Blockchain Security from the Bottom Up

Blockchain Security from the Bottom Up

Securing and Preventing Attacks on Cryptocurrencies, Decentralized Applications, NFTs, and Smart Contracts

Poston, Howard E.

John Wiley & Sons Inc

10/2022

176

Mole

Inglês

9781119896296

15 a 20 dias

249

Descrição não disponível.
Chapter 1 Introduction to Blockchain Security 1

The Goals of Blockchain Technology 2

Anonymity 2

Decentralization 2

Fault Tolerance 2

Immutability 3

Transparency 3

Trustless 3

Structure of the Blockchain 3

The Blockchain Network 5

The Blockchain Node 5

A Blockchain Block 6

A Blockchain Transaction 7

Inside the Blockchain Ecosystem 8

Fundamentals 8

Primitives 9

Data Structures 9

Protocols 9

Consensus 9

Block Creation 10

Infrastructure 10

Nodes 10

Network 11

Advanced 11

Smart Contracts 11

Extensions 11

Threat Modeling for the Blockchain 12

Threat Modeling with STRIDE 12

Spoofing 12

Tampering 12

Repudiation 13

Information Disclosure 13

Denial of Service 13

Elevation of Privilege 13

Applying STRIDE to Blockchain 14

Conclusion 14

Chapter 2 Fundamentals 15

Cryptographic Primitives 15

Public Key Cryptography 16

Introducing "Hard" Mathematical Problems 16

Building Cryptography with "Hard" Problems 18

How the Blockchain Uses Public Key Cryptography 19

Security Assumptions of Public Key Cryptography 20

Attacking Public Key Cryptography 20

Hash Functions 25

Security Assumptions of Hash Functions 25

Additional Security Requirements 27

How the Blockchain Uses Hash Functions 28

Attacking Hash Functions 31

Threat Modeling for Cryptographic Algorithms 32

Data Structures 33

Transactions 33

What's In a Transaction? 33

Inside the Life Cycle of a Transaction 34

Attacking Transactions 34

Blocks 37

Inside a Block 37

Attacking Blockchain Blocks 38

Threat Modeling for Data Structures 39

Conclusion 39

Chapter 3 Protocols 43

Consensus 43

Key Concepts in Blockchain Consensus 44

Byzantine Generals Problem 44

Security via Scarcity 45

The Longest Chain Rule 46

Proof of Work 46

Introduction to Proof of Work 47

Security of Proof of Work 48

Proof of Stake 53

Introduction to Proof of Stake 53

Variants of Proof of Stake 54

Security of Proof of Stake 54

Threat Modeling for Consensus 59

Block Creation 59

Stages of Block Creation 60

Transaction Transmission 60

Block Creator Selection (Consensus) 60

Block Building 61

Block Transmission 61

Block Validation 61

Attacking Block Creation 62

Denial of Service 62

Frontrunning 63

SPV Mining 65

Threat Modeling for Block Creation 65

Conclusion 65

Chapter 4 Infrastructure 67

Nodes 67

Inside a Blockchain Node 68

Attacking Blockchain Nodes 68

Blockchain- Specific Malware 69

Denial-of-Service Attacks 70

Failure to Update 71

Malicious Inputs 72

Software Misconfigurations 73

Threat Modeling for Blockchain Nodes 74

Networks 74

Attacking the Blockchain Network 75

Denial-of-service Attacks 75

Eclipse/Routing Attacks 76

Sybil Attacks 78

Threat Modeling for Blockchain Networks 80

Conclusion 80

Chapter 5 Advanced 83

Smart Contracts 83

Smart Contract Vulnerabilities 84

General Programming Vulnerabilities 85

Blockchain- Specific Vulnerabilities 94

Platform-Specific Vulnerabilities 103

Application- Specific Vulnerabilities 119

Threat Modeling for Smart Contracts 128

Blockchain Extensions 128

State Channels 129

State Channel Security Considerations 129

Sidechains 130

Sidechain Security Considerations 131

Threat Modeling for Blockchain Extensions 132

Conclusion 133

Chapter 6 Considerations for Secure Blockchain Design 137

Blockchain Type 137

Public vs. Private 138

Benefits of Public vs. Private Blockchains 138

Open vs. Permissioned 139

Benefits of Open vs. Permissioned Blockchains 139

Choosing a Blockchain Architecture 140

Privacy and Security Enhancements 140

Zero-Knowledge Proofs 140

Stealth Addresses 141

Ring Signatures 141

Legal and Regulatory Compliance 142

Designing Secure Blockchains for the Future 143

Index 145
Este título pertence ao(s) assunto(s) indicados(s). Para ver outros títulos clique no assunto desejado.
Blockchain cybersecurity; cybersecurity in blockchain; blockchain layer cybersecurity; crypto cybersecurity; crypto ledger security; crypto ledger hacking; crypto hacking; crypto hacks; blockchain layer security; blockchain attacks