100% found this document useful (2 votes)

512 views184 pages

BlockChain Security PPT - Opt

The document provides information on the Certified Blockchain Security Professional certification. The certification aims to evaluate professionals' understanding of blockchain security features and risks, knowledge of best security practices, ability to explore attacks, and ability to mitigate risks. It is intended for blockchain architects, managers, consultants, analysts and administrators. The certification involves online training modules and a multiple choice exam, and provides a certificate upon passing.

Uploaded by

dejan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (2 votes)

512 views184 pages

BlockChain Security PPT - Opt

Uploaded by

dejan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 184

Introduction to Certified Blockchain

Security Professional™
Certified Blockchain Security Professional™
Certified Blockchain Security Professional™ (CBSP) is a Certification that aims to cover all known aspects of Blockchain
security existing in the Blockchain environment today. CBSP Certification is designed to evaluate the following skills of the
professionals interested in the Certification:

● Complete understanding of Blockchain’s inherent security features and associated risk

● In-depth knowledge of best security practices for Blockchain infrastructure
● Exploration of known Blockchain cyber-attacks
● Ability to differentiate between Blockchain cyber-attacks and threats
● Ability to transfer or mitigate Blockchain security risk

Copyright © Blockchain Council www.blockchain-council.org 2

The Purpose
Establish and govern minimum standards for credentialing security measures for Blockchain ecosystem.

Inform the public that credetailled individuals meet or exceeds the minimum standards.

Reinforce security for Blockchain expertise as a unique and self-regulating performance.

Copyright © Blockchain Council www.blockchain-council.org 3

For whom
● Blockchain Architect
● Blockchain Project Manager
● Blockchain Consultant
● Security Analyst
● Network Administrator

Copyright © Blockchain Council www.blockchain-council.org 4

Benefits of having this certification
● Prove your Blockchain security skills & understanding
● Gain an in-depth understanding of Blockchain security & Attacks
● Implement your skills in any Blockchain applications
● Build your own Blockchain enterprise with acquired knowledge

Copyright © Blockchain Council www.blockchain-council.org 5

Prerequisites
● Basic knowledge of Networking & Security.
● Basic knowledge of Blockchain.
● Awareness of Cryptocurrencies like Bitcoin, Ethereum etc.
● Motivation to acquire a profound understanding of Security for Blockchain..

Copyright © Blockchain Council www.blockchain-council.org 6

Duration of this certification
● 5-6 hours for the entire training session.
● 1 hour for assessment (Final) exam.
● Training will be online.
● Training can be consumed as per candidate’s availability & online speed.

Copyright © Blockchain Council www.blockchain-council.org 7

Final Exam
● There will be an online exam with multiple choice questions adding upto 100 marks followed by a training.
● You need to acquire 60+ marks to clear the exam.
● In case you fail the exam, you can retake the exam after 1 day.
● You can attempt the exam for a maximum of 3 times.
● If you fail to acquire 60+ marks even after 3 attempts, you will need to contact the Blockchain Council team to have
manual assistance for clearing the exam.

Copyright © Blockchain Council www.blockchain-council.org 8

Certificate

Copyright © Blockchain Council www.blockchain-council.org 9

Course Content
● Module 1: Introduction to Certified Blockchain Security ProfessionalTM
● Module 2: Blockchain basics
○ Introduction to Blockchain
○ Public and Private Blockchain
○ Blockchain Forks
● Module 3: Blockchain Consensus Mechanism
○ Fundamentals of Consensus Algorithm
○ Blockchain Consensus Security
○ Other Blockchain Consensus
● Module 4: Cybersecurity Threats and Incidents on Blockchain Network
○ Cybersecurity Threats and Incidents on Blockchain Network
● Module 5: Different Security Mechanisms
○ Basic Security Mechanism
○ Advanced Cryptographic Encryption
○ Other Security Mechanisms

Copyright © Blockchain Council www.blockchain-council.org 10

Course Content
● Module 6: Blockchain Risk Assessments
○ Blockchain Risk Considerations
○ Regulatory Requirements
○ Blockchain Architectural Design
● Module 7: Two-Factor Authentication with Blockchain
○ What is 2FA?
○ Blockchain for 2FA
● Module 8: Vulnerabilities & Attacks
○ Client's Vulnerabilities & Attacks
○ Consensus Mechanisms Vulnerabilities & Attacks
○ Mining Pool Vulnerabilities & Attacks
○ Network Vulnerabilities & Attacks
○ Smart Contract Vulnerabilities & Attacks
● Module 9: Alternative DLT Architecture
○ Alternative DLT Architecture

Copyright © Blockchain Council www.blockchain-council.org 11

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 12

Introduction to the Blockchain
What is Blockchain?
Blockchain is a transaction record database that is distributed, validated and maintained around the world by a network of
computers. Instead of a single central authority such as a bank, a large community oversees the record, and no individual
person has control over them.

Blockchain is based on decentralized technologies..

Together these technologies function as a Peer-to-Peer
(P2P) network.

Some real-life examples:

● Records of sale & purchase of raw material Book Blockchain
● Bank account statements
● An excel sheet tracking hospital equipment Pages Blocks
● Simply a record-keeping book
Entries in page Blockchain Transactions

Copyright © Blockchain Council www.blockchain-council.org 2

Centralized Vs. Decentralized Network

CENTRALIZED DECENTRALIZED

Copyright © Blockchain Council www.blockchain-council.org 3

Blockchain Vs. Cryptocurrency
A blockchain is a decentralized ledger of all transactions across a peer-to-peer network, whereas cryptocurrency is a
medium of exchange, created and stored electronically on the blockchain.

Basis of comparison Blockchain Cryptocurrency

Nature A technology that records transactions The tools used in virtual exchanges

Use Record transactions Make payments, investments, storage of

wealth

Value Have no monetary value Have monetary value

Mobility Can’t be transferred Can be transferred

Copyright © Blockchain Council www.blockchain-council.org 4

Benefits of Blockchain Technology
Blockchain technology is not limited solely to the trading of cryptocurrencies. There are various advantages this technology
offers in its open and autonomous existence. The advantages that can benefit various industries are:

● Decentralization
● Peer-to-peer (P2P) network
● Security/Immutability
● Open Source
● Trust
● Ease-of-use
● Transparency
● Improved traceability
● Permanent ledger
● Cost reduction

Copyright © Blockchain Council www.blockchain-council.org 5

Blocks, Nodes & Network
● Block: Blocks are files that permanently record data, existing on the blockchain network. A block records any or all
the latest transactions which have not entered any of the previous blocks. A block, then, is just like a ledger page or
a record book. A block is also a permanent record store, and cannot be changed or deleted once it has been
published.

● Node: Any device connected to the network of blockchains is considered as a node. Nodes which completely
implement all blockchain rules (i.e., bitcoin) are called full nodes. Many nodes on the network are lightweight nodes,
rather than full nodes, but full nodes form the network backbone.

● Network: The "peers" are computer systems that are connected to one another over the Internet and form a P2P
network. Files can be shared directly between networked computers, without a central server being required. To put
it another way, each device on a P2P network is both a file server and a client.

Copyright © Blockchain Council www.blockchain-council.org 6

Blockchain Transactions

Copyright © Blockchain Council www.blockchain-council.org 7

Cryptographic Hash Functions
Throughout computer science, the term hash function has been used for quite some time now, and it refers to a function
that compresses a string of random data to a string of fixed length.

Cryptographic hash functions are one of the most important techniques in the field of cryptography and are used to
accomplish many safety goals such as authentication, digital signatures, generation of pseudo numbers, digital
steganography, digital time-stamping, etc.

Properties of Hash functions:

● Collision Free: No two input hashes should map to the same output hash.
● One Way: Given a hash output, it should be impossible to reconstruct the input.

Example: Bitcoin uses the SHA-256 hash function for verifying transaction integrity.

Copyright © Blockchain Council www.blockchain-council.org 8

Wallet & Keys
A cryptocurrency wallet is a software application that holds private and public keys and communicates with various
blockchains so that users can send and receive digital currencies and track their balance. You 'd need to avail a digital wallet
if you want to use Bitcoin or some other cryptocurrency.

When an individual sends you bitcoins or some other digital currency, they essentially sign off coin ownership at your
wallet’s address. The private key kept in your wallet must match the public address with which the money is allocated to, in
order to be avail certain coins and access the funds. The balance in your digital wallet will rise if the public and private keys
match, and the balance of the sender will decrease accordingly.

Private and public keys both form the basis for a blockchain network. In cryptographic terms, any authentication
framework needs a public location key and a private access key.

Copyright © Blockchain Council www.blockchain-council.org 9

Merkle Tree
A Merkle tree is a hash-based data structure wherein each leaf node is a hash of a data block, and each non-leaf node is a
hash of its offspring. Merkle trees usually have a factor of branching 2, which means that each node has up to 2 children.

Merkle trees are used for effective data validation in distributed systems. They are fully secure because instead of using
complete files, they use hashes. Hashes are ways to encrypt files that are slightly smaller in size than the real file.

Copyright © Blockchain Council www.blockchain-council.org 10

Consensus Mechanisms

Copyright © Blockchain Council www.blockchain-council.org 11

Working Principle of Mining
Mining is the process of recording the pending transaction by adding a new Block into the Blockchain through a
mathematical puzzle.

Miners get rewarded by receiving the new coins of that Blockchain.

The mining process is divided into two types:

● Pool mining:
● There are just not enough resources for one single miner to mine the block.
● A group of miners merge their resources to mine the Blockchain more quickly.
● Solo mining:
● Each miner must set up the equipment and register themselves for the mining.
● All other miners are notified by the first miner that the block is mined.

Copyright © Blockchain Council www.blockchain-council.org 12

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 13

Public & Private Blockchain
Public Blockchain
Anyone can read and write without explicit authorization and permission.

More complex rules and consensus algorithms for better security.

Computationally expensive to mine & add a block.

Computational power is distributed globally.

Example: Bitcoin, Ethereum, etc.

Copyright © Blockchain Council www.blockchain-council.org 2

Private Blockchain
Only authorized nodes can read and write the transaction data into Blockchain.

One authorized node can be the arbitrator for any dispute.

Security is easier to ensure as the network consists of trusted nodes.

Easy or computationally less expensive to add a Block.

Example: Hyperledger, R3 corda, etc.

Copyright © Blockchain Council www.blockchain-council.org 3

Performance Vs Privacy Vs Security
Public Private

Access Anyone Single Organization

Participants Permissionless & Anonymous Known Identities

Security Consensus Mechanism Pre-approved Participants

Proof-of-Work (PoW)
Consensus Proof-of-Stake (PoS)
Voting Consensus

Transaction Speed Slow Lighter and faster

Copyright © Blockchain Council www.blockchain-council.org 4

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 5

Blockchain Forks
What is a Fork?
A fork is a modification to the protocol on the blockchain. This is basically a separation from the previous blockchain.

