the next block in the chain.

This consensus method is extremely energy efficient compared to Proof of Work and

therefore more adapted to IoT devices


Cryptography

Distributed ledger technology relies on the use of asymmetric cryptography to sign messages and encrypt

data through the use of a private/public key pair. 


Cryptography is also involved in some of the consensus protocols (e.g. Proof of Work) and is the primary

vehicle in achieving consensus.


The private keys, which allow a given entity to transact with the assets or virtual currency allocated to it in

the Blockchain are typically stored in what is called a wallet. 


Sidechains

The standard operation of a distributed ledger might allow thousands of transactions which in some cases,

might result in slow processing.


 These are the concept of running a separate distributed ledger off of the main chain but with

transactions able to take place in the same currency as the core system

 By performing transactions on a such specialized ledger, transactions should be processed faster

 Users who are able to see the content of a transaction, may also be restricted depending on that

sidechain’s implementation



Cybersecurity Challenges


4.1.1 Key Management


The methodology of the attacks seeking to gain unauthorised access to a system via stolen credentials

remains fundamentally the same- try to capture information, plant malware and/or use social engineering

to steal the private keys from the user’s machine


Potentially different private keys could be used for signing and encrypting messages across the distributed

ledger. An attacker who obtained encryption keys to a dataset would be able to read the underlying data.

However, if the signing key is secured, they will not be able to modify the data or interact with that smart

contract (providing it has been appropriately designed).


The significance of protecting the private key is due to the fact that actions taking place on a hacker’s

machine, such as file decryption attempts or private key reproduction, are not subject to server imposed

query limits and are run without anyone else being able to notice


Unlike with traditional systems, where before a server administrator was capable of tracking attempts to

break into a customer or user account, the malicious users can keep trying limitlessly to decrypt or try to

reproduce a private key out of encrypted data from a given ledger. With Blockchain, there is no way of

knowing this is happening until after the hacker has succeeded.


4.1.2 Cryptography


Most Blockchain implementations rely on the cryptographically generated public and private keys to

operate


Usually, the user generates the private and public keys using software, such as the Blockchain client

software, or another available software. It has already been shown, that some programs are generating

keys that have been identified to be weak


weakened random number generators, from which a limited range of possible values can be produced.

Keys generated through these limited random number generators could be more easily brute forced


Popular security algorithms that are used for securing information through a complicated challenge (e.g.

RSA, ElGamal), may now be resolved in a shorter amounts of time through the use of quantum computing.


4.1.3 Privacy


In a permissionless ledger, all counterparties are able to download the ledger, which implies that they

might be able to explore the entire history of transactions, including those to which they were not

members of. The “right to be forgotten” where information needs to be removed from a ledger is

challenging to implement. Usually, many counterparties have the data from the ledger, and it would be

difficult to prove that all data has been deleted


Additionally, there is a challenge with smart contracts being able to access the data in order to process

transactions. Since this is possible, there is possibility that a smart contract might be able to leak

information on what is being processed


4.1.4 Code review


Whilst many skilled eyes may have reviewed the protocols, methods, and codebase of popular

implementations of distributed ledgers, it remains possible that unknown vulnerabilities exist.


The Distributed Ledger Specific Challenges


4.2.1 Consensus hijack


In decentralized, permissionless networks, where consensus is formed through majority, taking control of a

large enough portion of participating clients could allow an attacker to tamper the validation process


In the case of Bitcoin, this is referred to as a “51% attack9” where the majority (defined as the proportion

of all hashing power in the network) is compromised or controlled by the same entity or a coalition of

dishonest counterparties. An attacker would be able to produce new blocks faster than the rest of the

network (in proportion to their computing power) leading participants to consider that chain as valid.


The extent of a 51% attack will allow an attacker to refuse to process certain transactions as well as to

re-use an asset which has already been spen


There is possibility, that in a permissionless distributed ledger, the computational power required to hijack

the consensus might be cheap enough for a malicious attacker to buy (from a cloud provider for example)


Another consequence of such an attack is in the perspective of adoption. Any chain coming under attack

might see an outflow of participants, leading to the question of which chain should be considered as the

“main” one to follow as well as potentially crippling the value of that chain


Another challenge comes from consensus protocols that do not involve some way of penalty to the

participants. In this way for a malicious user would be easier to attack


4.2.2 Sidechains


sidechains are more at risk due to their more

specialised focus. Where a user has no interest in tracking the data and maintaining the operation of a

sidechain, they will not contribute the relevant mining power to secure that chain.


