PEER REVIEWED RESEARCH

OPEN ACCESS
ISSN Online: 2516-3957
ISSN Print: 2516-3949
https://doi.org/10.31585/jbba-3-1-(5)2020
The Need for Cyber Resilient Enterprise
Distributed Ledger Risk Management Framework
Robert E. Campbell, Sr.
Capitol Technology University, USA

Correspondence: [email protected]
Received: 24 February 2020 Accepted: 02 March 2020 Published: 16 March 2020

Abstract
Critical infrastructure sectors are increasingly adopting enterprise distributed ledgers (DLs) to host long-term assets,
systems, and information that is considered vital to an organization’s ability to operate without clear or public plans and
strategies to migrate safely and timely to post-quantum cryptography (PQC). A quantum computer (QC) compromised DL
would allow eavesdropping, unauthorized client authentication, signed malware, cloak-in encrypted session, a man-in-the-
middle attack (MITM), forged documents, and emails. These attacks can lead to disruption of service, damage of reputation
and trust, injury to human life, and the loss of intellectual property, assets, regulated data, and global economic security. In
2018, Gartner revealed that a QC is a digital disruption that organizations may not be ready and prepared for, and CIOs
may not see it coming.1 On September 18, 2019, IBM announced that the largest universal QC for commercial use would
be available in October 2019.2 On October 23, 2019, Google officially announced “Quantum Supremacy,” “by performing
a calculation in 200 seconds that would take a classical supercomputer approximately 10,000 years.”3 DL cyber resilience
requires “reasonable” measures, policies, procedures, strategies, and risk management before large-scale deployment. Cyber
resilience implementations must be a critical component during the design and building phase, or during the initialization
phase. The most significant existing attack vector for enterprise DLs is the public key infrastructure (PKI), which is
fundamental in securing the Internet and enterprise DLs and is a core component of authentication, data confidentiality,
and data and system integrity [1] [2]. Effectively implementing and managing a quantum-resistant PKI solution requires
adherence to PKI standards, industry requirements, potential government mandates, certificate management policies,
training personnel, and data recovery policies that currently do not exist. This research discusses security risks in enterprise
DL PKI, areas that can be compromised, and provides an idea of what should be in a PKI DL Risk Management
Framework plan.
Keywords: cyber resilience, PKI, quantum computing, distributed ledger, cyberattack, risk management framework, hyperledger fabric

                                                                                                               
1 Gartner Reveals Seven Digital Disruptions CIOs May Not See Coming: https://www.gartner.com/en/newsroom/press-
releases/2018-10-17-gartner-reveals-seven-digital-disruptions-cios-may-not-see-coming
2IBM’s new 53-qubit quantum computer is the most powerful machine you can use:
https://www.technologyreview.com/f/614346/ibms-new-53-qubit-quantum-computer-is-the-most-powerful-machine-you-can-use/
3Quantum Supremacy Using a Programmable Superconducting Processor:
https://ai.googleblog.com/2019/10/quantum-supremacy-using-programmable.html
The  JBBA    |    Volume  3  |    Issue  1    |    2020                                                                              Published  Open  Access  under  the  CC-­‐‑BY  4.0  Licence   1  
                                                                                                                                                                                                                                                                                   
  

 
 

