Skip to main content
Top

2021 | OriginalPaper | Chapter

4. Balancing Security: A Moving Target

Authors : Artemij Voskobojnikov, Volker Skwarek, Atefeh Mashatan, Shin’Ichiro Matsuo, Chris Rowell, Tim Weingärtner

Published in: Building Decentralized Trust

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Blockchain technology has come a long way since its inception in the form of Bitcoin in 2009. With a growing interest from industry and academia came an influx of new application areas and domains that make use of this technology on a daily basis. This technology, while having unique security properties, also presented new security challenges and previously unexplored attack vectors that became the target of malicious actors in the domain.
This chapter presents an overview of security challenges that arise when using, developing, and designing blockchain technology. Firstly, common attack vectors and pitfalls are presented that have to be considered when working with blockchains. Next, weak points in all layers, i.e., technical, data/records, and social layers, are thoroughly discussed and countermeasures with the potential of alleviating some concerns are suggested. Lastly, an outlook on the technology’s future is given and suggestions are provided on how to design usable, secure systems that could withstand the test of time.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
go back to reference Atzei, N., Bartoletti, M., & Cimoli, T. (2017). A survey of attacks on Ethereum smart contracts (SoK). In M. Maffei & M. Ryan (Eds.), POST 2017: Principles of security and trust (Lecture notes in computer science) (Vol. 10204, pp. 164–186). Berlin: Springer. https://doi.org/10.1007/978-3-662-54455-6. Atzei, N., Bartoletti, M., & Cimoli, T. (2017). A survey of attacks on Ethereum smart contracts (SoK). In M. Maffei & M. Ryan (Eds.), POST 2017: Principles of security and trust (Lecture notes in computer science) (Vol. 10204, pp. 164–186). Berlin: Springer. https://​doi.​org/​10.​1007/​978-3-662-54455-6.​
go back to reference Bornholdt, L., Reher, J. & Skwarek, V. (2019). Proof-of-location: A method for securing sensor-data-communication in a Byzantine fault tolerant way. In Mobile communication – Technologies and applications; 24. ITG-Symposium (pp. 1–6). IEEE. Retrieved from https://ieeexplore.ieee.org/document/8731780 Bornholdt, L., Reher, J. & Skwarek, V. (2019). Proof-of-location: A method for securing sensor-data-communication in a Byzantine fault tolerant way. In Mobile communication – Technologies and applications; 24. ITG-Symposium (pp. 1–6). IEEE. Retrieved from https://​ieeexplore.​ieee.​org/​document/​8731780
go back to reference Boudreau, K. J., & Hagiu, A. (2009). Platforms rules: Multi-sided platforms as regulators. In A. Gawer (Ed.), Platforms, markets and innovation (pp. 163–191). Cheltenham: Edward Elgar Boudreau, K. J., & Hagiu, A. (2009). Platforms rules: Multi-sided platforms as regulators. In A. Gawer (Ed.), Platforms, markets and innovation (pp. 163–191). Cheltenham: Edward Elgar
go back to reference Collomosse, J., Bui, T., Brown, A., Sheridan, J., Green, A., Bell, M., Fawcett, J., & Thereaux, O. (2018). ARCHANGEL: Trusted archives of digital public documents. In DocEng ’18: Proceedings of the ACM Symposium on Document Engineering 2018 (Article 31, pp. 1–4). New York: Association for Computing Machinery. https://doi.org/10.1145/3209280.3229120. Collomosse, J., Bui, T., Brown, A., Sheridan, J., Green, A., Bell, M., Fawcett, J., & Thereaux, O. (2018). ARCHANGEL: Trusted archives of digital public documents. In DocEng ’18: Proceedings of the ACM Symposium on Document Engineering 2018 (Article 31, pp. 1–4). New York: Association for Computing Machinery. https://​doi.​org/​10.​1145/​3209280.​3229120.​
go back to reference Duranti, L. (1998). Diplomatics: New uses for an old science. Lanham, MD: Scarecrow Press Duranti, L. (1998). Diplomatics: New uses for an old science. Lanham, MD: Scarecrow Press
