Information Security in Blockchain Systems

We introduced the Information Security approach in the chapter Information Security in Software Systems, where we introduced how security can be achieved in distributed systems. In doing so, we defined the security goals and the security mechanisms. In this section, we outline that these approaches hold in a blockchain system.

The basic mechanisms are fulfilled since:

• Identification is obtained by the user’s address or public key.

• Authentication is obtained by the user’s password for his account.

• Authorization is obtained by the signature used in order to initiate a transaction.

The security goals are obtained by the blockchain network as:

• Confidentiality is achieved since only authorized parties are able to initiate a transaction, i.e., a transaction is only executable if the party has knowledge of the private key.

• Integrity is achieved by the blockchain data structure since it maintains the proper ordering of transactions, i.e., it is impossible to modify the transactions.

• Availability is achieved by the peer-to-peer system, meaning that the network still works even if any nodes crash.

• Non-repudiation is achieved since an initiated transaction is eventually executed, i.e., once released, there is no way to decline or cancel.

Furthermore, Denial-of-Service or Sybil attacks are made impossible because of the Proof-of-Work mechanism (see this lesson) which makes DoS expensive and requires a specific amount of computational work to be done instead of owning any number of votes.