Many a times, nodes in the network cannot come to full agreement on the blockchain's potential existence. This case
leads to the forks, which means it leads to a point where the appropriate blockchain is split into two or three separate
chains.

Reasons that leads to blockchain fork:

● Adding new features
● Fixing security issues
● Transactions reversing

There are two types of forks:

● Hard forks
● Soft forks

Copyright © Blockchain Council www.blockchain-council.org 2

Hard Fork
When there is a modification in the software running on the full nodes to behave as a member in the network, the
modification is so that the new blocks mined under new rules (in the Blockchain protocol) are not deemed legitimate by
the old software version. When hard forks happen, new currency (with existing original currency) falls into existence as in
the case of Ethereum (original: Ethereum, new: Ethereum Classic) and Bitcoin (original: Bitcoin, new: Bitcoin cash).
Example:
The latest Casper upgrade in the Ethereum Blockchain where the consensus protocol would change from a Proof-of-Work
(PoW) model to a Proof-of-Stake (PoS) model. The nodes that mount the upgrade in Casper must use the latest consensus
protocol. Full nodes not opting to install Casper upgrade would become incompatible with the nodes that do.

Copyright © Blockchain Council www.blockchain-council.org 3

Soft Fork
If there is a modification in the software running on the nodes (better called 'full nodes') to function as a participant of the
network, the shift is so that the new blocks mined under new rules (in the Blockchain protocol) are also considered
legitimate by the old software update. This function is also called reverse-compatibility.

Example:
The SegWit upgrade to the Bitcoin network added a new kind of addresses (Bech32). This did not invalidate the existing
P2SH addresses. However, a full node with an address of type P2SH may do a legitimate transaction with an address of type
Bech32.

Copyright © Blockchain Council www.blockchain-council.org 4

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 5

Fundamentals of Consensus
Algorithm
What is a Consensus Algorithm?
Consensus mechanisms make sure all nodes are synchronized with each other and agree together for which of the
transactions are legitimate and are added to the Blockchain.

Consensus algorithm may be defined as the mechanism through which a Blockchain network reaches consensus.

A decentralized system without a common consensus will fall into pieces in a second.

Consensus assure that the protocol rules are being followed and guarantee that all transactions occur in a trustless way.

Consensus mechanism provides a continuous check on the integrity of both:

● New data blocks.

● Past ledger transactions.

Copyright © Blockchain Council www.blockchain-council.org 2

Why do we need Consensus Algorithm?
Some rules are defined for every Blockchain application for generating new blocks:

● These rules are the set up protocols for validating the legitimacy of new blocks of data before they get added to the
chain.

● The rules apply to all the Blockchain participating nodes, collectively known as the Blockchain’s “network.”

● These rules provide consensus mechanism, which are processes for validating the new blocks of data. The
agreement based on governance structure is written in computer code using algorithms and is implemented on a
particular Blockchain application.

Copyright © Blockchain Council www.blockchain-council.org 3

Consensus mechanism in Public Blockchain
Most of the public Blockchains use consensus protocols, such as:

Proof-of-Work(PoW), which uses a scheme of rewards to encourage users to participate in mining by solving computer-
intensive puzzles.
For example: In cryptocurrency, miners invest in massive data centers and computational infrastructure in order to:
● solve these puzzles;
● gain or “mine” rights; and
● earn rewards for their efforts, such as fees.

Proof-of-Stake(PoS), which defines privileges according to the actual known investment of users in the Blockchain program
for the generation of new blocks.

Copyright © Blockchain Council www.blockchain-council.org 4

Consensus mechanism in Private Blockchain
Generally, private Blockchains use less complex or computer-intensive consensus protocols, such as:

● Proof-of-Authority(PoA), which verifies the identity of a node.

● Simple delegation of authority to those trusted nodes to accept new blocks.
● Permitting participating nodes, subject to authentication, to publish new blocks at will or on a rotating basis.

If the users on the Blockchain network differ from the behavior of a publishing user who must stick to the accepted
procedure on the network, the user loses credibility and minimizes the user's reputation, and reduce the probability of
publishing a block.

In this mechanism, the confirmation time is fast, and the block creation rates are dynamic.

Copyright © Blockchain Council www.blockchain-council.org 5

Different Consensus Mechanisms

Copyright © Blockchain Council www.blockchain-council.org 6

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 7

Blockchain Consensus Security
Proof-of-Work (PoW)
In Proof-of-Work, miners compete to solve a difficult mathematical
problem based on a cryptographic hash algorithm.

The miner did spend a lot of time and resources to solve those
problem.

When a block is “solved”, the transactions contained in that block are

considered confirmed.

Miners receive some rewards when they solve the complex

mathematical problem.

Copyright © Blockchain Council www.blockchain-council.org 2

Solving BGP with PoW
Proof-of-Work(PoW), a consensus algorithm, has the potential to address the Byzantine Generals Problem. It makes it
possible for the distributed and uncoordinated Generals to reach an agreement:

● The first plan received will be accepted by all the Generals.

● A General solves the problem of PoW, generating a block that is transmitted to the network such that it is
distributed to all the Generals.

● Each General verifies and works on solving the next PoW problem after receipt of this block, integrating the previous
solution into it.

● A block is created each time a General solves a PoW problem and the chain begins to expand.

● Since the Generals know essentially how long it takes to resolve a PoW solution, they would know after a certain
amount of time whether enough of the other Generals are still working on the same chain.

Copyright © Blockchain Council www.blockchain-council.org 3

Security of PoW
The security of PoW relies on the principle that no entity should obtain more than 50 percent of the total hashing or
computing power because by maintaining the longest chain, such an entity can effectively control the system.

For example, if a single user or a group of users have more than 50% of the total hashing power in the Blockchain networks,
then the user or the group of users can exploit the 51% vulnerability. Gathering the mining power under a few mining pools
might lead to this issue. During a 51% attack, the attacker can:

● Inject false transactions

● Exploit the Blockchain network
● Eliminate all other users from the network
● Perform Double-spending
● Steal assets of other users

Recently, GHash.io alone dominated 54% of the whole BTC network processing power for a day.

Copyright © Blockchain Council www.blockchain-council.org 4

Attacking PoW
There are numbers of attacks possible on the consensus mechanism. Two of the documented attacks on current PoW-
based Blockchains are briefly outlined.

● Double-spending attacks: Attackers use the same coins in this form of attack to issue two or more transactions,
thereby efficiently spending multiple coins than they own. The latest analysis has demonstrated that it is risky to
allow transactions without needing approval from the Blockchain. The more approvals a transaction gets, the less
likely this transaction will be reversed in the future.

● Selfish mining: Miners raise their proportional mining share in the Blockchain in this attack through selectively
withholding mined blocks and then publishing them progressively. Recent studies indicate that a greedy miner
originally equipped with 33 percent mining power will effectively earn 50 percent of the mining power as a result of
these attacks.

When all nodes in the blockchain system are tightly synchronized, double-spending attacks and selfish mining can be
mitigated.

Copyright © Blockchain Council www.blockchain-council.org 5

Proof-of-Stake (PoS)
Proof-of-Stake is a different way to validate transactions
and achieve distributed consensus.

Unlike the Proof-of-Work, Proof-of-Stake chooses the creator

of a new block in a deterministic way, depending on its wealth,
also defined as stake.

No block reward.

Also, all the digital currencies are previously created in the

beginning, and their number never changes that is PoS system.

Miners take the transaction fees, that is why PoS system miners
are instead called forgers.

Copyright © Blockchain Council www.blockchain-council.org 6

Solving BGP with PoS
Another Blockchain consensus protocol that seeks to address the problem of the Byzantine Generals is Proof-of-Stake
(PoS).

PoS-based networks do not depend on cryptocurrency mining, unlike PoW-based networks. A mechanism known as staking
is used instead.

Solutions have been deployed by a few PoS-based networks that avoid double spending attacks and other potential
security vulnerabilities that could arise as a result of Byzantine failures.

For example, Ethereum 2.0 (Serenity) would have a PoS algorithm named Casper, which allows nodes to achieve consensus
with a two-thirds majority before blocks can be formed.

Copyright © Blockchain Council www.blockchain-council.org 7

Security of PoS
The security of PoS relies on the principle that no entity should obtain more than 50 percent of the total digital assets of
that particular Blockchain. Such an entity can effectively control the system. PoS is said to be safer option than PoW for the
51% vulnerability.

Security Features in Proof-of-Stake:

● Penalties for attackers: For Blockchain attackers, some protocols using Proof-of-Stake include penalties. According
to this protocol, if the network is targeted, a malicious validator will lose all his confidence. Another punishment is in
the form of depletion of the valuation of the involving cryptocurrency, which in essence means loss of the attacker's
net worth.
● Barriers to 51 percent stake: Another safety feature is that buying a 51 percent stake in one go is very hard for a
single entity. Coin demand is bound to drive the price up , making it a very expensive choice.

Copyright © Blockchain Council www.blockchain-council.org 8

Attacking PoS
Both PoW and PoS are vulnerable to similar kind of attacks. PoS also has the 51% vulnerability which is built in the
mechanism. It is also prone to the famous Double-spending attacks.

However, selfish mining is not possible in PoS-based Blockchain because there is no reward for the miners in this
Blockchain.
Also, the new PoS Casper protocol impose penalties on malicious actors.

Copyright © Blockchain Council www.blockchain-council.org 9

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 10

Other Blockchain Consensus
Delegated Proof-of-Stake (DPoS)
People in a particular cryptocurrency community vote for witnesses to secure their computer network.

People’s vote strength is determined by how many tokens they hold.

People who have more tokens will influence the network more than people who have very few tokens.

If a witness starts acting strange or stops doing a quality job securing the network, people in the community can remove
their votes, essentially firing the bad actor.

Delegates are elected in a manner similar to witnesses. They administer the Blockchain network. In transaction processing,
they do not play a role but can recommend a change in the size of a block or the rewards to be paid by a witness in
exchange for the validation of a block. When such amendments are suggested by delegates, Blockchain consumers vote on
whether to implement them.

Copyright © Blockchain Council www.blockchain-council.org 2

Proof-of-Authority (PoA)
Proof-of-Authority (PoA) is a consensus algorithm that offers high tolerance for performance and faults. In PoA, nodes that
have proved their authority to do so are given rights to create new blocks. A node must pass a provisional authentication in
order to obtain this authority and the ability to create new blocks.

There are several advantages of using PoA consensus mechanism:

● No requirement of high-performance hardware

● Predictable block time
● High transactions rate
● Tolerance to compromised and malicious nodes

There is no mining mechanism involved here, unlike PoW or PoS. There are different kinds of protocols for PoA based on
how they really operate. Hyperledger and Ripple are PoA-based. PBFT is based on Hyperledger, while ripple uses an
iterative method.