go back to reference Gao, X., Clark, G.D., & Lindqvist, J. (2016). Of two minds, multiple addresses, and one ledger: Characterizing opinions, knowledge, and perceptions of Bitcoin across users and non-users. In: CHI’16: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (pp. 1656–1668). New York: Association for Computing Machinery (ACM). http://doi.acm.org/10.1145/2858036.2858049. Gao, X., Clark, G.D., & Lindqvist, J. (2016). Of two minds, multiple addresses, and one ledger: Characterizing opinions, knowledge, and perceptions of Bitcoin across users and non-users. In: CHI’16: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (pp. 1656–1668). New York: Association for Computing Machinery (ACM). http://​doi.​acm.​org/​10.​1145/​2858036.​2858049.​
go back to reference Grover, L. K. (1996). A fast quantum mechanical algorithm for database search. In STOC ’96: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing (pp. 212–219). New York: Association for Computing Machinery (ACM). https://doi.org/10.1145/237814.237866. Grover, L. K. (1996). A fast quantum mechanical algorithm for database search. In STOC ’96: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing (pp. 212–219). New York: Association for Computing Machinery (ACM). https://​doi.​org/​10.​1145/​237814.​237866.​
go back to reference International Organization for Standardization (ISO). (2012). Information technology—security techniques—guidelines for cybersecurity (ISO/IEC 27032:2012) International Organization for Standardization (ISO). (2012). Information technology—security techniques—guidelines for cybersecurity (ISO/IEC 27032:2012)
go back to reference Larios-Hernández, G. J., & Ortiz-de-Zarate-Béjar, A. (2019). Blockchain entrepreneurship and the struggle for trust among the unbanked. In H. Treilblmaier & R. Beck (Eds.), Business transformation through blockchain: Vol. II (pp. 259–283). Cham: Springer International. https://doi.org/10.1007/978-3-319-99058-3_10. Larios-Hernández, G. J., & Ortiz-de-Zarate-Béjar, A. (2019). Blockchain entrepreneurship and the struggle for trust among the unbanked. In H. Treilblmaier & R. Beck (Eds.), Business transformation through blockchain: Vol. II (pp. 259–283). Cham: Springer International. https://​doi.​org/​10.​1007/​978-3-319-99058-3_​10.​
go back to reference Martens, M. L., Jennings, J. E., & Jennings, P. D. (2007). Do the stories they tell get them the legitimacy they need? The role of entrepreneurial narratives in resource acquisition. The Academy of Management Journal, 50(5), 1107–1132. Retrieved from https://www.jstor.org/stable/20159915 Martens, M. L., Jennings, J. E., & Jennings, P. D. (2007). Do the stories they tell get them the legitimacy they need? The role of entrepreneurial narratives in resource acquisition. The Academy of Management Journal, 50(5), 1107–1132. Retrieved from https://​www.​jstor.​org/​stable/​20159915
go back to reference Maymounkov, P., & Mazières, D. (2002). Kademlia: A peer-to-peer information system based on the XOR metric. In P. Druschel, F. Kaashoek, & A. Rowstron (Eds.), Peer-to-peer systems: First international workshop, IPTPS 2002, Cambridge, MA, USA, March 7–8, 2002. Revised papers. Lecture notes in computer science (Vol. 2429). Berlin: Springer. https://doi.org/10.1007/3-540-45748-8_5. Maymounkov, P., & Mazières, D. (2002). Kademlia: A peer-to-peer information system based on the XOR metric. In P. Druschel, F. Kaashoek, & A. Rowstron (Eds.), Peer-to-peer systems: First international workshop, IPTPS 2002, Cambridge, MA, USA, March 7–8, 2002. Revised papers. Lecture notes in computer science (Vol. 2429). Berlin: Springer. https://​doi.​org/​10.​1007/​3-540-45748-8_​5.
go back to reference Moore, G. A. (2014). Crossing the chasm: Marketing and selling disruptive products to mainstream customers (3rd ed.). New York: HarperCollins Moore, G. A. (2014). Crossing the chasm: Marketing and selling disruptive products to mainstream customers (3rd ed.). New York: HarperCollins