Despite the vast opportunities distributed ledger technologies attacks occurred in June 2011, when a hacker was able to
(DLT) offer, they suffer from challenges and limitations such exfiltrate Mt. Gox’s auditor’s credentials and transferred 2,609
as security and privacy, compliance, and governance issues that bitcoins (BTCs) to an address for which Mt. Gox had no keys.
have not yet been thoroughly explored and addressed. There The second attack occurred in 2014, resulting in 750,000 BTCs
are many threats and numerous attack vectors, such as ($350 million) stolen from the exchange, and Mt. Gox halted
phishing, malware, implementation, and technology. While operations and filed for bankruptcy. The Bitfloor bitcoin
there are some studies on the security and privacy issues of exchange was hacked in 2012 when hackers were able to
DLT, they lack a systematic examination of the security of retrieve unencrypted private keys that were kept online for
these systems at the fundamental level of digital signatures and backups. The amount stolen was 24,000 BTCs. Poloniex was
public key infrastructure (PKI) vulnerabilities. Vulnerabilities hacked in 2014 and only stated it “has lost 12.3% of its total
and weaknesses lead to the execution of various security bitcoin supply in an attack.” The exchange also explained that
threats to the standard functionality of the distributed ledger “the hacker found a flaw in his site’s code that processes
(DL) platforms. The rapid development and progress of withdrawals, and made multiple simultaneous withdrawals,” and
quantum computing technology are not considerations that the system did not respond to this error. The major problem
CEOs and CIOs are correctly figuring in as a risk factor. was a coding error, and “the auditing and security features were
Quantum computing poses global security concerns because not explicitly looking for negative balances.”6 On January 4,
the technology will be able to hack into and disrupt nearly all 2015, Bitstamp announced that an anonymous hacker hacked it,
current information technologies. In this paper, the author and 19,000 BTCs (worth $5 million) were lost. In 2016, Bitfinex
explores the attack surfaces in the open-source-permissioned breached and claimed 120,000 BTCs (worth $72 million)
blockchain project Hyperledger Fabric and its potential hacked. The attackers exploited a vulnerability in the multi-sig
exploits through social engineering, malware, and wallet architecture of Bitfinex and BitGo.7 On May 7, 2019,
cryptographic tactics. The attacks considered are insider Binance was hacked, losing more than 7,000 BTCs ($40
threats, certificate authority (CA) attacks, and private-key million). Binance announced that they discovered a large-scale
attacks from quantum computers (QCs). The author will security breach on May 7, 2019. The attackers were able to
examine single points of failure in Hyperledger Fabric’s obtain user Application Orograming Interface (API) keys and
membership service provider (MSP), or PKI, which proves to 2FA codes. The attackers used techniques such as phishing,
be a centralizing aspect of a decentralized system and a viruses, and other attacks, and the hackers were able to
significant weakness of the permissioned blockchain network. withdraw 7,000 BTCs from this one transaction.
Also, the author presents a cyber-resilient framework as
possible use in a hybrid post-quantum-resistant enterprise Distributed Ledger Growth in Critical Infrastructure
PKI. Cyber resiliency is a feature that must be in systems of Recent forecasts indicate that global blockchain technology
the future, which, when implemented, will enable the ability to revenues will experience rapid growth in the coming years,
anticipate, withstand, recover from, and adapt to adverse with the market expected to rise to over $60 billion
conditions, stresses, and/or attacks. Both the global security worldwide in size by 2024. The financial sector is currently
risks and the economic benefits necessitate building in cyber the largest investor in blockchain, with over 60% of the
resilience. technology’s market value concentrated in this field. 8
Digital Currency and Blockchains under Attack However, global enterprises are increasingly adopting DLT
and are hosting critical assets and critical infrastructure in a
In 2018 alone, $1 billion in cryptocurrency was hacked from hostile, organized, sophisticated, and well-resourced cyber
exchanges,4 approximately $2.7 million stolen per day, or $1,860 threat environment. As an example, the Energy Web
each minute. Upbit is the seventh major crypto exchange hack Foundation (EWF) is a global organization that uses
of 2019 so far.5 Upbit is the largest victim of hacking to date,
after losing $49 million at 9:00 UTC on November 26, 2019.                                                                                                                
The exchange stated that an “abnormal transaction” resulted in
6Yet another exchange hacked: Poloniex loses around $50,000 in
bitcoin:
a 342,000 ether loss in a few minutes. Some of the most notable https://arstechnica.com/information-technology/2014/03/yet-
                                                                                                                another-exchange-hacked-poloniex-loses-around-50000-in-
4How Hackers Stole $1B From Cryptocurrency Exchanges In bitcoin/
2018:
https://www.forbes.com/sites/daveywinder/2018/12/31/how- 7The Binance Hack:
hackers-stole-1b-from-cryptocurrency-exchanges-in- https://medium.com/coinmonks/the-attack-on-binance-
2018/#7066025e4d87 eba46700eef6
5Upbit Is the Seventh Major Crypto Exchange Hack of 2019: 8Blockchain Market Shares, Market Strategies, and Market
https://www.coindesk.com/upbit-is-the-sixth-major-crypto- Forecasts, 2018–2024:
exchange-hack-of-2019 https://www.ibm.com/downloads/cas/PPRR983X