Another vulnerability of sidechains consists in the gateway used to transfer assets and messages between

chains. In the case of a Bitcoin sidechain, a user will “lock” Bitcoins in an address on the main Bitcoin

Blockchain and then issue proxy tokens for these on the sidechain. If users can also later exchange

sidechain tokens for the original token, this mechanism is called a 2-way peg. They can then transact with

others on that sidechain. If the initial “locking” transaction is later considered invalid, then subsequent

proxy-token transactions would also be affected. Additionally, owners of proxy tokens that had been

affected would not be able to convert these back to the original asset via the pegging mechanism


Fraudulent transactions or attacks on a sidechain do not affect the validity of data held on the parent

chain. However, in the event that a sidechain was to be put out of service, the parent chain might be

subjected to high stress levels as the sidechain users migrate their transaction volumes to the parent

chains


4.2.3 Exploiting Permissioned Blockchains


In a regulated, permissioned network, where consensus might be implemented under the regulator’s

direction, any exploitation of the regulator’s capabilities would be even more and immediately severe


All problems that had required hijacking of the majority consensus, a task that was a potentially

significant in undertaking, are now replaced by the hijacking of a single entity


4.2.4 Distributed Denial of Service


Distributed Denial of Service attacks coming out of the nature of the distribute ledger remain a concern.

For example, if rogue wallets decide to push large numbers of spam transactions to the network it could

create potentially a denial of service and increase the processing time, as the nodes will be checking the

validity of the fraudulent transactions.


Within a permissioned ledger, it would be possible for nodes to agree to ignore or even block the issuer of

such spam transactions. However, if an attacker is able to control a large number of clients, they might be

able to severely disrupt the network by pushing large volumes of irrelevant transactions


The distributed nature of Blockchain architecture introduces the prospect that it would be difficult to

shut down a malicious program


It would be possible to

store malicious data within the Blockchain network. Additionally, an attacker could reassign control of the

related smart contract at will, leveraging the trustless nature of the Blockchain to buy and sell malware

between anonymous cryptographic keys


4.2.5 Wallet Management


The wallet software would need to protect the keys from being accessed

without authorization, in both cases while stored, but also while in operation with the software.


Losing access to a given wallet might preclude a financial institution from authorising transactions or

moving assets. It might be difficult for an entity to be aware that a malicious user has access to the wallet,

because copying or stealing the keys might not leave any trace on a computer. By the time an entity

understands that the keys are compromised, because of a fraudulent transaction for example, it might be

too late for reversa


4.2.6 Scalability


Removing the need to reconcile counterparty data introduces a scalability problem. On one hand the

growth of the ledger size and on the other the speed at which transactions are processed.

The need to store all data pertaining to a specific distributed ledger, may grow to be unmanageable in

size for individual end-users


The speed at which a given transaction is processed, in some implementations of the ledger, may not be

sufficient or acceptable


Exposed to the high transaction volumes of financial institutions, a completely distributed ledger might

subject users to performance issues as their machines struggle to maintain an ever growing chain. The

transaction speed also depends on the consensus protocol.


The possibility that only specific transactions are to be verified by specific nodes (validators) is called

Sharding. Sharding could also introduce a significant fault (ie. reversion of subsequent transactions) if a

specific subset of validators were to wrongly validate transactions to which other members of that same

Blockchain refer to


The process of downloading block headers (which are a hashed version of past data) as well as the

underlying data for most recent blocks and then cross-reference this with other nodes (rather than

downloading the entire database) is called Blockchain pruning. Here, a challenge exists if an attacker were

to convince a user that the fraudulent block headers they verify, are genuine


4.2.7 Smart Contract Management


Smart contract management refers to the people, processes and technology used when creating a smart

contract.


Smart contracts are essentially programs that run on the distributed ledger. They are prone to any faults

associated with code


Generally, the function, and the security of smart contracts code depends on the author’s capabilities


4.2.8 Interoperability


Using different distributed ledgers will very likely bring the need of data sharing between them.

Exchanging data will require translation of formats and protocols, which currently are in very early

stages.


Key

challenges related to interoperability are:

 Who can transfer assets between distributed ledgers?

 Who can oppose to transferring assets?

 Should transfers allow for whole asset or just part of it?

 Should changes of ownership or asset (theft, loss) be also proliferated to the other chains?

https://www.enisa.europa.eu/publications/blockchain-security/@@download/fullReport


  • Distributed ledgers require maximum protection – even if they appear to be secure by default

Blockchain technology is becoming an integral part of the business process in large companies. In its customized form for enterprises, commonly called Distributed Ledger Technology (DLT), it is used to verify transactions, control deliveries, monitor workplace operations and more.

https://www.kaspersky.com/enterprise-security/dlt-cybersecurity


  • Overview nature of the risks and vulnerabilities

Distributed ledger technology (DLT) is a new type of

secure database or ledger that is replicated across

multiple sites, countries, or institutions with no

centralized controller. In essence, this is a new way

of keeping track, securely and reliably, of who owns a

financial, physical, or digital asset. The most popular

incarnation of DLT is called a blockchain, of which a

number of varieties have been developed

https://figi.itu.int/wp-content/uploads/2021/04/Security-Aspects-of-Distributed-Ledger-Technologies-1.pdf

No comments:

Post a Comment