go back to reference Navis, C., & Glynn, M. A. (2011). Legitimate distinctiveness and the entrepreneurial identity: Influence on investor judgements of new venture plausibility. The Academy of Management Review, 36(3), 479–499. Retrieved from https://www.jstor.org/stable/41319182 Navis, C., & Glynn, M. A. (2011). Legitimate distinctiveness and the entrepreneurial identity: Influence on investor judgements of new venture plausibility. The Academy of Management Review, 36(3), 479–499. Retrieved from https://​www.​jstor.​org/​stable/​41319182
go back to reference Pfleeger, C. P. & Pfleeger, S. L. (2002). Security in computing (3rd ed.). Prentice Hall Professional Technical Reference Pfleeger, C. P. & Pfleeger, S. L. (2002). Security in computing (3rd ed.). Prentice Hall Professional Technical Reference
go back to reference Rogers, E. (2003). The diffusion of innovations (5th ed.). New York: The Free Press Rogers, E. (2003). The diffusion of innovations (5th ed.). New York: The Free Press
go back to reference Sheng, S., Broderick, L., Koranda, C. A., & Hyland, J. J. (2006). Why Johnny still can’t encrypt: Evaluating the usability of email encryption software. Poster session presented at the meeting of SOUPS 2006: Symposium on Usable Privacy and Security, Pittsburgh, PA, July 12–14, 2006. Abstract. Retrieved from http://www.chariotsfire.com/pub/sheng-poster_abstract.pdf Sheng, S., Broderick, L., Koranda, C. A., & Hyland, J. J. (2006). Why Johnny still can’t encrypt: Evaluating the usability of email encryption software. Poster session presented at the meeting of SOUPS 2006: Symposium on Usable Privacy and Security, Pittsburgh, PA, July 12–14, 2006. Abstract. Retrieved from http://​www.​chariotsfire.​com/​pub/​sheng-poster_​abstract.​pdf
go back to reference Skwarek, V., Kistler, T., Rawer, M., & Schauer, S. (2016). IoT und sensornetzwerke: entwurf und programmierung von niedrigstenergiesystemen anhand einer metaarchitektur [IoT and sensor networks: Design and programming of lowest energy systems based on a meta-architecture]. In H. C. Mayr & M. Pinzger (Eds.), Lecture Notes in Informatics (LNI), Proceedings – Series of the Gesellschaft fur Informatik (GI)P-259 – INFORMATIK 2016, (pp. 1917–1925) Skwarek, V., Kistler, T., Rawer, M., & Schauer, S. (2016). IoT und sensornetzwerke: entwurf und programmierung von niedrigstenergiesystemen anhand einer metaarchitektur [IoT and sensor networks: Design and programming of lowest energy systems based on a meta-architecture]. In H. C. Mayr & M. Pinzger (Eds.), Lecture Notes in Informatics (LNI), Proceedings – Series of the Gesellschaft fur Informatik (GI)P-259 – INFORMATIK 2016, (pp. 1917–1925)
go back to reference Stallings, W., & Brown, L. (2018). Computer security: Principles and practice (4th ed.). New York: Pearson Stallings, W., & Brown, L. (2018). Computer security: Principles and practice (4th ed.). New York: Pearson
go back to reference Voskobojnikov, A., Obada-Obieh, B., Huang, Y., & Beznosov, K. (2020, February). Surviving the cryptojungle: Perception and management of risk among North American cryptocurrency (non) users. In J. Bonneau J. & N. Heninger (Eds.) Financial cryptography and data security. FC 2020. Lecture notes in computer science (Vol 12059, pp. 595-614). Cham: Springer. https://doi.org/10.1007/978-3-030-51280-4_32. Voskobojnikov, A., Obada-Obieh, B., Huang, Y., & Beznosov, K. (2020, February). Surviving the cryptojungle: Perception and management of risk among North American cryptocurrency (non) users. In J. Bonneau J. & N. Heninger (Eds.) Financial cryptography and data security. FC 2020. Lecture notes in computer science (Vol 12059, pp. 595-614). Cham: Springer. https://​doi.​org/​10.​1007/​978-3-030-51280-4_​32.
Metadata
Title
Balancing Security: A Moving Target
Authors
Artemij Voskobojnikov
Volker Skwarek
Atefeh Mashatan
Shin’Ichiro Matsuo
Chris Rowell
Tim Weingärtner
Copyright Year
2021
DOI
https://doi.org/10.1007/978-3-030-54414-0_4

Premium Partner