Copyright © Blockchain Council www.blockchain-council.org 3

Proof-of-Burn (PoB)
In Proof-of-Burn consensus mechanism, users transfer cryptocurrency coins to an address from where no one can retrieve,
thus reducing the availability of circulating coins. Proof-of-Work protocols is expected to fix issues surrounding energy
consumption.

Burned coins are coins that have been sent to an “unspendable” address (also called as eater address), an address that has
no private keys. The number of coins in the address can be viewed by anyone, but they are not accessible.

The cryptocurrency counterparty was launched with Proof-of-Burn in which bitcoins were burned by users to produce a
proportional sum of native currency of the counterparty named XCP.

PoB was also used by the online peer-to-peer marketplace OpenBazaar to enable members to execute Credibility Pledges.
As they have invested resources on it, these pledges reflect a contribution to an identity on the web.

Copyright © Blockchain Council www.blockchain-council.org 4

Proof-of-Elapsed Time (PoET)
Proof of Elapsed Time (PoET) is designed to improve proof-of-work consensus and provide an alternative for permissioned
Blockchain networks.

It removes the need for the mining-intensive process and replaces with a randomized timer system for network
participants.

PoET consensus can be broken down into two phases:

● Joining the network and verification
● Elapsed time, randomized lottery selection process

PoET is a major increase in the performance of proof-of-work protocol. It's also an outstanding consensus mechanisms for
approved networks.

For distributed ledger systems, PoET represents another crack in providing Byzantine Fault Tolerance consensus
mechanisms. It is highly efficient and works with SGX itself, which is another novel technology.

Copyright © Blockchain Council www.blockchain-council.org 5

Byzantine Fault Tolerance (BFT)
In cryptocurrency, the principle of Byzantine Fault Tolerance(BFT) is the function of finding an agreement or consensus on
individual blocks based on the Proof-of-Work, even though certain nodes refuse to respond or send out malicious values to
misguide the network.

The definition of Byzantine Fault Tolerance originated from the Byzantine General Problem that Leslie Lamport, Robert
Shostak and Marshall Please explained in a Microsoft Research paper in 1982.

There can be two categories of Byzantine Failures:

● The node truly has a technological fault and it ceases running or responding.

● Arbitrary Node Failure is the other one. In the event of an arbitrary node malfunction, the node could fail to return a
response or respond to a misleading response intentionally.

Byzantine Fault Tolerance is the way of overcoming these challenges by the cryptocurrency network.

Copyright © Blockchain Council www.blockchain-council.org 6

Practical Byzantine Fault Tolerance (PBFT)
PBFT protects against Byzantine faults and looks for optimization of aspects of Byzantine Fault Tolerance.

In PBFT, each “General” manages an internal state which is an ongoing information status.

A consensus decision is made based on the total number of decisions submitted by all the Generals.

It forces a low overhead on the performance of the replicated service.

Nodes are sequentially organized in a PBFT enabled distributed system with one node becoming the main (or the leader
node) and others being referred to as secondary (or the backup nodes).

The aim is that all truthful nodes, using the majority rule, help to find a consensus on the state of the system.

Copyright © Blockchain Council www.blockchain-council.org 7

Direct Acyclic Graphs (DAG)
The DAG-based Blockchain helps the latest contract to achieve agreement without the miner's assistance. Tangle, which
seeks to resolve the massive micro-transactions in IoT networks, is a traditional DAG-based Blockchain. In Tangle, the new
transaction has to approve the previous transactions as soon as possible. Instead of using heavy hash computation as in
PoW & PoS, DAG motivates a new transaction to validate the earlier ones.

PoW and PoS are mechanisms focused on competition, and DAG is a mechanism geared towards accumulation.

Unique Data-structure via directed acyclic graphs ensures that scalability and TPS are high.

The arrangement of data reflects the mechanism of graphs where each transaction is autonomous.

The output of the current transaction is dependent on its ability to verify two prior transactions.

NXT is the first DAG platform and it was released on November 9, 2015. The most famous networks using the DAG base are
NXT, Tangle and ByteBall.

Copyright © Blockchain Council www.blockchain-council.org 8

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 9

Cybersecurity Threats and
Incidents on Blockchain
Network
Blockchain Incidents 2011-19
Real hacker cases are analyzed and researched in this section to provide a clearer understanding of the security of
Blockchain networks.

Any of the organizations mentioned are tied to smart contracts or cryptocurrencies. These are the most popular
implementations of the last decade following the introduction of cryptocurrencies using Blockchain technologies.

Copyright © Blockchain Council www.blockchain-council.org 2

Threats against Blockchain System
This analysis indicates that the security protection of Blockchain systems is inadequate and insufficient compared to the IT
industry as a whole, in terms of cyberattacks.

Copyright © Blockchain Council www.blockchain-council.org 3

Cyberattacks in terms of security domain
Years Platform Access point dApps End user

2011 2 1 0 2

2012 3 4 0 0

2013 1 8 0 3

2014 5 5 0 3

2015 1 6 0 4

2016 2 7 0 1

2017 2 5 2 3

2018 1 5 0 2

Total 17 41 3 17

Copyright © Blockchain Council www.blockchain-council.org 4

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 5

Basic Security Mechanism
Public Key Cryptography
Public-key cryptography is also called asymmetric cryptography. It is an encryption technique which uses two distinctive
keys: a public key and a private key. Unlike symmetric key algorithms that rely on one key for both encryption and
decryption, each key performs a unique function. The public key is used for encryption and the private key is used for
decryption.

Since public keys need to be exchanged but are too large to be quickly recalled, they are kept on digital certificates for safe
transport and exchange.

For public-key cryptography, the core industry uses are:

● Digital signatures: information is digitally signed with the private key of a person and is confirmed with the public
key of the person.
● Encryption: Information is encrypted with the public key of a person and can only be decrypted using the private key
of the person.

Copyright © Blockchain Council www.blockchain-council.org 2

Public Key Cryptography
Some of the security benefits of using Digital Signatures are:

● Authentication - Since the unique private key of the individual is used to apply the signature, recipients should be
sure that the individual was the one who actually applied the signature.
● Non-repudiation - Because the person is the only person with access to the private key used to apply the signature,
he/she will not later say that the signature was not applied by him/her.
● Integrity - As the signature is checked, it checks that when the signature was applied, the contents of the text or
letter fit what was there. Even the slightest change to the original document would have the effect of failing this
check.

Some of the security benefits of Encryption are:

● Confidentiality - Since the information is encrypted with the public key of a person, it can only be decrypted with the
private key of the person, meaning that only the intended receiver can decrypt and access the contents.
● Integrity - Checking that the contents of the original encrypted message and the current decrypted match was part
of the decryption process, since even the slightest alteration to the original text will allow the decryption process to
Copyright ©fail.
Blockchain Council www.blockchain-council.org 3
Public Key Cryptography

Copyright © Blockchain Council www.blockchain-council.org 4

Elliptic Curve Cryptography
In 1985, Neal Koblitz and Victor Miller independently suggested cryptography based on elliptic curves.

ECC is a strong cryptographic approach and is an alternative technique to RSA. It generates security through the
mathematics of elliptic curves between key pairs for public key encryption.

ECC as well as RSA, is based on private-public key cryptography. However, with smaller key sizes, ECC provides the same
security as RSA offers. It is less computer-intensive because ECC has smaller key sizes, so it is suitable for mobile devices
and networks.

Copyright © Blockchain Council www.blockchain-council.org 5

Hash Function
Hashing is the process of having an input item of any length, converting it into an output item of a fixed length.

Transactions of different lengths are run through a given hashing algorithm, and all give an output of a fixed length, called
as hash.

Hash size will depend on the hash function used, but the output using a particular hashing algorithm will be of a specific
size.

The modifications that will be reflected in the hash will be enormous even if you make a small change in your input.

The hash function should be capable of quickly returning the output hash. The system just won't be effective if the
mechanism isn't quick enough.

Commonly used hashing algorithms is Bitcoin’s Secure Hashing Algorithm 256, often known as SHA-256.

Copyright © Blockchain Council www.blockchain-council.org 6

Hashing and Cybersecurity
When an organization realizes that the passwords of a system have been compromised, it usually means that the hashes
that represent the passwords have been acquired by hackers. In order to decode some of the passwords which users have
saved, hackers then run the hashes of common words and combinations of common words and numbers.

A process called 'salting' is nowadays used by the cybersecurity industry. For hashing, salting involves applying random data
to a password and then storing the salt value with the hash. This approach makes it more difficult for hackers to use pre-
computing techniques and to break hashed data passwords that they have obtained.

Copyright © Blockchain Council www.blockchain-council.org 7

Secure Hash Algorithm
Secure Hash Algorithms (SHA) are a family of cryptographic functions designed to keep data secure. It operates by using a
hash function to transform the data: an algorithm consisting of bitwise operations, modular additions, and compression
functions.

A fixed-size string that looks nothing like the original is then generated by the hash function. These algorithms are designed
to be one-way functions, ensuring that it is nearly difficult to convert them back into the original data until they are
converted into their respective hash values.

SHA-1, SHA-2, and SHA-3 are a few algorithms of this type, each of which was successively built in reaction to hacker
assaults with progressively stronger encryption. Because of the commonly revealed bugs, SHA-0, for example, is now
redundant.

Copyright © Blockchain Council www.blockchain-council.org 8

IP Security Overview
The Internet of today consists mainly of IP networks that are public, untrusted, and insecure. The Internet is vulnerable to
different forms of threats, such as DoS attacks, replay attacks, spying, and much more, because of this intrinsic lack of
protection.

IP Security or IPSec does not provide a single protocol. Instead, IPSec includes a collection of encryption algorithms plus a
general structure that allows any algorithms to be used by a pair of interacting organizations to provide encryption suitable
for communication.

Three functional areas encompass IP-level security:

● Authentication - The authentication function means that an established source has delivered the submitted packet.
It also ensures that the packet in transit has not been changed.
● Confidentiality - The confidentiality facility requires contact nodes to encrypt communications in order to stop third
party eavesdropping.
● Key protection - The protected exchanging of keys is involved.

Copyright © Blockchain Council www.blockchain-council.org 9

IP Security Scenario

Copyright © Blockchain Council www.blockchain-council.org 10

IP Security Architecture
Components of IP Security:

● Encapsulating Security Payload (ESP) -

It offers data integrity, encryption, anti-replay and
authentication. It also offers payload authentication.
● Authentication Header (AH) -
It also offers data integrity, anti-replay and
security and does not have encryption. Anti-replay
protection protects against unauthorized packet
transfer. It does not protect the information security.
● Internet Key Exchange (IKE) -
It is a protocol for network security designed to swap
encryption keys dynamically and find a way between 2
devices through the Security Association (SA).

Copyright © Blockchain Council www.blockchain-council.org 11

IP Security Architecture
The above diagram was divided into seven groups:
● Architecture: covers the general concepts, security requirements, definition, and mechanism defining IPSec
technology.

