Securing Blockchain Networks like Ethereum and Hyperledger Fabric

Book description

Build secure private blockchain networks to handle mission-critical security challenges such as denial-of-service attacks, user wallets, and pool mining attacks

Key Features

  • Explore blockchain concepts such as cryptography, consensus algorithms, and security assumptions
  • Architect network security for mission-critical decentralized apps (Dapps) using design security considerations
  • Consider various deployment and operational aspects while building a blockchain network

Book Description

Blockchain adoption has extended from niche research to everyday usage. However, despite the blockchain revolution, one of the key challenges faced in blockchain development is maintaining security, and this book will demonstrate the techniques for doing this.

You'll start with blockchain basics and explore various blockchain attacks on user wallets, and denial of service and pool mining attacks. Next, you'll learn cryptography concepts, consensus algorithms in blockchain security, and design principles while understanding and deploying security implementation guidelines. You'll not only cover architectural considerations, but also work on system and network security and operational configurations for your Ethereum and Hyperledger Fabric network. You'll later implement security at each level of blockchain app development, understanding how to secure various phases of a blockchain app using an example-based approach. You'll gradually learn to securely implement and develop decentralized apps, and follow deployment best practices. Finally, you'll explore the architectural components of Hyperledger Fabric, and how they can be configured to build secure private blockchain networks.

By the end of this book, you'll have learned blockchain security concepts and techniques that you can implement in real blockchain production environments.

What you will learn

  • Understand blockchain consensus algorithms and security assumptions
  • Design secure distributed applications and smart contracts
  • Understand how blockchains manage transactions and help to protect wallets and private keys
  • Prevent potential security threats that can affect distributed ledger technologies (DLTs) and blockchains
  • Use pentesting tools for assessing potential flaws in Dapps and smart contracts
  • Assess privacy compliance issues and manage sensitive data with blockchain

Who this book is for

This book is for blockchain developers, security professionals, and Ethereum and Hyperledger developers who are looking to implement security in blockchain platforms and ensure secure data management using an example-driven approach. Basic knowledge of blockchain concepts will be beneficial.