The  JBBA    |    Volume  3  |    Issue  1    |    2020                                                                  Published  O pen  Access  under  the  CC-­‐‑BY  4.0  Licence   2  
 
  

 
 

blockchain technology in the energy sector, with offices in threatens DL cryptography. Complex mathematical problems
Switzerland, Germany, and the United States. EWF launched are the foundation in which much of today’s cryptography is
the Energy Web Chain, in June 2019, and advertised “the based, including PKI and DL. DLT and PKI use asymmetric
world’s first public, open-source, enterprise-grade blockchain digital signature schemes for private and public-key generation,
tailored to the energy sector.”9 On December 12, 2019, the signing, verification of digital signatures, and QCs break and
U.S. President’s National Infrastructure Advisory Council all of these functions. This public-key cryptography is in email,
published draft findings on the urgent cyber risks in the most web browsing, encrypted storage, banking, virtual private
critical and highly targeted private infrastructures and called networks, communications, critical infrastructures, and much
for bold action. 10 The report indicated that escalating cyber of the Internet [2]. It would be exceptionally naive to think
risks to critical infrastructures present an existential threat to that covert research and development in “quantum
the continuity of government, economic stability, social supremacy” is not among the highest priorities of organized
order, and national security. Global governments and groups and nation-states around the planet. Further, it would
enterprises adopting DL are on the front lines of a cyberwar; follow that classified programs seek to protect actual
they are ill-equipped to win against organized cybercriminals capabilities, or there would not be a need for secrecy. Also, a
and nation-states intent on hacking, robbing, disrupting or QC attack could be difficult to detect because the attacker
destroying critical assets. would derive the private key from the available public key, and
with the private key, a hacker will have free and absolute
DLT Complexity access [4].
There are more than 30 known DL attack vectors in the Impact of Compromised PKI Private Keys
categories of network, wallet, mining, double spending, and
smart contracts and these attack can be phishing and social PKI is the backbone of today’s enterprise blockchain, DL,
engineering, DNS hijacking, exchange hacks, 51% attacks, network, and internet security. Figure 1 is a depiction of
software flaws, and other types that can be malware and Hyperledger Fabric’s Managed Service Provider (MSP)
crypotjacking, and other traditional attacks that affect services, which is essentially an abstraction of PKI for
systems that connect to a blockchain [3]. The zero-day enterprise blockchains. Cyber resilience is methods and
vulnerabilities cannot be quantified but must be considered procedures that aid in preventing adversarial access to systems
as potential vulnerabilities that will be discovered and housing critical data while ensuring the integrity of data,
exploited. DLT consist of the integration of networked despite the presence of the adversary on the network and
cryptography, fault-tolerance, and distributed consensus. being resilient to the adversary’s efforts to manipulate data.
Each of these topics is complicated, intricate and has many DL must assume the existence of adversaries in the network
known vulnerabilities and weaknesses that are not well- and be capable of nullifying adversarial strategies by harnessing
understood by those who lack the technical background in the computational capabilities of the honest nodes, and the
these topics. Also, as with any complicated technology, there information exchanged is resilient to manipulation and
are always zero-day vulnerabilities yet to be discovered and destruction [5].
made public. The combined technologies used to form DLT
dramatically increase the vulnerabilities, threats, and Network DL private keys are the credentials and the means
weaknesses. This complexity, along with the intricacies of its of authorizing transactions, which, if compromised, will
ecosystem (wallets, exchanges, sidechains, mining pools, make all assets controlled or secured by the keys freely
enterprise consortiums), requires a formal and logical available to an adversary. The private keys enable and allow
framework to address issues systematically and mitigate them the attacker(s) to capture information, passwords,
to make DLT resilient. compromise CAs, certificate forgeries, obtain other private
keys, derive other private keys, hijack private keys, and forge
The Quantum Computer Threat validations. The attacks and risks associated with these
malicious acts allow forged documents and emails, signed
Google’s “quantum supremacy” announcement means that malware, unauthorized clients, eavesdropping, and man-in-
QCs can process and solve massive computational problems the-middle (MITM) attacks. The impact of these activities
that exceed the capabilities of current supercomputers and can result in the loss of personally identifiable information
                                                                                                                (PII), protected health information (PHI), intellectual
9 The Energy Web is unleashing blockchain’s potential in the property (IP), reputation, assets, crippled operations, and
energy sector: human life.
https://www.energyweb.org/
10 NIAC TRANSFORMING THE U.S. CYBER THREAT Each MSP is in a folder with various subfolders containing
PARTNERSHIP DRAFT REPORT: the administrator certificate(s), root CA certificates, the
https://www.cisa.gov/publication/niac-transforming-us-cyber- node’s private key, the node’s X.509 certificate, and other
threat-partnership-draft-report optional inclusions. An X.509 PKI infrastructure is a security