● Encapsulating Security Payload (ESP): covers packet format and general issues related to ESP.

● Authentication Header (AH): covers packet format and general issues related to AH.

● Encryption Algorithm: a document that describes how various encryption algorithms are used.

● Authentication Algorithm: documents that describe how various encryption algorithms are used for AH.

● Key management: a document that describes key management schemes.

● Domain of Interpretation (DOI): contains the value needed for the other documents to relate to each other.

Copyright © Blockchain Council www.blockchain-council.org 12

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 13

Advanced Cryptographic
Encryption
Advanced Encryption Standard (AES)
One of the most popular and commonly used symmetric block cypher algorithms worldwide is the Advanced Encryption
Standard (AES) algorithm.

The key purpose of this algorithm was to override the DES algorithm after some of its vulnerable elements emerged.

This algorithm has its own basic framework for the encryption and decryption of sensitive data and is applied worldwide in
hardware and software.

AES is able to accommodate three different key weights, such as AES 128, 192 and 256 bits, and each of these cyphers has
a block size of 128 bits.

Governments and the military use it because it's the best protocol available today for encryption.

Copyright © Blockchain Council www.blockchain-council.org 2

AES Design
AES is based on two common data encryption and decryption techniques known as SPN (Substitution and Permutation
Network). In block cypher algorithms, SPN is a set of mathematical operations that are carried out.

The AES algorithm uses three different key sizes for

encrypting and decrypting information, such as
(128, 192 or 256 bits).

The key sizes specify the number

of rounds, as 10 rounds for 128-bit keys are used by AES,
12 rounds for 192-bit keys and 14 rounds for 256-bit keys.

Copyright © Blockchain Council www.blockchain-council.org 3

How is AES Used?
AES is free to be used by anybody in whatever manner they wish. For central governments and military agencies around
the world, it is safe enough, which means it's safe enough for you to use as well. Compression is used to minimize the size
of massive files so that after receiving them, the hard disc is less affected. RAR, WinZip, and 7 Zip are both common file
compression and decompression programmes, and AES encryption is used by both of them.

Copyright © Blockchain Council www.blockchain-council.org 4

The AES Algorithm
AES is a block cypher in which all data is encrypted in "blocks." Each block consists of a predetermined number of "bits."
Each block is 128 bits long, so 128 bits of ciphertext is produced each time 128 bits of plaintext are sent to the software.

Keys are used for information encryption and decryption. Because AES is a symmetric cypher, both encrypting and
decrypting information can be used with the same key.

A 128-bit key requires 10 rounds, while 12 rounds are required for

a 192-bit key. When a 256-bit key is used, a full 14 rounds are
needed. The longer the key, the more secure the encryption is.
The trade-off is that it will take a lot more time to encrypt.

Copyright © Blockchain Council www.blockchain-council.org 5

Triple Data Encryption Standard (3DES)
To encrypt the files, the Triple Data Encryption Standard (3DES) algorithm uses the Data Encryption Standard (DES) cypher
three times.

3DES was implemented in a wide variety of applications as the shortcomings of standard DES became more apparent.
Before the advent of AES, it was one of the most widely used encryption schemes.

Microsoft Office, Firefox and EMV payment schemes are some examples of its implementations. 3DES is no longer used by
many of these systems because there are better options.

A preliminary resolution has been published by the National Institute

of Standards and Technology (NIST) specifying that all types of 3DES
will be deprecated by 2023 and disallowed from 2024 onwards.

Copyright © Blockchain Council www.blockchain-council.org 6

The Blowfish
Blowfish, designed by Bruce Schneier, is a symmetric block cypher. At the
First Fast Software Encryption workshop in Cambridge, UK in 1994,
the initial Blowfish paper was presented.

It has an 8-byte fixed data block size and its keys can range from 32 to 448 bits
(4 to 56 bytes) in length.

Blowfish is considered to be safe and it is fast. Its keys can, however, be selected
to be wide enough to survive an attack of brute force (e.g. at least 16 bytes).

Blowfish is licence-free and unpatented, and is available free for all applications.
All is welcome to get Blowfish downloaded and included in their software.

A paper on integrating Blowfish in hardware was published by David Honig.

Copyright © Blockchain Council www.blockchain-council.org 7

The Twofish encryption
Twofish is also a symmetric block cypher; encryption and
decryption use a single key.

Twofish has a 128-bit block size, and accepts a key of up to

256 bits of any length. On both 32-bit and 8-bit CPUs (smart
cards, embedded chips, and the like), and on hardware,
Twofish is fast.

And it's flexible; it can be used in network environments

where keys are constantly modified and in environments
where RAM and ROM are limited or not usable.

Twofish was a finalist to become the encryption industry

standard, but was eventually edged out by the new AES.

Copyright © Blockchain Council www.blockchain-council.org 8

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 9

Other Security Mechanisms
Digital Signature
A digital signature (DS) is the detail of an electronic record used for the authentication of the data transmission. To the
extent permitted by statute, the DS is regarded as a substitution for a handwritten signature. From the viewpoint of
applications, Digital signature:

● Allows monitoring of the value with regard to the transmitted information. The signature is invalidated if a
document is subjected to a fraudulent alteration unless it conforms exclusively to the original document status.
● Guarantees protection against falsification. In certain instances, the current signature algorithms find falsification
infeasible.
● Any signature is created using a private key that is known only to its author, who is therefore unable to repudiate
the signature attached to the paper.
● In the case of a disagreement, the latter aspect therefore causes the authorship of a text to be confirmed by
evidence.

Some Digital Signature algorithms are RSA-PSS, ECDSA, Ed25519, ElGamal signature scheme, Rabin signature algorithm,
Pairing-based schemes such as BLS.

Copyright © Blockchain Council www.blockchain-council.org 2

Digital Signature

Copyright © Blockchain Council www.blockchain-council.org 3

Multi Signatures
Multi-signature authorization (or Multisig) attempts to resolve the loopholes of current methodologies by using more than
one private key.

In this scheme, until all the necessary private keys are given, a transaction will not continue. This makes any particular key
worthless to any criminal, because to make it work, they need to take all your private keys.

By preventing a single point of device failure, the Multisig solution offers more reliability than the conventional one-
signature solution.

Losing or getting one key compromised does not cause the account to be compromised.

Multi-sig allows more adoption-friendly, secure and more stable use of cryptocurrency and blockchain.

Copyright © Blockchain Council www.blockchain-council.org 4

RSA Algorithm
The RSA algorithm is an asymmetric cryptographic method that is commonly used to protect sensitive data, allowing public-
key encryption.

Ron Rivest, Adi Shamir , and Leonard Adleman (hence, RSA) first published the algorithm in the 1970s.

How does the algorithm for RSA work?

Two separate mathematically related keys are created by RSA: one public and one private. It is possible to share the public
key with others, while the private key must be kept hidden.

In reality, here's how it works:

● A customer gives the server its public key and demands any sensitive information.
● The server encrypts the data using the public key of the customer and sends the encrypted data back.
● Using the private key, the recipient collects the data and decrypts it.

Copyright © Blockchain Council www.blockchain-council.org 5

Message Authentication Code
The sender and receiver share the same key in Message Authentication Code ( MAC) where the sender produces a fixed
size output called the Cryptographic Checksum or Message Authentication code and appends it to the original message.
The Message, Key, MAC algorithm and MAC value are some of the components present in the MAC.

There are various forms of Message Authentication Code (MAC) models, as follows:

● MAC without encryption-

Because everyone can see the message, this model can have authentication, but not secrecy.

Copyright © Blockchain Council www.blockchain-council.org 6

Message Authentication Code
● Internal Error Code-
In this MAC form, the sender encrypts the content for secrecy before transmitting it through the network. This model thus
includes both anonymity and authentication. M "= MAC(M, k)

● External Error Code-

For instance where there is a message modification, we decrypt it for waste, we opt for external error code to solve the
problem. Here we first apply MAC on the 'c' encrypted message and compare it with the MAC value obtained on the side of
the recipient and then decrypt 'c' if both are the same, otherwise we simply discard the obtained material. Thus, time is
saved. E(M, k ') = c M "= MAC(c, k)

Copyright © Blockchain Council www.blockchain-council.org 7

Digital Certificate
The digital certificate is issued by a trustworthy third party that proves the identity of the sender to the recipient and the
identity of the receiver to the sender.

A digital certificate is a certificate issued to validate the identity of the certificate issuer by a certificate authority ( CA). The
CA issues an encrypted digital certificate containing the public key of the claimant and a number of other information for
authentication. Digital certificates are used to connect a public key to a single person or organization.

The digital certificate contains:

● The certificate holder 's name
● Serial number used to mark a certificate uniquely, the person or the organization recognized by the certificate
● Dates for expiration
● Public key copy of the certificate holder (Used to decode messages and digital signatures)
● Digital Signature of the issuing certificate authority

The digital signature and the message are both sent to Digital Certificate.

Copyright © Blockchain Council www.blockchain-council.org 8

Zero-Knowledge Proofs
Zero-knowledge Proof is a method of cryptography suggested in the 1980s by MIT scientists Silvio Micali, Shafi Goldwasser,
and Charles Rackoff. In this process, without revealing any additional details, one party (Prover) may prove that a certain
assertion is valid to the other party (Verifier).

Zero Knowledge Proofs (ZKPs) Advantages are:

● Simple - One of the key benefits of zero-knowledge data is that it does not require any sophisticated system of
encryption.
● Secure - It does not require someone to report some kind of details.

While these are the pros of Zero-knowledge proof, there are still some pitfalls to the definition. A few of those are:

● Lengthy: There are around 2k calculations in the zero-knowledge system, each taking a certain amount of time to
process.
● Imperfect: The messages sent to the verifier/prover can be destroyed or changed.
● Restricted: The protocol of zero knowledge allows the password to be a numerical value.

Copyright © Blockchain Council www.blockchain-council.org 9

Zero-Knowledge Proofs
Properties of Zero-Knowledge Proofs:

● Completeness: If the argument is valid and all

users religiously follow the law, without any outside
support, the verifier will be persuaded.

● Soundness: The verifier would not be persuaded

in either case if the assertion is incorrect (even if the
prover claims that the statement is true with any slight
probability).

● Zero-Knowledge: In all examples, all knowledge

outside the assumption that the argument is true or
false would not be open to the verifier.

Copyright © Blockchain Council www.blockchain-council.org 10

Where to Implement ZKP in Blockchain System?
Here are some of the areas in blockchain applications where we can implement Zero-Knowledge Proofs.

● Messaging
● Authentication
● Storage Protection
● Sending Private Blockchain Transactions
● Complex Documentation
● File System Control
● Security for Sensitive Information

Copyright © Blockchain Council www.blockchain-council.org 11

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 12

Blockchain Risk Considerations
Overview
The advent of distributed ledger technologies, due to the existence
of the blockchain, poses new and specific threats that do
not occur in more conventional centralized systems.

