October 10, 2018
Infinity Blockchain Lab’s head of security, Mr. Nguyen Quoc Tuan, delivered a fascinating presentation on blockchain security at Vietnam Frontier Summit 2018 (VFS). VFS is a significant event on frontier technology in Vietnam and more than 2,000 attendees, tech startups, and organizations joined to discuss the trends in frontier technologies such as AI, VR/AR, IoT, and blockchain.
VFS brought some of the brightest minds of deep tech together under one roof for impressive presentations and discussions. Attendees gathered for impressive tech startup insights from the leading experts of deep tech in Vietnam. Attendees also heard from some top corporate executives in learning about corporation innovation as and investment opportunities. Technology insiders also provided workshops and presentations on cutting-edge technologies such as Mr. Nguyen Quoc Tuan’s presentation on security in blockchain as well as many other relevant topics.
First, Tuan touched on defining blockchain and explaining how it is secure. Next, Tuan discussed the known attacks on blockchain technology along with the lessons learned. He finished up his presentation by taking questions and answers from the audience.
Is blockchain secure?
To accurately explain whether blockchain is secure, Tuan first briefly explained blockchain technology. He explained it as a decentralized ledger that is shared as a P2P network that ensures transactions are secure, valid, and authenticated based upon the consensus mechanism where all parties on the blockchain agree to verify transactions.
In introducing the information security on blockchain, Tuan referred to a “CIA” Triad. CIA is an acronym standing for confidentiality, integrity, and availability. Tuan explained that they are critical for information security.
Tuan explained the importance of confidentiality. Blockchain supports advanced encryption technologies and only those who have a private key can gain authorization to access the encrypted platforms. Although blockchain technology is highly secure, hackers can gain access to one’s private key hence it is critical for people to keep passwords safe.
Tuan went on to discuss the next integral part of blockchain safety, integrity. Integrity comes from the immutability of blockchain technology in that information cannot be forged or changed without permission. Immutability is a combination of sequential hashing and cryptography along with a decentralized architecture. Immutability is made possible through the use of consensus model protocols, where 51% of users in public and private blockchains need to agree a transaction is valid before it is then subsequently added to the platform.
Last on Tuan’s list for blockchain security is availability. Blockchain makes attacks difficult as there are not many available areas to attack. There is no single point of failure, as evidenced with bitcoin as it survived 10 years of cyber attacks. Blockchain has operational resilience in its decentralized architecture.
Read about blockchain’s use in industries
Known attacks on blockchain and lessons learned
Next, Tuan discussed some of the known cyber attacks on the blockchain. There have been a variety of attacks against blockchain and virtual currencies such as the Insecure Ethereum Node occurring in March of 2018 where $20 mil ETH was stolen. There, hackers hijacked the Ethereum wallet by scanning for opened port 8545. Another attack occurred on June 2016 against the DAO smart contract. In this attack, 3.5 mil ETH was stolen when hackers found a bug in the Ethereum smart contract, Solidarity. Tuan went on to discuss some attacks against exchanges such as the infamous Mt. Gox attack where hackers stole $450mil BTC.
Despite the hardships caused by these attacks, each provided critical lessons in improving the future of blockchain by exposing vulnerabilities. Developers now stress the importance of keeping private keys secure and hidden along with securing one’s full node with a firewall. The community has learned pivotal distinctions in using decentralized exchanges over centralized exchanges. The community now knows how to best apply traditional security practices such as monitoring the secure development lifecycle and using regular security audits and pentests.
Tuan graduated from the University of Birmingham (UK) with a major in Computer Security and has more than ten years of experience in Cyber Security consulting. His experiences span across several industries including Financial Services, Technology, etc. He used to lead the Security Consulting team at PwC and Deloitte Vietnam focusing on critical services such as Security Governance, Penetration Testing and Cyber Forensics. He is a security enthusiast and likes to spend his time researching vulnerabilities in various platforms and technologies.
Infinity Blockchain Labs (IBL) is a visionary R&D company committed to advancing society with next-generation solutions. We are currently the blockchain ecosystem leader in Vietnam with a global reach. Our mission is to be the R&D engine that transforms future technology into practical applications for business and everyday life. Named one of the top ten blockchain technology solution providers in 2018 by APAC CIO Outlook, our 200+ employees at IBL aspire to empower Vietnam to become the global leader in blockchain research and development.
We always welcome talents, communities, and business partners to collaborate with us across all of our activities. Please drop a message to email@example.com and sign up for our Newsletter list to receive our frequent reports with the most updated news. Make sure to follow us on social media too!