The  JBBA    |    Volume  3  |    Issue  1    |    2020                                                                  Published  O pen  Access  under  the  CC-­‐‑BY  4.0  Licence   3  
 
  

 
 

Figure 1. MSP Architecture. Source: Hyperledger Fabric.  

architecture or format used in intranets, networks, and the MSP. Cryptogen, a utility for generating Hyperledger Fabric key
Internet. Its cryptographic mechanisms support functions material, provides a means of preconfiguring a network for
such as email, server authentication, signature generation, testing, and produces all private keys in one centralized location,
and validation. Specifications such as the secure and it is then up to the user to adequately and safely copy them
multipurpose internet mail extensions (S/MIME) and to appropriate hosts and containers. Allowing new users to
transport layer security (TLS) also rely on this standard. The decide key management best practices and the lack of standard
MSP is used to link identities, public-keys, and CAs; it acts as procedures can easily lead to private-key leakage attacks. Private-
the primary trusted authority and uses digital signature key leakage is possible because each participant can choose to
algorithms to sign certificates of trust. Key security store and protect their private key in any way the member
considerations include the ability of untrusted or determines; there need to be key management best practices for
unauthorized persons to participate in the network and the all members [6].
strength of the bit security of the encryption protocols [2].
Administrative duties include providing access and An outside attacker obtaining private key(s) could lead to
permissions for the entire blockchain network and are thus a any number of attacks. As private-key leakage attacks
single point of centralization. Each participant on the provide potential unlimited access to the blockchain and
network is assigned a digital certificate that assures they are open the possibility for any number of secondary attacks,
whom they say they are and defines the levels of access and they are one of the greatest threats to the MSP. The leakage
permissions. These administrators set the permissions along of private keys or a successful quantum computing attack
with a digital certificate; each participant is assigned what could further lead to more severe attacks, such as MITM
Fabric labels a digital signature or the private key half of a attacks, replay attacks, message tampering attacks, and
public-/private-key pair. These keys sign off on transactions identity leakage attacks [6]. Figure 2 illustrates the
and endorsements to ensure and retain the integrity of the weaknesses, threats, and risks of a compromised MSP or
blockchain [6]. PKI in enterprise blockchains. A further shortcoming of
CAs in Hyperledger Fabric is in the way it is implemented
In the case of an insider threat such as a rogue administrator, in the MSP. The MSP requires at least one root CA and can
the holder of the administrator certificate(s) is not to be trusted support as many root and intermediate CAs as desired. If
and has free rein over the blockchain. Administrative controls the root CA certificate or implementation were attacked, all
such as adding or revoking access, adding identities to the certificates leading back to the root certificate are
Certificate Revocation List (CRL), MSP validation of CAs, and compromised. Successful attacks on the MSP, which
manipulating the access a given identity has to the blockchain controls the membership of the blockchain runs on, would
network are all managed solely by the administrator. Digital be detrimental to the security of the entire enterprise,
certificates and identities are crucial to the operation of the resulting in falsified identities and more.

The  JBBA    |    Volume  3  |    Issue  1    |    2020                                                                  Published  O pen  Access  under  the  CC-­‐‑BY  4.0  Licence   4  
 
  

 
 

Figure 2. Distributed Ledger Kill Chain.  