This brings the question of when to shift from the

proof-of-concept stage to development, so that new
blockchain implementations can be properly regulated.

In the figure, you can see list of domains where risks might
arise from using blockchain.

Copyright © Blockchain Council www.blockchain-council.org 2

Risks arising from Blockchain
1) Consensus and Network - A complex series of mathematical functions and coordination between the network nodes
are usually involved in establishing consensus in a blockchain. Organizations running on this blockchain may be
subjected to major threats, both operational and financial, if the consensus mechanism were defective.

2) Cryptographic key management - To maintain the integrity of the overall structure and guarantee stability,
blockchains use cryptographic functions such as hashing algorithms and public key cryptography. Improper
maintenance of cryptographic key-pairs may lead to unauthorized network access.

3) Functional requirements - Careful decisions should be taken with regard to the decision to incorporate a blockchain;
not only with regard to the need to incorporate a blockchain into an established IT environment, but also what type
to choose.

Copyright © Blockchain Council www.blockchain-council.org 3

Risks arising from Blockchain
4) Smart contracts - These are agreements that are codified into an authoritative ledger for blockchain participants.
When such conditions (typically defined by the parties involved) are fulfilled, the contract is executed automatically.
This could result in unintentional and unforeseen effects if smart contracts are improperly built.

4) Data management and Privacy - Any request for transactions approved by the ledger is deemed final. Incorrect,
incomplete or even illegal transactions, owing to the fact that personal data is available and the transaction
obligations may not be revoked (to adhere to the right to be erased/forgotten), can lead to unforeseen effects such
as degraded data security or breached privacy requirements.

4) Centralization and Collusion - Independent nodes form a blockchain. Although these nodes function independently
with respect to each other, they can be owned by a single entity or by organizational partnership. Competitors on
this device may be blocked from transacting or the risk of accessing such functionality may be restricted.

Copyright © Blockchain Council www.blockchain-council.org 4

Risks arising from Blockchain
7) Interoperability and Integration - Interoperability among the technical generations may be a problem with the
advent of blockchain adoption. In an organization's current IT climate, a blockchain should not easily be deployed
because it must be related to legacy IT networks, which typically have some compatibility restrictions, or even to
other blockchains.

7) Scalability and Continuity - Coordination and interaction between nodes that are often spatially isolated from each
other and situated within the internal IT environments of the participant is necessary to achieve consensus. This may
potentially contribute to a loss of scalability or even endanger the continuity of the blockchain framework and the
operations of companies depending on the blockchain system in the (business) phase.

7) Third party and Governance - Where the efficient functioning of conventional IT systems ( i.e. any organization is
the owner of its IT) depends largely on the organization's own control environment, blockchains rely on both the
network's total control environment and the control environments of the individual participating organizations. One
may question if 'third parties' are in fact 'second parties' in a blockchain sense.

Copyright © Blockchain Council www.blockchain-council.org 5

Risks arising from Blockchain
10) Compliance - In the regulatory space as well, where regulations and government policy for the implementation and
operation of blockchain technology are also in an experimental state, the immaturity of blockchain technology is
evident. Moreover, blockchains, by their very existence, allow for transfers between parties that do not need to
know or trust each other. This exposes an organization to the risk that terrorist financing could be involved in money
laundering.

Copyright © Blockchain Council www.blockchain-council.org 6

Value Proposition

Copyright © Blockchain Council www.blockchain-council.org 7

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 8

The Security Ecosystem
Overview
Thousands of security bodies and security professionals are working round the clock to innovate and to establish a brand
new approach to counter new threats.

In order to strengthen their security strategy and tools, companies spend millions of dollars per year.

The organizations continue to analyze zero-day vulnerabilities, develop endpoint defence Artificial Neural Networks
(ANNs), make machine learning models for emerging threats, develop an efficient cybersecurity incident response
mechanism and awareness software, and so on.

Copyright © Blockchain Council www.blockchain-council.org 2

Cyber Attack Prevention Strategies
Cyber attack prevention strategies have four primary categories:

1) Decrease the surface of attack

2) Total visibility
3) Prevent risks that are known
4) Prevent risks that are uncertain

Copyright © Blockchain Council www.blockchain-council.org 3

Decrease the surface of attack
Many companies have a periodic method for conducting external and internal testing of bugs for inappropriate
programmes ports, information about file extensions, and information about platforms. This continuous security
vulnerability assessment process allows them to evaluate the answers of the questions below:

● What do we do differently? (Technology, Method, Compliance, People, and so on)

● What are the top applications for risk?
● What are the network safety gaps?
● Which consumers and processes are most at the risk?

Jon Pincus (Researcher at Microsoft), Jeannette M. Wing (Computer Scientist at Carnegie University) and Michael Howard
(Security Business Unit at Microsoft) have developed a technique to quantify the attack surface of every application and to
keep track of any modifications to the surface of the attack. They called it Relative Attack Surface Quotient (RASQ).

Copyright © Blockchain Council www.blockchain-council.org 4

Total Visibility
Some of the most popular ransomware, including WannaCry And NotPetya, to exploit endpoints, uses SMB-based
vulnerabilities.

SMB is a Microsoft protocol that is widely used, an enterprise with Positive SMB behavior can be distinguished from poor
SMB behavior by full exposure.

Similarly, there are particular anomalies that are hard to defend against. Using current surveillance technologies, however,
the secret to disclosure is identification.

In post-infection research, certain malicious actions even assists this technique to further strengthens the security position
of an organization.

Copyright © Blockchain Council www.blockchain-council.org 5

Prevent risks that are known
The 2017 Data Breach Investigation study by Verizon reported that 99 percent of ransomware is only used once before it is
updated by threat actors, and in the battlefield of non-stop cyber war it takes both defenders and adversaries.

Firewalls and antivirus apps are important as the first line of protection for networks and endpoints, while high-profile
cyber attacks often make breaking news and attract organizations' interest in terms of defending against these attacks.

Copyright © Blockchain Council www.blockchain-council.org 6

Prevent risks that are uncertain
With the sophisticated threats and hacking methods of today, saying that you have security from 100 percent of attacks
would be a fallacy.

There are advanced and mysterious threats that have never been seen before, and they also behave just like a legitimate
person, and companies are implementing fresh approaches with the capabilities of quantitative and behavioral intelligence
to identify and respond to such threats; machine learning/deep learning; and the study of intruder techniques, tactics , and
procedures (TTPs).

Copyright © Blockchain Council www.blockchain-council.org 7

Conclusion
A variety of security organizations and researchers are actively researching new ways to protect the vital infrastructure of
their enterprise from emerging threats, in addition to these well-known and highly adapted security technologies.

The bad news is that, like any other malware, the majority of defenders already handle them, but the irony is that cyber
criminals have grown much more advanced, financially driven, and patient in nature.

They have become considerably more difficult to locate, they perform commands and instruments manually (criminals
seldom take chances in the case of a wider target), and attackers reach the network concurrently from multiple approach
avenues.

Copyright © Blockchain Council www.blockchain-council.org 8

Threat-risk assessment model

Copyright © Blockchain Council www.blockchain-council.org 9

THANK YOU!
Any questions?
You can mail us at
[email protected]

Copyright © Blockchain Council www.blockchain-council.org 10

Blockchain Architectural Design
Brief Introduction
A huge number of degrees of freedom comes with developing the architecture of blockchain-based systems. There is no
uniform architecture, and an architect has to come up with several individual decisions dependent on the particular criteria
and the blockchain technologies selected.

First, the information system architecture is built,

and a diagram of the network structure representing
different participants is also shown.

It then explains the exchange of risk information and

the smart contract implementation process in
accordance with the four life cycle processes.

Copyright © Blockchain Council www.blockchain-council.org 2

Blockchain-related design decisions

(⊕: Less favourable, ⊕⊕: Neutral, ⊕⊕⊕: More

favourable) 3
Copyright © Blockchain Council www.blockchain-council.org
Design Process for Blockchain-based Systems
During the process of architecting software programmes,
taxonomy may be used to guide the architecture of the
system.

This taxonomy can be used at various stages of the design

process to guide system design.

The approach begins with the decision to decentralize trust

(authority) or not. In situations where no single trustworthy
authority is required and the trustworthy authority may be
decentralized or partly decentralized.

Splitting computing and data storage between on-chain and

off-chain modules is the next big decision.

Copyright © Blockchain Council www.blockchain-council.org 4

Design Process for Blockchain-based Systems
After that, it is important to make a series of design decisions about the configuration of the blockchain, such as blockchain
type, consensus protocol, block size and frequency.

In order to make concept choices, the arrows only display one of the alternative sequences. Scalability (like block size and
frequency), stability (like consensus protocol), cost competitiveness (like blockchain type) and performance (like data
structure) are mostly influenced by certain decisions. There are also trade-offs between the blockchain 's fundamental
properties.

Finally, it is also important where to deploy the modules of the blockchain-based system.

Taxonomy can aid in decision-making in this design process by allowing a systematic comparison between the capabilities
of various design choices.

The taxonomy also illustrates the effect on the quality attributes of numerous design choices. A context for the contrast is
given by the trade-off review of quality attributes.

Copyright © Blockchain Council www.blockchain-council.org 5

System Architecture
The prototype for risk and information system monitoring offers internal risk services to
personnel, auditors, management staff, related IoT devices and internal management
systems, while external services are offered via blockchain to external auditors and
regulatory agencies.

The organization will construct a trusted vulnerability blockchain knowledge flow based
on the blockchain. And outside the organization, IoT devices, external entities and
regulatory bodies are covered by the participants. IoT systems receive blockchains
immediately and change their own risk alert and response techniques dynamically.

Based on the SLA agreement with the organization, external entities immediately
activate corresponding risk response services. The monitoring of risk control and
controlled organizations by analyzing risk information in the blockchain is the responsibility
of the Regulatory Authorities.

Copyright © Blockchain Council www.blockchain-council.org 6

THANK YOU!
Any questions?
You can mail us at
[email protected]

What is Two-Factor
Authentication?
What is 2FA?
Two-Factor Authentication (2FA) is an external layer of authentication used to ensure that their account can only be
reached by the rightful user. In this process, the user will first enter a combination of a username and password and the
user will be asked to include other information instead of directly accessing their account. In one of the following ways, this
other bit of information will come in:

● Anything that the user knows - This may be information such as a password, a hidden question answer, or even a
personal identification number (PIN).

● Anything that the customer has - This approach entails the second stage of authentication by smartphones, other
hardware, or a software token dependent on card data.

● Anything that the user is - This is one of the most successful ways to validate the user. Biometric data such as
dynamic keystroke and mouse behavior.

Evolution of User Authentication

● Single-Factor Authentication (SFA) It is dependent on information pre-shared by the user—a PIN or a password, or,
a security question, most definitely. This is often a problem, though, as a user can forget this pre-shared knowledge
if the user does not use the application frequently.

