Blockchain Security Training

  • Participants can Identify and differentiate between security threats and attacks on a Blockchain network.
  • Participant will know Blockchain security methods, best practices, risk mitigation, and more.
  • Participant will know how to perform Blockchain network security risk analysis.
  • A complete understanding of Blockchain’s inherent security features and risks.
  • An excellent knowledge of best security practices for Blockchain System/Network Administrators.
  • Participants can demonstrate appropriate Blockchain data safeguarding techniques.

5 Days

NA

Fundamental Blockchain Security Cryptography for the Blockchain Hash Functions

  • Public Key Cryptography
  • Elliptic Curve Cryptography
  • A Brief Introduction to Blockchain The Blocks
  • The Chains
  • The Network
  • Promises of the Blockchain
  • Blockchain Security Assumptions Digital Signature Security
  • Hash Function Security
  • Limitations of Basic Blockchain Security Public Key Cryptography Review
  • Real-Life Public Key Protection
  • Cryptography and Quantum Computers
  • Lab 1 (Tentative) Finding Hash Function Collisions Reversible hash function
  • Hash function with poor non-locality
  • Hash function with small search space
  • Breaking Public Key Cryptography Brute Forcing a Short Private Key
  • Brute Forcing a Poorly-Chosen Private Key

Consensus in the Blockchain

  • Blockchain Consensus and Byzantine Generals Blockchain Networking Review
  • Byzantine Generals Problem Relation to Blockchain
  • Byzantine Fault Tolerance
  • Introduction to Blockchain Consensus Security Blockchain Consensus Breakthrough
  • Proof of Work What is Proof of Work?
  • How does Proof of Work Solve BGP?
  • Proof of Work Security Assumptions
  • Attacking Proof of Work
  • Proof of Stake What is Proof of Stake?
  • How does Proof of Stake Solve BGP?
  • Proof of Stake Security Assumptions
  • Attacking Proof of Stake
  • General Attacks on Blockchain Consensus
  • Other Blockchain Consensus Algorithms
  • Lab 2 (Tentative) Attacking Proof of Work Performing a 51% Attack
  • Performing a Selfish Mining Attack
  • Attacking Proof of Stake Performing a XX% Attack
  • Performing a Long-Range Attack
  • Malleable Transaction Attacks

Advanced Blockchain Security Mechanisms Architectural Security Measures Permissioned Blockchains

  • Checkpointing
  • Advanced Cryptographic Solutions Multiparty Signatures
  • Zero-Knowledge Proofs
  • Stealth Addresses
  • Ring Signatures
  • Confidential Transactions
  • Lab 3 (Tentative) Permissioned Blockchains
  • 51% on a Checkpointed Blockchain
  • Data mining on a blockchain with/without stealth addresses
  • Zero-Knowledge Proof Simulation
  • Trying to fake knowledge of a ZKP
  • Module 4: Blockchain for Business Introduction to Ethereum Security What is Ethereum
  • Consensus in Ethereum
  • Smart Contracts in Ethereum
  • Ethereum Security
  • Pros and Cons of Ethereum Blockchains
  • Introduction to Hyperledger Security What is Hyperledger
  • Consensus in Hyperledger
  • Smart Contracts in Hyperledger
  • Hyperledger Security
  • Pros and Cons of Hyperledger Blockchains
  • Introduction to Corda Security What is Corda
  • Consensus in Corda
  • Smart Contracts in Corda
  • Corda Security
  • Pros and Cons of Corda Blockchains
  • Lab 4

 

Blockchain Risk Assessment What are the Risks of the Blockchain?

  • Information Security
  • Information Sensitivity Data being placed on blockchain
  • Risks of disclosure
  • Regulatory Requirements Data encryption
  • Data control
  • PII protection
  • Blockchain Architectural Design Public and Private Blockchains
  • Open and Permissioned Blockchains
  • Choosing a Blockchain Architecture
  • Lab 5
  • Exploring public/private open/permissioned blockchains?

Basic Blockchain Security Blockchain Architecture

  • User Security Protecting Private Keys
  • Malware
  • Update
  • Node Security
  • Configuring MSPs
  • Network Security
  • Lab 6 (TBD)

Smart Contract Security Introduction to Smart Contracts

  • Smart Contract Security Considerations Turing-Complete
  • Lifetime
  • External Software
  • Smart Contract Code Auditing Difficulties
  • Techniques
  • Tools
  • Lab 7 (Tentative)
  • Try a couple of smart contract code auditing tool against different contracts with built-in vulnerabilities
  • Module 8: Security Implementing Business Blockchains Ethereum Best Practices
  • Hyperledger Best Practices
  • Corda Best Practices
  • Lab 8

Network-Level Vulnerabilities and Attacks Introduction to Blockchain Network Attacks

  • 51% Attacks
  • Denial of Service Attacks
  • Eclipse Attacks
  • Routing Attacks
  • Sybil Attacks
  • Lab 9
  • Perform different network-level attacks

System-Level Vulnerabilities and Attacks Introduction to Blockchain System Vulnerabilities

  • The Bitcoin Hack
  • The Verge Hack
  • The EOS Vulnerability
  • Lab 10

Smart Contract Vulnerabilities and Attacks Introduction to Common Smart Contract Vulnerabilities

  • Reentrancy
  • Access Control
  • Arithmetic
  • Unchecked Return Values
  • Denial of Service
  • Bad Randomness
  • Race Conditions
  • Timestamp Dependence
  • Short Addresses
  • Lab 11
  • Exploiting vulnerable smart contracts

Security of Alternative DLT Architectures What Are Alternative DLT Architectures?

  • Introduction to Directed Acyclic Graphs (DAGs)
  • DAGs vs. Blockchains
  • Advantages of DAGs
  • DAG Vulnerabilities and Security
  • Lab 12
  • Exploring a DAG network