Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Securing a Private Blockchain Implementation

Najwa Aaraj

4 vote(s)

To date, cryptographic primitives and protocols have been used primarily to secure information at rest and in transit.  Since 2009, starting with Bitcoin, cryptography has taken on a new role.  That of directly securing asset ownership.  The possession of a specific asymmetric private key implies ownership of that asset.  This happens, without a bank, without issuance of paper currency, and without government authority.

Blockchain technology represents the next frontier in cryptographic systems. Not only is it protecting real assets, but it's planned to do so for longer than any existing cryptographic system has been designed for.  The complexity introduced by SmartContracts/ChainCode is ripe for exploitation and hasn't received thorough security review yet.

Mismanagement of private keys, improper seeding of random number generators, flawed implementations, and weak algorithms have caused numerous cryptographic systems failures.  The result?  More parties than intended gained access to information and resources.

With blockchain, similar failures in cryptographic systems can result in the actual loss of extremely valuable physical assets.  Prior to blockchains, nation states had been both the primary actors and beneficiaries in cryptanalysis and compromising of cryptographic systems.  Information was the goal.  As cryptographic systems are increasingly relied on to protect, represent, and validate real assets, the scope of threat actors greatly increases to include criminal enterprise and malicious individuals.

AES has held up well for almost 20 years.  MD5 was utterly broken in 21 years. SHA1 is 24 years old and already showing its age.  How long will SHA2 last? Quantum Computers are rapidly creeping towards reality. 

From hashes, asymmetric keying, and encryption to sandboxes, virtual machines, and Turing-complete languages; in this session we'll walk through the building blocks of blockchains (sorry).  We'll then identify which components of which systems mitigate specific attack vectors, and, more often, which features leave Pandora's box teetering on the edge of the table.

We'll take a security implementer's view of the tools available for building cryptographic protocols and look at how they are being applied to blockchains and distributed ledger technology.

Takeaways

 1) Technical details of the state of the ecosystem for basic cryptographic primitives, hashes, asymmetric keying, symmetric ciphers and key agreement.

 2) A bottom up understanding of what blockchain and distributed ledger technology is, what it aims to protect, and how it intends to do so.

 3) What to keep an eye on as the field progresses and adoption rates increase.  Where are the potential security holes?  Denial of service?
    Spoofing?  Theft?

About Najwa Aaraj

Senior Vice President – Special Projects at DarkMatter LLC, with 12+ years experience in information and systems security. International Experience: USA, Middle East, Australia, Africa, Asia

Education

* Ph.D. with Highest Honors in Computer Engineering from Princeton University
* Masters Degree in Computer Engineering from Princeton University
* B.Eng. in Computer and Communication Engineering from American University of Beirut

Employment History

* Lead Senior Associate, Booz & Company, USA and Middle East
* Research Staff Member, NEC Labs-Princeton University, NJ, USA
* Research Staff Member, IBM T. J. Watson, NY, USA
* Research Staff Member, Intel Corporation, Oregon, USA

Cyber Security – Related Experience