Evolution of User Authentication
● Two-Factor Authentication (2FA) This is to resolve the tendency of consumers, based on what they know, to forget
pre-shared information. It has strategies like authentication of a smartphone, key card, or one-time password ( OTP).
In this respect, the second authentication stage is interactive in nature, and users do not have to share something
with the owner of the application. It also removes the possibility of being abused by the account due to stolen
credentials.

● Multi-Factor Authentication (MFA) This has many second-level user verification techniques, such as voice
biometrics, facial recognition, hand geometry, ocular technique, fingerprint authentication, geographic location,
recognition of thermal images, and several more. This module is, however, limited to exploring Two-Factor
Authentication only.

Why Two-Factor Authentication?
2FA promotes both end user and business security, and there are some advantages of using it, which are as follows:

● Better security SMS-based OTP eliminates the possibility of attackers impersonating legitimate users by adding a
second level of authentication. It lowers the chance of account fraud and data violations. And if the hacker gets the
user's credentials from the dark web, the second piece of information needed to fully authenticate them will not be
available.

● Productivity increase Mobile 2FA allows multinational organizations to seamlessly use the second authentication
standard. Without disclosing any private details, employees can easily access company software, records, and third-
party services from any computer or location.

● Reduction of theft and rise of trust Most victims of theft avoid going to those merchants even though the data loss
was not the fault of the merchant. 2FA creates a stronger trust layer with the customer and thus lowers attempts at
infringement on merchant sites.

How does it work?
2FA can be deployed in two modes: a cloud-based solution and an on-premises solution. We will consider all strategies and
understand which suits well with what type of deployment:

● Cloud-based solution This is used extensively for e-commerce, online banking, and other web technologies related
to online services. Have a look at this diagram:

How does it work?
● On-premises solution Organizations refuse to allow cloud-based protection technologies and tend to favor on-site
technologies where a username and password are combined with an individual using web apps. This information
now goes to the internal VPN integrator, which processes certificates and shares a key between 2FA providers from
companies and third parties. The third-party 2FA provider can produce the OTP and exchange it via SMS or mobile
apps with the employee.

Challenges
In 2FA, the first authentication level is a combination of the username and password, but for the second authentication
level, a central repository supplies this piece of information.

It is the duty of this central registry to store all the information required to authenticate the customer. While 2FA increases
the level of protection for the second authentication layer, it also faces the downside of providing a list of confidential user
information stored by the centralized database.

Targeted attacks can tamper with or corrupt the central database, and this can lead to major data breaches.

THANK YOU!
Any questions?
You can mail us at
[email protected]

Blockchain for Two-Factor
Authentication
Overview
As one of the most innovative and groundbreaking innovations out there, Blockchain is being hailed widely across
industries and international job market.

The cybersecurity solutions-based CIA defence triad theory has been broken by Blockchain.

In security procedures, 2FA has been important for many years, however, attackers often manage to breach such devices.

We will learn how the 2FA mechanism can be transformed by Blockchain to achieve an enhanced protection process.

How can blockchain transform 2FA?
Blockchain is a decentralized technology by nature that enables transactions among multiple participants of any sort of
value without the intervention of a third party.

We can guarantee that this confidential information only resides on one database by using blockchain; instead, it can be
immutable within blockchain nodes and can not be changed or removed.

In this process, a third-party 2FA vendor can authenticate consumer devices via the blockchain network.

In order to create the second-level password, each party in the blockchain network will retain the endpoint information
safely and will enable the 2FA device.

Blockchain based 2FA
This can be implemented either in the public domain, or also through a third-party API call on a private network.

Solution Architecture
As a new technology in the tech domain, blockchain is now successfully integrated with many companies in its research
process. We will be using the Ethereum network for this module to turn on the 2FA framework. Ethereum permits a smart
contract to be programmed for an operation. The simple flow between the user, the web application, and the repository
based on Ethereum is represented in the diagram below.

Solution Architecture
A user accesses and joins the first stage of credentials on the web portal. To create the OTP and to share it with the user, a
web application can connect to the Ethereum-based repository. Finally, the same OTP is entered by the user and then the
user receives access to the web application. With the help of the following diagram, let's gain some further insight into the
Ethereum blockchain.

THANK YOU!
Any questions?
You can mail us at
[email protected]

Client's Vulnerabilities & Attacks
Digital Signature Vulnerabilities
Elliptic Curve Cryptography (ECC) is the source of all Bitcoin’s asymmetric cryptography.

The BTC addresses are derived from ECC public keys, and digital signatures created by the ECDSA are used to authenticate
the transaction.

The use of ECC is ineffective, since it does not have the randomness required, which may compromise the private key of
the user.

To generate a digital signature, a random value must be used for the private key, where the random value for each
transaction must be different.

For instance, 158 separate public keys were found in the Bitcoin Blockchain, which used the same random value (nonce) in
more than one signature, making it possible to compromise the private keys of the users.

Hash Function Vulnerabilities
In some of the blockchain networks, for example in the Bitcoin Blockchain, the operation depends on cryptographic
primitives to guarantee the consistency and accuracy of the operation.

The hash function is one of these primitives. SHA256, for example, is the hash function used in the Bitcoin Blockchain, and
is vulnerable to multiple cybersecurity challenges, such as preimage and collision attacks.

A preimage attack is where an output Y from hashing an input m is given to the attacker; the attacker seeks to find an input
m * such that hashing m * is equal to Y; however, the effort by the attacker to find two inputs that have the same hash is
called a collision attack.

In order to carry out such attacks, tremendous computational power is required, attacks may be possible only if the
adversary has quantum computing or a massive mining pool dominates.

Mining Malware
Cryptojacking is where the adversary launches the malware on the target computer or mobile device to mine a block using
its computing resources, which requires a significant amount of energy and could weaken the security of the framework of
the target.

Researchers initiated a cryptojacking initiative in February 2018 alone, which infected more than 4,000 websites, including
UK and US government pages; millions of Android users were attacked by the other initiative.

A deep-learning image-based research for malware detection was suggested by Venkatraman along with others (IT
Department, Melbourne Polytechnic). Furthermore, on the European water utility operating network, a vital infrastructure
technology firm discovered cryptocurrency mining ransomware, which had a major effect on the networks.

Software’s Flaws
In the Blockchain applications, there are various kinds of flaws, such as runtime, concurrency, and hard fork flaws.

Flaws in the blockchain programme that is used in the blockchain network may result in the private keys of users being
exposed.

In 2014, during their software upgrade, Blockchain.info, which is a hybrid wallet provider, made an error during the update
when their users created a new key pair on their local device using the affected software, the ECDSA inputs were not
appropriately random, which means that an adversary could have run the software by only accessing the public address to
compromise the private keys of the users.

User’s Address Vulnerabilities
Addresses of Bitcoin Blockchain are susceptible to the danger of identity fraud since these addresses are not authorized.

For eg: an opponent might execute a man-in-the-middle attack to change the target Bitcoin address to the adversary's
address.

To receive payments intended for the target, the adversary could vandalize the target website.

The result of the attack is devastating, since once the nodes in the network agree and record it in the database, it gets
difficult to refund the payment in the Bitcoin Blockchain.

THANK YOU!
Any questions?
You can mail us at
[email protected]

Consensus Mechanisms
Vulnerabilities & Attacks
51% Attack
The shared consensus mechanism is the basis for the creation of mutual trust in Blockchain technology. However, by
leveraging the 51% vulnerability built inside the mechanism, the attackers might monitor the entire blockchain network.

The 51% vulnerability also extends to blockchain networks based on the PoS mechanism. If a single miner gets more than
50% of the total coins in the network, the vulnerability can be exploited; a 51% vulnerability progresses to a 51% attack,
which helps the attacker to do the following:

● Injecting fraudulent transactions

● Manipulating the network
● Outstripping all other users of the network
● Incorporating a double-spending fund
● Stealing other users’ assets

Alternative History Attack
The attacker sends a payment transaction to the target in this attack as he or she mines another blockchain fork, including
a false double-spending transaction.

Following the validation, the intruder may obtain a product or service from the target.

He or she propagates his or her malicious fork and recovers the coins if the attacker succeeds in locating more blocks than
the legitimate chain; otherwise, he or she must extend his or her malicious fork to meet the honest miners' fork.

The attack would fail if the attacker is unable to keep up with the other nodes.

Finney Attack
A Finney attack is a bogus double-spend attack that occurs after a block has been mined and involves a miner's
participation. Quite apart from the precautions taken by the dealer, the possibility of a Finney attack cannot be removed,
but a miner 's presence is necessary and a clear series of events must occur.

One transaction is pre-mined in a block in this attack, and a duplicated version of this transaction is sent by the attacker to
the user.

The attacker propagates the block, which includes the initial transaction. After the transaction is accepted and the recipient
delivers the product.

The transaction sent to the recipient will then be null, and the attacker will be successful in creating a double-spend
transaction.

Race Attack
In blockchain networks, which are based on the PoW mechanism, race attack is easy to initiate.

When an attacker makes two competing transactions, a race attack is executed.

The first transaction is sent to the victim who, without waiting for confirmation of the transaction, accepts the payment
(for example, sends a product ).

Around the same time, a conflicting transaction is broadcast to the network that returns the same amount of
cryptocurrency to the attacker, ultimately rendering the first transaction null.

Vector 76 Attack
This attack originally emerged from the BitcoinTalk forums, where an attack against the MyBitcoin e-wallet was identified
by a user called Vector76, which resulted with double-spending problems. The attacker does not need to mine two
consecutive blocks in this attack; one block is enough to execute this attack.

To assess the timing of the propagating transactions of network nodes and how they broadcast across the network, the
attacker wants to analyze the blockchain network.

The attacker then determines the nodes that are earlier than the target in the propagating transactions and creates a direct
relation with the target. After that, without transmitting it to the network, the attacker initiates a transaction that makes a
legal deposit into the target and mines it into a stack.

If the attacker succeeds in triggering a legitimate block, he or she will not broadcast it until a block is mined by any other
nodes.

THANK YOU!
Any questions?
You can mail us at
[email protected]

Mining Pool Vulnerabilities &
Attacks
Block Withholding Attack
The attacker enters a mining pool in this attack to assist the pool members in mining blocks, however, the attacker would
never broadcast any block to decline the estimated revenue of the pool.

This attack is often considered a 'Sabotage Attack' because nothing is gained by the scoundrel miner, but it allows everyone
to fail.

The aim of the attack is to cause the mining pool 's profitability to decline. This kind of assault will bankrupt a pay-per-share
pool if continued for a long enough time.

Due to the random nature of mining, minimizing a Block Withholding attack is difficult, but some techniques have been
developed, such as different cryptographic commitment schemes combined with hash functions.

Usually, these mechanisms prohibit the pool administrator from cheating on the entire pool and make it difficult for miners
in the pool to discriminate between a partial Proof-of-Work and a full Proof-of-Work.