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Securing Blockchain Networks like Ethereum and Hyperledger Fabric
  3. About Packt
    1. Why subscribe?
  4. Contributors
    1. About the author
    2. About the reviewers
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Code in Action
      3. Download the color images
      4. Conventions used
    4. Get in touch
      1. Reviews
  6. Section 1: Blockchain Security Core Concepts
  7. Introducing Blockchain Security and Attack Vectors
    1. An introduction to blockchain
      1. Blockchain as the Internet of Value
      2. Understanding the emergence of Bitcoin
      3. Blockchain use cases beyond Bitcoin
      4. The role played by the distributed ledger
    2. The building blocks of blockchain
      1. Unique addresses and transactions
      2. Nodes and consensus
      3. How Blockchain works
        1. Guaranteeing traceability and block synchronization
      4. The Blockchain process
    3. Blockchain network topology
      1. Network discovery and block synchronization
      2. Different types of blockchain
        1. Public blockchains
        2. Private blockchains
        3. Permissioned blockchains
      3. Distributed ledger technology
      4. Blockchain use cases
    4. Establishing trust through consensus algorithms
      1. Blockchain consensus layer
      2. Reaching consensus in the blockchain
      3. Understanding the consensus mechanisms
        1. Byzantine Generals Problem
        2. Proof of Work 
        3. Proof of Stake
        4. Proof of Authority
    5. Potential threats that affect trust
      1. Threats to the distributed architecture
        1. 51% attack
        2. Eclipse attacks
      2. Threats to the application layer
        1. Cryptojacking
        2. Attacking smart contracts
      3. Threats to the security model
    6. Summary
  8. Cryptography Essentials
    1. Technical requirements
    2. A glimpse into cryptography
      1. The role played by cryptography
      2. Cryptography and the blockchain
      3. Simple encryption example
    3. Symmetric versus asymmetric cryptography
      1. Stream and block ciphers
      2. Symmetric cryptography limitations
      3. Asymmetric cryptography
      4. Asymmetric key management with PKI
      5. Understanding RSA from scratch
        1. Modular arithmetic
        2. The extended Euclidean algorithm
      6. RSA algorithm implementation
        1. Generating RSA keys
        2. Encrypting and decrypting with RSA keys
    4. Elliptic cryptography in blockchain
      1. The discrete logarithm problem
      2. RSA versus ECC keys
      3. Elliptic curves math properties
      4. Abelian groups
      5. Abelian groups for elliptic curves
      6. Generating public keys with ECC
    5. SHA hashing and digital signatures in practice
      1. Cryptographic hash function characteristics
      2. Hash functions in blockchain
      3. Hashing algorithms
      4. SHA algorithms
      5. Hashing examples
      6. Digital signatures and DSA
    6. Blockchain Merkle trees
      1. A Merkle tree audit proof
      2. Merkle tree consistency proof
      3. Implementing a Merkle tree
    7. Summary
  9. Blockchain Security Assumptions
    1. Centralized models versus decentralized models
      1. The centralized application model
      2. The decentralized application model
    2. Advantages and disadvantages of blockchain
      1. Advantages of blockchain
      2. Disadvantages of blockchain
    3. Blockchain versus DLT
    4. Understanding transaction security
      1. Securing private keys
      2. Blockchain transaction weaknesses
    5. Attacking a blockchain
      1. The Sybil attack
        1. The majority attack
        2. Estimating the chances of a 51% attack
      2. Double-spending attacks
      3. Eclipse attacks
        1. Eclipse attack on Bitcoin's blockchain
      4. Mining pool security threats
      5. Selfish mining attacks
      6. Forking attacks
    6. Understanding the quantum computing threat
      1. Quantum computing in a nutshell
      2. Cryptography at stake
      3. Quantum versus traditional computability
        1. Dealing with computability and decidability
        2. Computational complexity
        3. Quantum computability and complexity
      4. Quantum computing attack resistance
    7. Summary
    8. Further Reading
  10. Section 2: Architecting Blockchain Security
  11. Trustless Blockchain Networks
    1. Technical requirements
    2. Network discovery with P2P
      1. Implementing a P2P network over the public internet
      2. Implementing P2P network discovery
      3. Network discovery in Bitcoin's blockchain
        1. DNS seeds
        2. Bitcoin hardcoded IP list
      4. Peer discovery in Bitcoin
      5. Bitcoin addresses
      6. Bitcoin addresses and cryptographic keys
      7. Analyzing blockchain network attacks
        1. DNS attacks
        2. Denial of Service attacks
      8. Possible countermeasures to network attacks
    3. Block synchronization
      1. Synching blocks at node startup
      2. Block data structure
      3. Achieving consensus in a trustless network
      4. Exploring blockchain
        1. Exploring Bitcoin addresses
        2. Exploring a blockchain's blocks
      5. Block vulnerabilities and attacks
    4. Transaction management
      1. Transactions in a nutshell
      2. Transaction verification
      3. Transaction scripts
        1. P2PKH scripts
        2. P2SH scripts
      4. Adding transactions to blocks
      5. Exploring transactions
    5. Wallet key secure management
      1. Introducing wallets
      2. Types of wallets
        1. Deterministic wallets
        2. Non-deterministic wallets
        3. Paper wallets
        4. Brain wallet
      3. Wallet vulnerabilities
      4. Securing Bitcoin wallets
      5. Securing online wallets
      6. Securing paper wallets
    6. Summary
  12. Securing Hyperledger Fabric
    1. Permissioned blockchains and DLTs
