One of the most components of the DevSecOps approach is security automation. To have this aspect in their DevOps environment companies should implement both a SAST and a DAST tool. ...
Blockchain is the new trending technology in the market, many companies start to implement it to solve multiple problems. Usually, this technology manages the different types of user information related to their money. Therefore, to secure this technology you should first understand how it works. Blockchain technology can be seen as a 6 layer system that works together. Therefore, what are the six layers of blockchain technology?
The Blockchain technology is built upon 6 main layers that are:
This blog post is part of a series where we explain every layer of this technology in detail. In this blog post, we will give you just an overview of each of those layers with real examples of their implementation. Therefore, if you are interested in learning more about it just keep reading.
You can imagine the Blockchain layers as the OSI layers with a small difference in the number of layers. In this blog post, we will start explaining the Blockchain layers from the outside.
The first layer in the Blockchain is the TCP/IP protocol in simple words, the internet we all know, and the way it simply works with all its protocols. Without the internet, the concept of distributed apps or even the Blockchain will never exist. However, in this series of blog posts, we will not discuss this layer in detail as it is already well covered by other blogs.
The Internet and other computer networks employ a set of communication protocols known as TCP/IP. The Transmission Control Protocol (TCP) and the Internet Protocol (IP) are the current core protocols in the suite (IP). Here is a good article made by Fortinet company about the TCP/IP model and the way it works.
On top of the internet layer, we the Peer-to-peer protocols also known as P2P. The P2P protocol was developed to give end-users the ability to communicate with each other without the need for a central server. This type of communication gives each end user the ability to become both a client and server and to avoid the centralization of both information and processing.
This type of protocol was first implemented in file sharing and then multiple applications start to adopt it like gamming, chats, and so on so forth.
The P2P protocols can be divided into two main types:
In structured peer-to-peer systems, network connections are fixed, and peers keep track of the resources (e.g., shared material) that their neighbor peers have. As a result, even if the data is exceedingly rare, data searches may be efficiently sent to nearby peers who hold the needed data. To facilitate fast data discovery, structured P2P systems put limits on both the node (peer) graph and data placement.
The unstructured P2P is the type used in Blockchain technology as the links are randomly established and all the data is stored in each node contrarily to the structured P2P network. Moreover, blocks in the unstructured P2P network are broadcasted in Bitcoin via flooding.
When a peer receives a new block, it announces the hash of the block to all its neighbors via an INV message. Neighbors who have not yet gotten the block react with a GETDATA message requesting it, and the block is then forwarded to them. The process is repeated until the new block has been received by all peers in the network.
I think what made all this concept available is the advancement in cryptography algorithms. The Blockchain technology was built on multiple cryptography algorithms and the most popular ones are:
When this field has started to first show up in the community of mathematicians, the only type of encryption that was known, was the symmetric encryption. This concept is based on having one shared key between two people to encrypt and decrypt the sent message. This type of encryption was in the beginning very efficient and very fast and easy to implement.
However, as the Blockchain network is a peer-to-peer network, sharing the secret key with a node you may not even know would be very difficult to do and may cause the key to be leaked.
Asymmetric encryption comes to solve this issue by introducing the concept of using two keys. The first one known as the private key is used to decrypt the information the node receives from its neighbors. The second key known as the public key is used to encrypt the data. As his name indicated, the public key is shared between the nodes and can only be used to encrypt the data.
In addition, this concept is also used to verify the identity of the message sender. This verification is also known as the digital signature.
To better understand this concept I will give you an example of how this concept is employed. Let’s say we have two node in the network that wants to communicate with each other and share information without leaking it due to man-in-the-middle attacks.
Node1 has SecretKey1 as his secret key and PublicKey1 as his public key and the Node2 has SecretKey2 as his secret key and PublicKey2 as his public key. The Node1 wants to send a piece of information to Node2. To do that :
If for any reason the encrypted message is sniffed by a man in the middle attack, the attacker could not be able to decrypt the captured message.
I think that knowing the mathematical details of these algorithms is not necessary to understand how the Blockchain works. However, knowing where each of those algorithms is used and why that’s something interesting to know about.
Hash functions are another essential cryptography concept in the Bitcoin processes. Hash functions are algorithms that can transform a large data into a small unique portion with a specific number of bytes. Those functions are used precisely in checking the integrity of the sent information. Moreover, the hashing algorithms represent the key concept in the PoW mechanism used by Bitcoin.
If you think a little bit about the hash function and the way it works you can easily see that theoretically, two inputs that produce the same hash output are possible, as the input is somehow unlimited and the output is limited in size. Therefore, theoretically, this is possible.
Actually, this is one of the attacks that can be performed against the hashing algorithms and it is mathematically proved and is known by a collision attack. However, in practice finding, two inputs that give the same hash is a time-consuming process and in some cases may take years to be found depending on the size of the hash. Therefore, those functions are still been used and each time updated to larger and larger hash sizes.
Here is a list of the most popular hash functions:
The digital signature concept is also a key element in Bitcoin technology and it is used in signing transactions sent by users. As the Blockchain ledger is publically accessible and open for writing for anyone (with PoW and all the stuff related to it …) writing malicious transaction that was not initiated by the actual owner of the Bitcoin is possible. Therefore, signing the transactions with the transactions by the Bitcoin owner is necessary to protect them.