Bribery Attack
This attack is focused on bribing miners with accurate forks or blocks to mine. The attacker will check and publish random
transactions when he or she has paid to check them with deceptive nodes. By using three bribing techniques, the attacker
might obtain the majority of the computational resources, which include:

In the out-of-band payment, the owner of computational services is paid directly by the attacker to mine the blocks of the
attacker.

The attacker builds a pool in the negative-fee mining pool by awarding the higher return.

The attacker tries to bribe the blockchain itself in in-band payment by making a fork, which involves free bribe money to
any miner who endorses the fork of the attacker.

Pool Hopping Attack
This attack is based on the appeal rate. The attacker mines if the rate is high; otherwise, the attacker leaves the pool.

In order to understand how many shares have been submitted and how many blocks have been identified, the attacker
uses details about the amount of submitted shares in the target mining pool.

Using this data, the attacker in the target pool stops mining and contributes elsewhere.

The core principle behind this attack is that to achieve full profits, the attacker prefers separate pools to mine.

Block Discarding Attack
In this attack, the attacker must possess a sufficient number of network connections relative to the honest nodes and
conquer several slave nodes to improve his or her network dominance.

If the attacker is aware of recently mined blocks, he or she automatically publishes his or her own block, which must be
quicker than the rest of the network; thus, when a node publishes a block, the attacker will instantly spread his or her own
blocks to discard the blocks of honest nodes.

Selfish Mining Attack
A group of attackers conspire to build a mining pool in this attack to counteract the honest work of the miners and achieve
better profits for themselves.

In order to manipulate the rewards, the attackers mine into their own blockchain and broadcast it depending on the
difference in length between the public and the owned blockchains.

With an example, let's illustrate selfish mining. Suppose that the overall hash rate is split equally between four miners:
Alice, Bob, Carol, and Dan (with 25% each). Alice, Bob, and Carol play by the rules, but Dan attempts to exploit the system
for his own benefit.

In normal conditions, we would expect a miner who discovers a block to automatically attach it to the chain. And as truthful
members, this is what Alice, Bob, and Carol do. But Dan withholds it if he finds a block (it's a valid solution, but it has yet to
be added). Dan can get lucky and find two blocks in a row, before anyone else.

Fork-After-Withholding Attack
The Fork-After-Withholding (FAW) attack revenue is equivalent to or greater than the Block Withholding (BWH) attack and
the attack is four times more fruitful than the BWH attack.

The Selfish mining attack and the BWH attack are merged in this attack.

There are two forms of this attack:

In the Single-pool FAW attack, the attacker joins the target mining pool and executes the attack against it.

In the Multipool FAW attack, by expanding the attack against many pools, the attacker intends to maximise his or her
revenue.

THANK YOU!
Any questions?
You can mail us at
[email protected]

Network Vulnerabilities &
Attacks
Partition Attack
The attacker isolates a group of nodes from the rest of the Bitcoin Blockchain network in this attack, and the network is
broken into disjoint parts.

The adversary hijacks the most unique prefixes which host the IP address of each of the isolated nodes to redirect the
traffic destined for them.

When he or she is on the route, the traffic is intercepted by the adversary and decides which connections cross the
partition that the adversary tries to establish.

If the link does not reach the partition, packets are dropped by the adversary; otherwise, the link is stored within the
isolated nodes.

To evaluate the leakage points, the adversary records the transmitted messages; there are nodes in the isolated group that
retain relations with the external nodes which can not be intercepted by the adversary. In the isolated group, the adversary
eventually isolates the leakage points from other nodes.

Delay Attack
In the previous attack, to successfully execute the attack, the adversary needed to gain complete control over the traffic of
the target. In comparison, even though the opponent intercepts only one of the target 's links, the delay attack will create
substantial delays in block publishing.

Next, to postpone the block delivery, the attacker modifies the content of individual messages; this is possible due to a lack
of integrity checks and BTC message encryption.

Furthermore, the opponent makes use of the fact that nodes first send block requests to the peer that propagated per
block and wait 20 minutes before requesting it from another peer to deliver it. The opponent then sends a block at a 20-
minute interval to a target node, making the target ignorant of the most recently mined blocks and making the target
unable to contribute to the network.

Distributed Denial-of-Service (DDoS) Attack
Nowadays, one of the most popular and inexpensive internet attacks is the Distributed Denial-of-Service (DDoS) attack.
Blockchain technology, while being a peer-to-peer technology, is also vulnerable to DDoS attacks.

These attacks have frequently been faced by the Blockchain platform networks, such as Ethereum and Bitcoin.

For example, over two years, 40 BTC services suffered from 142 DDoS attacks, and the targets included 7 percent of all
common operators.

Due to the greater probability of revenue, most of these attacks attacked vast mining pools and currency exchange
platforms.

These attacks have caused companies such as BitQuick and CoinWallet, within a few months of their beginning, to shut
down their operation.

Sybil Attack
The adversary sets up fake assistant nodes in this attack and aims to reveal part of the blockchain network.

To isolate the target and detach the transactions generated by the target, the adversary can use a group of exposed nodes
to execute the attack, or the attacker may make the user select only the blocks that are maintained by him or her.

The opponent with malicious nodes will encircle the target. The target would assume that by multiple truthful nodes, he or
she already connects to the network; but the fact is that the target has restricted access to the network since all the nodes
to which he or she connects are managed by the opponent.

He or she may fail to relay the target 's transactions until the opponent surrounds the target. In addition to the goal of the
network state the adversary will feed misleading data.

An effective Sybil attack could disable the functionality of the consensus algorithm and trigger a possible double-spending
attack.

Time-Jacking Attack
This attack is a direct attack on the network of the Bitcoin Blockchain. Full nodes maintain the network time within this
network.

The network time is obtained from the adjacent nodes by receiving a version message.

The median time of all neighbouring nodes is determined, and if the median time of all neighbouring nodes reaches 70
minutes, the network time counter returns to the machine time of the node by default.

He or she tries to show imprecise timestamps while the adversary is connecting to the target node.

Once the competitor modifies the time counter of the node network, a replacement blockchain may be implemented by
the incorrect node.

This attack would separate the target node from the network or reduce the validation rate of the transaction on the whole
network.

Transaction Malleability Attack
In the BTC blockchain network, transaction malleability is a vulnerability that helps the adversary to change the TXID
without revoking the transaction. Modifying the TXID will deceive the victim into thinking, but it is later proven, that the
transaction has failed. The typical targets for this attack are currency exchanges.

The adversary withdraws from an exchange and then, with another TXID, republishes the same transaction, and one of
them appears on the network. Owing to delays, rather than the initial withdrawal, it is extremely likely that the changed
transaction will win.

The currency exchange will not find the original transaction on the network and will assume that if the exchange only
depends on TXIDs, the transaction has failed. The opponent will therefore withdraw continuously.

Mt. Gox was one of the biggest exchanges in the history of the BTC; it declared bankruptcy due to the loss of over USD 450
million worth of coins. In attempt to steal coins from the exchange, the attackers carried out a transaction malleability
attack, which caused the exchange to freeze user accounts and avoid withdrawals.

THANK YOU!
Any questions?
You can mail us at
[email protected]

Smart Contract Vulnerabilities &
Attacks
EVM Bytecode Vulnerabilities
The Ethereum Virtual Machine (EVM) is a bytecode-running virtual machine that is the product of compiling a smart
contract's source code. A particular quantity of gas is consumed for each process in the EVM. The gas reflects the execution
expense of the code.

Solidity Vulnerabilities
Solidity is Ethereum's high-level programming language, which the programmer uses to write the source code for the smart
contract. In smart contract source codes, there are six documented vulnerability categories that are already exploited and
comprise the highest portion of the number of vulnerabilities in smart contracts. Most of these vulnerabilities arise from a
misalignment between the insight of the programmers and the grammar of Solidity.

These vulnerabilities are:

Solidity Vulnerabilities
Ethereum Smart Contract Coding flaw represents the third-highest impact of the incident type.

As seen in the case of the 2016 DAO attack, the primary cause was the reentrancy flaw of smart contracts.

Reentrancy is a form of insecurity only seen in the Ethereum Smart Contract. An attacker first deposits a quantity X to a
multiparty smart contract, as the name suggests. Before the balance of funds deposited and withdrawn has been settled,
the attacker then performs a function to remove a quantity Y, which is more than X.

The result is that the attacker essentially takes the money in the deal from other parties.

Our report shows that Ethereum Smart Contract flaw incidents have increased from one incident in 2016 to two incidents
in 2017 to four in 2018.

THANK YOU!
Any questions?
You can mail us at
[email protected]

Alternative DLT Architecture
Introduction to Directed Acyclic Graphs (DAGs)
The Directed Acyclic Graph (DAG) protocol is an alternative to the standard blockchain and can be described as a
distributed ledger technology.

A DLT is based on the mathematical model of a Directed Acyclic Graph, and its implementation is often termed as “Tangle”.
DAG and Tangle are, for this purpose, are also used interchangeably.

The DAG data structure is a system of nodes/vertices/sites (squares) that are linked to each other via edges (arrows).

It is necessary to connect each node to at least two other nodes. The node must check and confirm two previous nodes to
establish a new node. Tips are considered unvalidated nodes. A collection of data or transaction information is stored in
each node.

A DAG's data structure is a ledger that stores transactions in a graph format that points in one direction ( i.e., directed) and
is non-circular such that the future and current transactions (i.e. acyclic) will not be checked by past transactions.

Directed Acyclic Graphs (DAGs)
Each transaction allows the consensus process in DAG to be checked by accepting two prior transactions/sites. The
validation method chooses the two previous algorithm-based transactions and it is necessary to complete Proof-of-Work
by solving a cryptographic problem. Tangle does not, however, involve miners, as any node could be a miner. As a
consequence, transaction costs are negligible on the addition of a new transaction.

This increases the technology's scalability, as the tangle generates a transaction graph that references older transactions.
Since the consensus process only allows two randomly chosen previous transactions to be accepted for any new
transaction, several transactions may be automatically checked rather than having to wait for the next block.

Directed Acyclic Graph (DAG)
This is similar to a transaction topology that points in the same direction, but is not inherently linear in form. When
contemplating each of the elements of the abbreviation, it's clear to understand:

● Direct A direct implies the transaction sequences in this case. The links point to earlier transactions connected to
later transactions in the same direction, and so on.

● Acyclic A main component of the DAG-Acyclic suggests exactly what it looks like-no back-cycling. Loops won't be
possible since connecting to another transaction the transaction does not circle back upon itself.

● Graph The interlinked network forms a topology-like graph in which nodes are linked to other nodes. The network of
linked transactions can be interpreted as nodes in a network of graphs in which nodes are linked to each other.

DAGs Vs Blockchains

Benefits of using DAGs
In contrast with Blockchain, DAGs have several benefits:

● DAGs facilitate effective scaling, and user costs are also minimized.

