Overview of Blockchain Security
- Participants can Identify and differentiate between security threats and attacks on a Blockchain network.
- Participant will know Blockchain security methods, best practices, risk mitigation, and more.
- Participant will know how to perform Blockchain network security risk analysis.
- A complete understanding of Blockchain’s inherent security features and risks.
- An excellent knowledge of best security practices for Blockchain System/Network Administrators.
- Participants can demonstrate appropriate Blockchain data safeguarding techniques.
Duration
5 Days
Prerequisite for Blockchain Security
There is no Prerequisites for this training.
Course Outline for Blockchain Security
Fundamental Blockchain Security Cryptography for the Blockchain Hash Functions
- Public Key Cryptography
- Elliptic Curve Cryptography
- A Brief Introduction to Blockchain The Blocks
- The Chains
- The Network
- Promises of the Blockchain
- Blockchain Security Assumptions Digital Signature Security
- Hash Function Security
- Limitations of Basic Blockchain Security Public Key Cryptography Review
- Real-Life Public Key Protection
- Cryptography and Quantum Computers
- Lab 1 (Tentative) Finding Hash Function Collisions Reversible hash function
- Hash function with poor non-locality
- Hash function with small search space
- Breaking Public Key Cryptography Brute Forcing a Short Private Key
- Brute Forcing a Poorly-Chosen Private Key
Consensus in the Blockchain
- Blockchain Consensus and Byzantine Generals Blockchain Networking Review
- Byzantine Generals Problem Relation to Blockchain
- Byzantine Fault Tolerance
- Introduction to Blockchain Consensus Security Blockchain Consensus Breakthrough
- Proof of Work What is Proof of Work?
- How does Proof of Work Solve BGP?
- Proof of Work Security Assumptions
- Attacking Proof of Work
- Proof of Stake What is Proof of Stake?
- How does Proof of Stake Solve BGP?
- Proof of Stake Security Assumptions
- Attacking Proof of Stake
- General Attacks on Blockchain Consensus
- Other Blockchain Consensus Algorithms
- Lab 2 (Tentative) Attacking Proof of Work Performing a 51% Attack
- Performing a Selfish Mining Attack
- Attacking Proof of Stake Performing a XX% Attack
- Performing a Long-Range Attack
- Malleable Transaction Attacks
Advanced Blockchain Security Mechanisms Architectural Security Measures Permissioned Blockchains
- Checkpointing
- Advanced Cryptographic Solutions Multiparty Signatures
- Zero-Knowledge Proofs
- Stealth Addresses
- Ring Signatures
- Confidential Transactions
- Lab 3 (Tentative) Permissioned Blockchains
- 51% on a Checkpointed Blockchain
- Data mining on a blockchain with/without stealth addresses
- Zero-Knowledge Proof Simulation
- Trying to fake knowledge of a ZKP
- Module 4: Blockchain for Business Introduction to Ethereum Security What is Ethereum
- Consensus in Ethereum
- Smart Contracts in Ethereum
- Ethereum Security
- Pros and Cons of Ethereum Blockchains
- Introduction to Hyperledger Security What is Hyperledger
- Consensus in Hyperledger
- Smart Contracts in Hyperledger
- Hyperledger Security
- Pros and Cons of Hyperledger Blockchains
- Introduction to Corda Security What is Corda
- Consensus in Corda
- Smart Contracts in Corda
- Corda Security
- Pros and Cons of Corda Blockchains
- Lab 4
Blockchain Risk Assessment What are the Risks of the Blockchain?
- Information Security
- Information Sensitivity Data being placed on blockchain
- Risks of disclosure
- Regulatory Requirements Data encryption
- Data control
- PII protection
- Blockchain Architectural Design Public and Private Blockchains
- Open and Permissioned Blockchains
- Choosing a Blockchain Architecture
- Lab 5
- Exploring public/private open/permissioned blockchains?
Basic Blockchain Security Blockchain Architecture
- User Security Protecting Private Keys
- Malware
- Update
- Node Security
- Configuring MSPs
- Network Security
- Lab 6 (TBD)
Smart Contract Security Introduction to Smart Contracts
- Smart Contract Security Considerations Turing-Complete
- Lifetime
- External Software
- Smart Contract Code Auditing Difficulties
- Techniques
- Tools
- Lab 7 (Tentative)
- Try a couple of smart contract code auditing tool against different contracts with built-in vulnerabilities
- Module 8: Security Implementing Business Blockchains Ethereum Best Practices
- Hyperledger Best Practices
- Corda Best Practices
- Lab 8
Network-Level Vulnerabilities and Attacks Introduction to Blockchain Network Attacks
- 51% Attacks
- Denial of Service Attacks
- Eclipse Attacks
- Routing Attacks
- Sybil Attacks
- Lab 9
- Perform different network-level attacks
System-Level Vulnerabilities and Attacks Introduction to Blockchain System Vulnerabilities
- The Bitcoin Hack
- The Verge Hack
- The EOS Vulnerability
- Lab 10
Smart Contract Vulnerabilities and Attacks Introduction to Common Smart Contract Vulnerabilities
- Reentrancy
- Access Control
- Arithmetic
- Unchecked Return Values
- Denial of Service
- Bad Randomness
- Race Conditions
- Timestamp Dependence
- Short Addresses
- Lab 11
- Exploiting vulnerable smart contracts
Security of Alternative DLT Architectures What Are Alternative DLT Architectures?
- Introduction to Directed Acyclic Graphs (DAGs)
- DAGs vs. Blockchains
- Advantages of DAGs
- DAG Vulnerabilities and Security
- Lab 12
- Exploring a DAG network