Anatomy of a Critical Infrastructure Attack Scenario silently. The attackers, armed with private keys, quickly gained
Using Hyperledger Fabric remote access to an SIS engineering workstation and deployed
the Triton attack framework. Immediately they started to
The following is a hypothetical critical infrastructure attack reprogram the SIS controllers as the infection entered the SIS
scenario on an energy plant X using enterprise blockchains such workstation and system via remote access. Also, the malware
as Hyperledger Fabric and the newly discovered Russian-linked compromised the target system’s logic controllers, exploiting
malware, which infects safety instrumented systems (SIS), called “zero-day” vulnerabilities and software weaknesses that have
Triton. The SIS are automated safety defense systems for not been identified by security experts.
industrial facilities, responsible for stopping plant operations in
the event of an emergency and are designed to prevent The attackers reprogrammed the SIS to allow an unsafe
equipment failure and catastrophic incidents such as explosions condition while using the distributed control system (DCS),
or fire. FireEye has linked Triton to the Russian state-sponsored which allows attackers the ability to monitor and control an
hackers.11 industrial process remotely and to cause fires and explosions.
The result is that the attackers manipulated the process into an
Quantum Computing Attack Scenario unsafe state from the DCS while preventing the SIS from
The hackers are equipped with QCs capable of cracking functioning appropriately and giving false feedback to panel
today’s standard PKI cryptography started by researching and safety controls until it is too late to react. The attackers were
gathering information about energy plant X. They looked for able to exploit the weaknesses, vulnerabilities, and risks
network ranges, IP addresses, and domain names. contained in the current enterprise architecture PKI
Furthermore, the hackers also searched for email addresses of technology and caused explosions and fires that destroyed the
key players in the organization, such as CFOs, IT plant and caused the release of lethal gas and radioactive
professionals, and CTOs. After getting access to the network, clouds causing massive injuries and loss of human life.
the hackers proceeded to infiltrate the organization’s network. During the incident, none of the SIS controllers entered a
Once the private keys were derived or obtained, the hackers visible failed safe state, which provided false safety readings
accessed the entire network and went through the system and allowed the industrial process to continue under unsafe
and dangerous conditions. The false readings prevented any
                                                                                                                investigation that would have alerted authorities and initiated
11 TRITON Attribution: Russian Government-Owned Lab Most
Likely Built Custom Intrusion Tools for TRITON Attackers:
an investigation. The attackers employed multiple techniques
https://www.fireeye.com/blog/threat-research/2018/10/triton- to conceal their activities and to deter digital forensic
attribution-russian-government-owned-lab-most-likely-built- investigation of their tools and activities. They renamed the
tools.html most typical and useful files to make them look legitimate like

The  JBBA    |    Volume  3  |    Issue  1    |    2020                                                                  Published  O pen  Access  under  the  CC-­‐‑BY  4.0  Licence   5  
 
  

 
 