● DAGs are well suited for high volumes of transactions, including micro and nano-transactions. The larger the number
of transactions, the earlier they are validated by a DAG.

● DAGs have also eliminated the need for miners and mining infrastructure, which means lower energy usage.

Challenges faced by DAGs
There are several challenges for DAGs:

● A decrease in transaction volume can render DAGs vulnerable to attacks.

● The replication of data across various nodes is difficult to solve.

● DAGs employ a "Co-ordinator" to avoid malicious attacks on the network, serving as a centralized, voluntary and
temporary alternate consensus mechanism.

● We can argue that using a node of the coordinator suggests that the technology is not decentralized enough.

THANK YOU!
Any questions?
You can mail us at
[email protected]

Certified Blockchain Expert
100% (8)
Certified Blockchain Expert
336 pages
Development On Solana
No ratings yet
Development On Solana
9 pages
Blockchain For Cybersecurity A Comprehensive Survey
100% (1)
Blockchain For Cybersecurity A Comprehensive Survey
6 pages
Hyperledger Fabric PDF
No ratings yet
Hyperledger Fabric PDF
365 pages
Blockchain Technology New
No ratings yet
Blockchain Technology New
23 pages
Transmission Powershift Hl750
100% (1)
Transmission Powershift Hl750
28 pages
SMWW 2310 Acidity
100% (2)
SMWW 2310 Acidity
3 pages
CODING For KIDS 2 BOOKS in 1 Python For Kids and Scratch Coding For Kids. A Beginners Guide To Computer Programming. Have Fun and Learn To Code Quickly, Even If You'Re New To Programming. by Morrison
100% (1)
CODING For KIDS 2 BOOKS in 1 Python For Kids and Scratch Coding For Kids. A Beginners Guide To Computer Programming. Have Fun and Learn To Code Quickly, Even If You'Re New To Programming. by Morrison
226 pages
Introduction To Certified Blockchain Expert Version-2
No ratings yet
Introduction To Certified Blockchain Expert Version-2
20 pages
Hyperledger Fabric PDF
100% (1)
Hyperledger Fabric PDF
445 pages
BlockChain Lab Assignments
100% (1)
BlockChain Lab Assignments
23 pages
20 Blockchain Applications and Real-World Use Cases
100% (1)
20 Blockchain Applications and Real-World Use Cases
33 pages
BitcoinForensics ATutorial
No ratings yet
BitcoinForensics ATutorial
18 pages
DevOps For Blockchain Smart Contracts
No ratings yet
DevOps For Blockchain Smart Contracts
24 pages
Using Blockchain in CyberForensics
100% (1)
Using Blockchain in CyberForensics
51 pages
Ppt-2 Blockchain Structure
No ratings yet
Ppt-2 Blockchain Structure
36 pages
Blockchain Cloud Integration Comprehensive Survey and Open Research Issues
No ratings yet
Blockchain Cloud Integration Comprehensive Survey and Open Research Issues
27 pages
Blockchain Architechture
No ratings yet
Blockchain Architechture
2 pages
Seminar Report Block
No ratings yet
Seminar Report Block
18 pages
Practical Blockchain
100% (1)
Practical Blockchain
51 pages
Web 3.0 Blockchain Final Report2 PDF
No ratings yet
Web 3.0 Blockchain Final Report2 PDF
22 pages
Introduction To Blockchain Notes
100% (1)
Introduction To Blockchain Notes
181 pages
Blockchain: Known Security Challenges
No ratings yet
Blockchain: Known Security Challenges
26 pages
L5 - Ethereum - Blockchain
No ratings yet
L5 - Ethereum - Blockchain
132 pages
Blockchain: Distributed Ledger Technology (DLT)
No ratings yet
Blockchain: Distributed Ledger Technology (DLT)
6 pages
Blockchain Course PDF
100% (1)
Blockchain Course PDF
22 pages
Blockchain Report Seminar
No ratings yet
Blockchain Report Seminar
27 pages
Certificate Verification System Based On Blockchain Technology
No ratings yet
Certificate Verification System Based On Blockchain Technology
5 pages
Block Chain Syllabus
No ratings yet
Block Chain Syllabus
2 pages
Bitcoin Forensics: BLOCKCHAIN SUMMIT at BRIGHTTALK
100% (1)
Bitcoin Forensics: BLOCKCHAIN SUMMIT at BRIGHTTALK
126 pages
Uniti Iv Hyperledger
No ratings yet
Uniti Iv Hyperledger
22 pages
Block Chain Unit 2
100% (1)
Block Chain Unit 2
19 pages
Blockchain Question Bank
No ratings yet
Blockchain Question Bank
11 pages
Block Chain
No ratings yet
Block Chain
204 pages
A Review of Prospective Applications of Blockchain
No ratings yet
A Review of Prospective Applications of Blockchain
22 pages
Quantum Computing in Web3
No ratings yet
Quantum Computing in Web3
40 pages
Test Driven Solidity With Truffle - OLI Systems - Medium
No ratings yet
Test Driven Solidity With Truffle - OLI Systems - Medium
21 pages
Blockchain in Cyber Security
No ratings yet
Blockchain in Cyber Security
11 pages
UM Bootcamp Slides - by Blocklime PDF
No ratings yet
UM Bootcamp Slides - by Blocklime PDF
71 pages
Blockchain in Action
100% (1)
Blockchain in Action
13 pages
Developing Smart Contract On Ethereum Blockchain Using Truffle Framework
No ratings yet
Developing Smart Contract On Ethereum Blockchain Using Truffle Framework
11 pages
SSRN Id4749892
No ratings yet
SSRN Id4749892
50 pages
Blockchain Seminar
No ratings yet
Blockchain Seminar
23 pages
Blockchain Attacks
No ratings yet
Blockchain Attacks
11 pages
Prospects of Using Blockchain in Banking Sectors of Bangladesh
No ratings yet
Prospects of Using Blockchain in Banking Sectors of Bangladesh
85 pages
The Smart Contract Handbook - Blockchain Platforms
100% (1)
The Smart Contract Handbook - Blockchain Platforms
11 pages
Block Chain
No ratings yet
Block Chain
114 pages
BLOCKBENCH: A Framework For Analyzing Private Blockchains
No ratings yet
BLOCKBENCH: A Framework For Analyzing Private Blockchains
16 pages
Blockchain Technology
No ratings yet
Blockchain Technology
6 pages
An Introduction To Blockchain
No ratings yet
An Introduction To Blockchain
6 pages
Blockchain Crash Course
100% (2)
Blockchain Crash Course
38 pages
BlockChain in Indian Context
No ratings yet
BlockChain in Indian Context
57 pages
Blockchain in Marketing
100% (1)
Blockchain in Marketing
14 pages
Certified Blockchain Professional Brochure PDF
100% (1)
Certified Blockchain Professional Brochure PDF
19 pages
Lecture 2 Smart Contracts and Solidity Basics1
100% (1)
Lecture 2 Smart Contracts and Solidity Basics1
133 pages
Blockchain Certification Training Course
No ratings yet
Blockchain Certification Training Course
23 pages
Blockchain 102
100% (2)
Blockchain 102
255 pages
Blockchain Course
No ratings yet
Blockchain Course
4 pages
Proposal On SSI
No ratings yet
Proposal On SSI
10 pages
Unit - 1 Notes
No ratings yet
Unit - 1 Notes
14 pages
Certificate Validation Using Blockchain
No ratings yet
Certificate Validation Using Blockchain
4 pages
Security Monitoring with Wazuh: A hands-on guide to effective enterprise security using real-life use cases in Wazuh
From Everand
Security Monitoring with Wazuh: A hands-on guide to effective enterprise security using real-life use cases in Wazuh
Rajneesh Gupta
No ratings yet
Blockchain - Curs 2
No ratings yet
Blockchain - Curs 2
36 pages
Afm B200C PDF
No ratings yet
Afm B200C PDF
1 page
An EOQ Example: Slide-79
No ratings yet
An EOQ Example: Slide-79
24 pages
CAN Article in Mikrobasic PRO For PIC
No ratings yet
CAN Article in Mikrobasic PRO For PIC
2 pages
Uniquely Decodable Codes
No ratings yet
Uniquely Decodable Codes
10 pages
Cement Plant Key Performance Indicators PDF
No ratings yet
Cement Plant Key Performance Indicators PDF
32 pages
Introduction To Adobe Animate CC
No ratings yet
Introduction To Adobe Animate CC
3 pages
03 Amelogenesis - English
No ratings yet
03 Amelogenesis - English
158 pages
Wide Damping Region For LCL Type Grid-Connected Inverter With An Improved Capacitor-Current-Feedback Method
No ratings yet
Wide Damping Region For LCL Type Grid-Connected Inverter With An Improved Capacitor-Current-Feedback Method
13 pages
Course Introduction - OOAD
No ratings yet
Course Introduction - OOAD
7 pages
Cell Structures and Their Functions
No ratings yet
Cell Structures and Their Functions
1 page
TI-B 33 (92) Test Method Determination of The Efficiency of Concrete Curing Compounds
No ratings yet
TI-B 33 (92) Test Method Determination of The Efficiency of Concrete Curing Compounds
6 pages
Classical Flutter 2DOF Lec13
No ratings yet
Classical Flutter 2DOF Lec13
11 pages
Semaphore Worksheet
No ratings yet
Semaphore Worksheet
2 pages
LX51
No ratings yet
LX51
107 pages
Public Garden Automation Document
63% (8)
Public Garden Automation Document
85 pages
Artificial Intelligence and Machine Learning
No ratings yet
Artificial Intelligence and Machine Learning
26 pages
Effects of Defocus Distance On Three-Beam Laser Internal Coaxial Wire Cladding
No ratings yet
Effects of Defocus Distance On Three-Beam Laser Internal Coaxial Wire Cladding
22 pages
Photosynthesis Quiz
No ratings yet
Photosynthesis Quiz
3 pages
Influence of Contours On Architecture
No ratings yet
Influence of Contours On Architecture
68 pages
1SVR730700R2100
No ratings yet
1SVR730700R2100
4 pages
Experiment - 5 Raymond Classifier: Name: Aman Agrawal Roll No:18CH30003
No ratings yet
Experiment - 5 Raymond Classifier: Name: Aman Agrawal Roll No:18CH30003
6 pages
Lumber Tycoon 2 Roblox
No ratings yet
Lumber Tycoon 2 Roblox
6 pages
MATH 103 Module 1 - Statistics Introduction
No ratings yet
MATH 103 Module 1 - Statistics Introduction
30 pages
P5x30 Selection Guide
No ratings yet
P5x30 Selection Guide
2 pages
Cribbage Rules1
No ratings yet
Cribbage Rules1
5 pages
Seven Segment Display Description
No ratings yet
Seven Segment Display Description
8 pages
Catalyst Support Bed Brochure
No ratings yet
Catalyst Support Bed Brochure
15 pages