Eight months after declaring that cable had boldly entered what many consider to be “the most significant technological innovation since the dawn of the Internet,” CableLabs has published list of all the ways that blockchain security can be compromised.
According to Brian Scriber, principal security architect for the cable industry technology consortium, CableLabs’ Security Technologies team has been tracking attacks on blockchain networks, and various compromises, for several years. It’s identified key hazard groupings and security considerations in blockchain projects, some of which Scriber listed in the org’s latest blog post.
> Smart Contract Injection - No, it’s not as sexy as it sounds. “The smart contract engine is an interpreter for a (sometimes novel) programming language and a parser of data related to the decisions the engine needs to make,” Scriber explained. “The hazard in this situation is when executable code appears inside smart contracts in an effort to subvert the contract language or data. Implementers need to consider sanitizing inputs to smart contracts, proper parsing and error handling.”
> Replay Attacks - “Not only is there a threat in transaction processing and validation, but also in node behavior, authentication, and the securing of confidential messaging,” Scriber wrote. “Adding nonces to check against prior transactions is critical.”
> History Revision Attacks - “Blockchains that rely on fault-tolerant consensus models do well when there are many participating nodes processing, competing and collaborating on the next block,” Scriber said. “When the number of nodes drops, or if there is predictably cyclic behavior, lulls can be leveraged in a history revision attack where a new branch is created, effectively deleting a previously accepted transaction. Designers should consider how to best guarantee minimum support and the diversity of nodes.”
> Permanence Poisoning - "Due to the permanence of blockchains and the cost to fork, it’s possible to sabotage a chain with even claims of illegal content to draw the ire of regulators and law enforcement,” Scriber said.
> Confidential Information Leaks - According to Scriber, “Permanence increases the risk of data being exfiltrated out of the chain. Even encrypted data is at risk for future threats against those algorithms or brute-force attacks. Designers need to make sure that they understand the data being stored, how it is protected, who owns it and how it could be re-associated with any pseudonymized users.”
These are just a few of the attacks listed by Scriber.
Notably, the posting comes just a few weeks after Comcast and Charter announced a partnership with Viacom to build a blockchain-enabled addressable advertising exchange.