Microsoft update files or a legitimate Schneider Electric those risks. Mitigating considerations include the number and
application; they also used hacker tools to mimic legitimate types of participants in the system; unauthorized persons to
administrator activities.12 The attackers were able to derive the access the network; the design and sturdiness of the consensus
private keys of critical personnel, including safety monitors, validation rules and processes; the strength of the encryption
and took total control of energy plant X. They gained protocols and the sensitivity of the data or transactions
complete control of SIS and caused dangerous processes to go recorded in the ledger; and the ability to correct fraudulent,
unnoticed by sending false data to the safety control panels. malicious, or erroneous files or data. At a high level, Figure 3
The panels showed normal readings when the actual condition represents cybersecurity principles and controls of best
was increasingly hazardous. This control of the SIS and the practices that can be implemented on compromised CA, MSP,
extreme safety condition continued until it was too late, and it public keys, or private keys. These principles and controls
caused many explosions and the destruction of the plant and include access controls, threat modeling, systems, and
release of lethal and toxic clouds. procedures to detect actual and attempted attacks or intrusions
and risk management practices. The most important
Urgent Need for Risk Management Framework for contribution this modified framework offers is the ability to
Distributed Ledger Systems adapt, survive, and continue operations with minimum
There is a pressing need to strengthen further the DL disruption and loss. This framework can be used in building,
information systems, component products, and adopted deploying, and operating DL systems and outlines logical step-
services in critical infrastructures and enterprise sectors. It is by-step procedures needed for cyber resiliency.
essential that those systems, products, and services are Resources Needed for Incident Response
sufficiently trustworthy throughout the system development
life cycle and can provide the necessary resilience to support Cyber resilient DL systems must have a business continuity
the economic and security interests of the enterprise. Cyber planning (BCP) that delineates the organization’s use of
resiliency can be for system elements, systems, missions or strategies, procedures, technical measures, and plans necessary
business functions, and the system-of-systems which support for the recovery of lost data, operations, and systems in the
those functions, organizations, sectors, or transnational event of a business disruption. The BCP includes a
missions/business functions. Nation-states and other well- management plan, data backup plan, disaster recovery plan,
resourced adversaries have intensified their efforts to infiltrate and an emergency mode operation plan. The plans must
and gain control of enterprise networks and critical consist of roles, responsibilities, and communication strategies
infrastructures, such as financial services and energy and if in the event of a compromise or disaster, including notification
successful, these could impact the continuity of government, of relevant external partners. Data backup plan is required to
public safety, economic stability, and national security. Global establish necessary procedures to ensure the maintenance and
enterprises are on the front lines of a cyberwar; they are ill- retrieval of exact copies of stored regulated data. The disaster
equipped to fully understand, thwart, or counter against recovery plan creates procedures and processes that will assist
nation-states’ intent upon disrupting and destroying critical the restoration of any lost data in case of disaster, system
infrastructure. Cyber resilient DL systems require developing failure, or cyberattacks. This plan is crucial, especially in the
an integrated approach to building trustworthy systems. The case of a cyberattack that may disrupt access to such data for
author has modified SP 800-37 Rev. 2 guidelines and an extended period. This will also require creating an inventory
recommended steps to help build a more defensible of all the sensitive data and systems that will be necessary for
information technology infrastructure, including the the restoration of an enterprise’s activities. The emergency
component products, systems, and services [7]. Systems mode operation plan is used to ensure the continuity of an
security engineers must apply the necessary security measures enterprise’s operations while protecting critical assets and
that assure the system can withstand cyber faults, failures, and regulated data. This operation plan assists an organization in
attacks. resuming its normal operations in the event of a disaster,
emergency, system failure, or cyberattack. The plans should be
Mitigating Cyberattacks on Permissioned DLTs tested and revised as necessary to ensure that the procedures
While no known technology, method, or procedure can put in place are effective. The main goal should be periodic
categorically prevent cyberattacks, some steps and procedures testing of written contingency plans to identify weaknesses and
can be put in place to mitigate attacks. The architecture, making necessary revisions on the documentation. Figure 3
deployment, and operation impact the network’s cybersecurity outlines the primary phase in the Distributed Ledger Risk
risks and determine the controls that are best able to reduce Management Framework.
                                                                                                                The Distributed Ledger Risk Management Framework starts
12SAS 2019: Triton ICS Malware Hits A Second Victim: with Step 1, analyzing the organizational architecture
https://threatpost.com/triton-ics-malware-second- documents and reference materials external to the enterprise.
victim/143658/ This step is in the context of determining the criticality of the

The  JBBA    |    Volume  3  |    Issue  1    |    2020                                                                  Published  O pen  Access  under  the  CC-­‐‑BY  4.0  Licence   6  
 
  

 
 

Figure 3. Distributed Ledger Risk Management Framework.  