      1. Public versus private blockchains
      2. Permissioned blockchains access rights
      3. DLTs as permissioned blockchains
      4. Consensus in permissioned blockchains
      5. Assessing availability and consistency with the CAP theorem
    2. Getting to know Hyperledger Fabric
      1. Hyperledger Fabric architecture
      2. Hyperledger Fabric application model
      3. Hyperledger Fabric versus other blockchains
      4. Hyperledger transaction flow
        1. Execution phase
        2. Ordering phase
        3. Validation phase
    3. Hyperledger strong identities
      1. Designing a Hyperledger Fabric network
      2. Hyperledger Fabric network governance
      3. MSP
      4. Fabric CA configuration
        1. Registration operation
        2. Enrollment operation
        3. Revoking digital identities
    4. Hyperledger chaincode security
      1. Installing and deploying chaincodes
      2. Chaincode security
      3. Chaincode trusted execution
      4. Trusted execution with Intel SGX
    5. Preventing common threats with Hyperledger
      1. The Hyperledger Fabric ecosystem
      2. Running Hyperledger on Docker
      3. Hyperledger transaction privacy
        1. Channels
        2. Private data
    6. Summary
  13. Section 3: Securing Decentralized Apps and Smart Contracts
  14. Decentralized Apps and Smart Contracts
    1. Technical requirements
    2. Introducing DApps
      1. Types of DApps
        1. Smart contracts
        2. Decentralized organizations
        3. Decentralized autonomous organizations
      2. Characteristics of DApps
      3. Introducing Ethereum
        1. Creating Ethereum accounts
        2. Ethereum transactions
        3. Ethereum consensus mechanism
        4. The Ethereum Virtual Machine
        5. Ethereum gas
        6. Ethereum communication and storage protocols
      4. Ethereum security threats
        1. Stale blocks
        2. Blockchain forks
        3. Catastrophic bugs – the DAO bug
    3. Introducing smart contract fundamentals
      1. Smart contract requirements
      2. Automating execution and enforcement
      3. Secure and unstoppable
      4. Bridging the gap between computers and people
      5. Feeding data to smart contracts through Oracles
      6. Deploying smart contracts on a blockchain
    4. Creating secure smart contracts
      1. Developing smart contracts with Turing-complete languages
      2. Bitcoin Script
        1. Example of Bitcoin Script
      3. Bug inevitability and the risks of Turing-complete programs
      4. Developing smart contracts with Remix IDE
        1. A simple smart contract
    5. Executing secure smart contracts
      1. Best practices for smart contract security
      2. Dealing with bugs in smart contracts
    6. Summary
  15. Preventing Threats for DApps and Smart Contracts
    1. Technical requirements
    2. Hacking smart contracts
      1. Introducing MAIAN
        1. Analyzing smart contracts with MAIAN
      2. Types of buggy smart contracts
        1. Suicidal contracts
        2. Prodigal contracts
        3. Greedy contracts
      3. Checking buggy contract types with MAIAN
    3. Analyzing smart contract threats
      1. Integer overflow and underflow
      2. Remediation of integer overflow and underflow
      3. Overflow example code
      4. DoS using loops and overflow
      5. A buggy smart contract
      6. Fixing the buggy smart contract
      7. Re-entrancy attack
    4. Smart contract attack examples
      1. Analyzing the DAO attack
      2. The Parity attack
    5. Preventing smart contract attacks
    6. Analyzing smart contracts for security
      1. Analyzing smart contracts with Mythril
      2. Analyzing smart contracts with Securify
    7. Summary
  16. Section 4: Preserving Data Integrity and Privacy
  17. Exploiting Blockchain as an Attack Vector
    1. Storing illicit data in the blockchain
      1. Storing illicit data on Bitcoin's blockchain
      2. Storing illicit data on the blockchain through transactions
      3. Erasing illicit data from the blockchain
      4. Erasing data from Bitcoin's blockchain with Bitcoind Erase
    2. Preserving anonymity in the blockchain
      1. Bitcoin's anonymity myth
      2. Public keys as identities
      3. One-time public keys and stealth addresses
      4. Transaction anonymity
      5. Privacy coins
    3. Dealing with identity theft
      1. Stealing users identities
      2. Managing and protecting identity with blockchain
      3. How effective is blockchain at preventing identity theft?
        1. Ensuring real and unique identities
        2. Verifying the attribution of identities to legitimate owners
    4. Spreading malware with blockchain
      1. Malware versus antivirus software
      2. Getting to know K-ary malware
      3. Blockchain as the vector of choice for k-ary malware spreading
    5. Summary
  18. Analyzing Privacy and GDPR Compliance Issues
    1. Preserving sensitive data in a blockchain
      1. What data should be stored on a blockchain
      2. Storing sensitive data off-chain
    2. Leveraging blockchain for healthcare
      1. Protecting healthcare data with blockchain
      2. Managing healthcare data with smart contracts
    3. Improving IoT security with blockchain
      1. IoT security threats
      2. Solving IoT security issues with blockchain
    4. Reconciling blockchain with the GDPR
      1. Blockchain versus GDPR
      2. Personal data in the GDPR
      3. Public keys as personal data
      4. Assessing the data controller role in a blockchain
      5. Complying with the right to be forgotten
        1. Possible alternatives to data erasure on blockchains
      6. Assessing blockchain compatibility with the GDPR
    5. Summary
  19. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Securing Blockchain Networks like Ethereum and Hyperledger Fabric
  • Author(s): Alessandro Parisi
  • Release date: April 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781838646486