information and system according to potential worst-case, Cyber Resilient Distributed Ledger Systems and NIST
adverse impact on the organization, mission/business functions, Post-quantum Project
and the system. These documents include policy and
procedures, data regulating requirements, and laws for protected Google’s surprise announcement of quantum supremacy is a
data such as the General Data Protection Regulation warning to all that quantum computing advances are not
(GDPR) Health Insurance Portability and Accountability Act predictable. Cyber resiliency requires the ability to react
(HIPAA), Financial Industry Regulatory Authority (FINRA). quickly to cryptographic threats by implementing alternative
In this phase, the business processes, objectives, and goals must methods of encryption. Specifically, it requires the ability to
align with the overall platform design and performance. respond to incidents, has an inventory of all certification and
Selecting security controls in Step 2 is based upon the output of cryptographic keys from all issuing authorities, and is capable
Step 1, which builds the baseline using categorization. Step 2 of quickly migrating the PKI to new post-quantum resistant
specifies a minimum baseline of security controls for PKI algorithms. National Institute of Standards and
countermeasures prescribed for the system designed to ensure
the integrity, confidentiality, and availability of its information
Technology (NIST) is in the process of choosing one or
and to meet a set of defined requirements. Step 3 implements more public-key cryptographic algorithms through a public
security controls within the enterprise architecture and systems competition-like process. The latest public-key cryptography
using solid system security engineering practices. Step 4 standards will specify one or more additional digital signature
determines security effectiveness—assessing whether the and public-key encryption algorithms. These algorithms will
controls are implemented correctly, operating as intended, and likely be capable of protecting sensitive information well into
meeting the security requirements for the system and the foreseeable future, including after the advent of QCs.
environment of operation. Step 5 involves a documented NIST has down-selected a group of potential cryptographic
independent assessment of security controls, and this algorithms—down to a bracket of 26. These algorithms are
information is promulgated to all stakeholders to ensure the ones that NIST mathematicians and computer scientists
everyone understands the configuration changes and its consider to be the strongest candidates. The 9 second round
potential impact on operations and business. The authorizing candidates for digital signatures are CRYSTALS-
official (AO) examines the output of the security controls
DILITHIUM, FALCON, GeMSS, LUOV, MQDSS, Picnic,
evaluation to determine whether or not the risk is acceptable.
Step 6 monitors security controls for effectiveness and includes qTESLA, Rainbow, and SPHINCS+13. While NIST does not
a communication or feedback loop that goes back to Step 1. expect to formalize new post-quantum cryptography (PQC)
Continually monitoring the controls applied for the system and                                                                                                                
its ecosystem of operation for changes, indications of attack, 13 PQC Standardization Process: Second Round Candidate
and so on may affect regulation and reassess control Announcement: https://csrc.nist.gov/news/2019/pqc-
effectiveness. standardization-process-2nd-round-candidates

The  JBBA    |    Volume  3  |    Issue  1    |    2020                                                                  Published  O pen  Access  under  the  CC-­‐‑BY  4.0  Licence   7  
 
  

 
 

standards until the 2022–2024 time frame, 14 the enterprises The author examined single points of failure in Hyperledger
cannot afford to wait. The time is now to begin independent Fabric’s MSP, or PKI, which prove to be a centralizing
testing and evaluation of the most promising NIST candidate aspect of a decentralized system and a significant weakness
algorithms toward migration and replacement. The path to a of the permissioned blockchain network. Further research
successful migration is lengthy and complicated. is required on policy, process, and people. Global
enterprises are increasingly adopting DLT and are hosting
Recommendations critical assets and infrastructure in a hostile, organized,
It is of note that this research does not specify any of the sophisticated, and well-resourced cyber threat environment.
NIST second-round candidate algorithms will be a As an example, EWF is a global organization that uses
straightforward “drop-in replacement”; it may need additional open-source blockchain technology in the energy sector
NIST rounds and years of follow-on research, analysis, and without clear or public plans and strategies to migrate safely
testing for a suitable “drop-in replacement” to be identified or and timely to PQC. There is a pressing need to further
developed. Therefore, the author believes that now is the time strengthen the critical infrastructures and enterprise sectors
to test possible near-term “Hybrid Quantum Resistant and adopted DL information systems, component products,
Classical Public Key Infrastructure,” a solution with an aim of and services. It is essential that those systems, products,
seeking reductions in public-key size as one of the most and services are sufficiently trustworthy throughout the
significant parameters. It is the public key that is exposed and system development life cycle and can provide the
used the most in today’s PKI systems, and it is possible to necessary resilience to support the economic and security
modify the X.509 certificate standard to accommodate new interests of the enterprise.
PQC algorithms, which would only provide the public key that ______________________________________________
would be much more resistant to implementation and Competing Interests:
quantum computing attacks. None declared.

Additional research is needed on approaches to introducing Ethical approval:

new PQC algorithms (e.g., hybrids) within live systems that Not applicable.
must remain interoperable with other systems during the
period of industry migration. This includes such areas as Author’s contribution:
penetration testing, formal testing, formal modeling, Robert E. Campbell, Sr. designed and coordinated this research and prepared the
manuscript in entirety.
automated tools, and approaching transition in complex
infrastructures. There is a critical need for research to
Funding:
understand and quantify the implications of replacing today’s None declared.
public cryptography algorithms.
Conclusion Acknowledgements:
Robert E. Campbell, Sr. would like to thank Dr. Ian McAndrew,
Dean of Doctoral Programs.
Google’s surprise announcement of quantum supremacy is
____________________________________________
a notice to all that quantum computing advances cannot be
perfectly projected. Quantum computing attacks can lead to
disruption of service, damage of reputation and trust, injury References  
to human life, and the loss of intellectual property, assets,
[1] R. Campbell, "Evaluation of Post-Quantum Distributed Ledger
regulated data, and global economic security. PQC-safe
Cryptography," 2019. [Online]. Available:
algorithms generally have higher computation, memory, https://jbba.scholasticahq.com/article/7679-evaluation-of-post-
storage, and communication requirements; research and quantum-distributed-ledger-cryptography. [Accessed 21 9 2019].
prototyping are needed to understand performance,
security, and implementation. In this paper, the author [2] R. Campbell, "Transitioning to a Hyperledger Fabric Quantum-
explored the attack surfaces in open-source permissioned Resistant Classical Hybrid Public Key Infrastructure," 31 July 2019.
[Online]. Available: https://jbba.scholasticahq.com/article/9902-
blockchain project Hyperledger Fabric and its potential
transitioning-to-a-hyperledger-fabric-quantum-resistant-classical-
exploits through social engineering, malware, and hybrid-public-key-infrastructure. [Accessed 21 September 2019].
cryptographic tactics. Despite the vast opportunities DLT
offer, they suffer from challenges and limitations such as [3] H. Chen, M. Pendleton, L. Njilla and S. Xu, "A Survey on Ethereum
security and privacy, compliance and governance issues. Systems Security" 13 August 2019. [Online]. Available:
https://arxiv.org/pdf/1908.04507. [Accessed 7 1 2020].
                                                                                                               
14Post-Quantum Cryptography: Workshops and Timeline: [4] A. Majot and R. V. Yampolskiy, "Global catastrophic risk and
https://csrc.nist.gov/Projects/Post-Quantum- security implications of quantum computers," Futures, vol. 72, no.,
Cryptography/Workshops-and-Timeline pp. 17–26, 2015.

The  JBBA    |    Volume  3  |    Issue  1    |    2020                                                                  Published  O pen  Access  under  the  CC-­‐‑BY  4.0  Licence   8  
 
  

 
 

[5] S. Bagheri and G. Ridley, "Organisational cyber resilience: research

opportunities," 2017. [Online]. Available:
https://eprints.utas.edu.au/25820. [Accessed 7 9 2019].

[6] A. Davenport, X. Liang, and S. Shetty, "Attack Surface Analysis of

Permissioned Blockchain Platforms," September 2018. [Online].
Available: https://par.nsf.gov/servlets/purl/10083311. [Accessed 8
1 2020].

[7] J. T. Force, "Risk Management Framework for Information Systems

and Organizations: A System Life Cycle Approach for Security and
Privacy," December 2018. [Online]. Available:
https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final.
[Accessed 8 1 2020].

[8] V. Lyubashevsky, T. Giineysu, T. Poppelmann, and D. Stehlé, "Post-

Quantum Cryptography - Round 2 Submissions," 30 March 2019.
[Online]. Available: https://csrc.nist.gov/projects/post-quantum-
cryptography/round-2-submissions. [Accessed 14 January 2020].

The  JBBA    |    Volume  3  |    Issue  1    |    2020                                                                  Published  O pen  Access  under  the  CC-­‐‑BY  4.0  Licence   9