The idea is that each owner sends Bitcoin to the next by adding a hash of the previous transaction and the next owner’s public key to the end of the coin. The chain of ownership can be then verified by a payee by checking the signatures.
As I said those algorithms play a key role in the Blockchain as they are responsible for securing the Blockchain and protecting the data integrity. Moreover, those algorithms were the key to solving the famous consensus problems.
In the next blog posts, we are going to explain these concepts in detail to see where each function is used and why. However, we will not get into the mathematical explanation of each one of them as this is not the objective of this series of blog posts.
Consensus algorithms are the result of a famous problem discussed and researched for a long time ago called the Byzantine generals problem. This problem was first introduced by M. Pease, R. Shostak, and L. Lamport.
The Byzantine general’s problem is defined as multiple generals trying to attack a city at the same moment to win the war. The problem is that they need to agree on the timing even if one of them is not loyal.
If you think about this problem you will see that the Blockchain has the same problem. Nodes of the network need to agree on the next block to put in the network without and they need to do that even in the presence of a faulty node.
To do that multiple consensus algorithms were developed by researchers all around the world, which can be divided into two main categories:
This setup necessitates nodes competing in a leader-election lottery, with the winner proposing the ultimate value. To earn the privilege to propose the next block, the method requires proof of some effort as well as the ownership of some authority or tokens. The PoW process employed in Bitcoin, for example, fits into this category, with a miner winning the privilege to add the next block to the blockchain if he solves the computational problem as proof of the computational effort exerted.
This form of consensus method is based on a basic strategy of nodes publishing and verifying signed messages in stages. After a given number of messages have been received across a particular number of rounds (phases), an agreement is established.
As the Proof-based consensus mechanism is the most popular one in Blockchain technology, then in this series of blog posts you will see the technical details of how those consensus mechanisms work and in which step they are used. However, here is a list of some of the most popular consensus algorithms:
The execution layer of the Blockchain is simply a sort of interface between the developers and the actual Blockchain capabilities. This layer is responsible for performing the basic operations of a Blockchain network, like transactions, storing the data in the network, and executing the different smart contracts.
This layer has multiple components that work together to make the Blockchain work correctly. However, here is a list of some of the most important ones:
All operations in the Blockchain are made using transactions. Even the deployment of a smart contract in the Blockchain is made with a transaction to remain in the Blockchain as a way of storing it. A transaction is simply the operation of transferring the value from one place to another and recode that in the Blockchain.
You can imagine blocks are registers where we store every transaction that was executed in the network. Those registers have of course a certain limit for every block and are connected to each other in a sort of chain. We will cover this in a detailed technical way in the next blog posts.
I think the most confusing part of this layer is the virtual machines. If you quickly read this you may think that we are talking about virtualization of operational systems (like Windows, Linux …). However, in Blockchain technology, a virtual machine is a sandbox that creates a sort of isolation between the programmer’s development language and the machine language.
This isolation help accelerate the development process and make it easier. Moreover, the virtual machines in the Blockchain make programs independent of the environment where they are running. You can think of the virtual machines in the Blockchain as the JVM in the java language. Here is a list of the most popular Blockchain virtual machines:
If you take a look at the different blog posts that talk about the Blockchain network and architecture, you may notice that some of them do not talk about this layer. Some consider that this layer is simply either part of the application layer or the consensus layer. However, both ways of thinking do not eliminate the existence of this layer.
The applications layer is the last layer of the Blockchain and it’s the one that holds all the business logic of different blockchain implementations and it is the most exposed to cyber-attacks. Most blockchain applications are known for their decentralization aspect that increases their security and availability.
To better understand the meaning of the blockchain application layer it is better to see some real examples of the most popular applications.
I guess the most popular and the most known blockchain application is the smart contract. Smart contracts are a set of source codes developed by a specific development language (like Solidity, Rust …) and deployed on the blockchain. This source code is executed whenever predefined circumstances are met.
Smart contracts eliminate the need for redundant paperwork and costly intermediaries to conduct traditional contracts, transactions, and exchanges while maintaining blockchain transparency and visibility. They function by producing a digital agreement or contract in which each party enters a set of specified criteria or provisions that must be fulfilled for the deal to be performed without the use of a third party.
Those programs are saved in the blockchain by sending the code in a transaction so that it can be written in the ledger. The same technique is used then to communicate with those apps and get their output.
In the last couple of years, we have seen a high trend in the implementation of those smart contracts by companies. This use has massively contributed to the development of what we call DeFi (decentralized finance).
A lot of people think that by developing a smart contract in the blockchain, this app is then secured by design and is not hackable. Unfortunately, this is totally false and the proof is that multiple contracts are hacked each day due to vulnerabilities in their code. What makes those smart contracts even more vulnerable than usual web or mobile apps is the fact that they cannot be patched and if the smart contract is deployed with a vulnerability then, the vulnerability will remain in the contract forever.
However, we will cover all those aspects in the next blog posts about smart contracts from smart contract vulnerabilities to the tricks and techniques used to patch those contracts.
To get an idea about what a smart contract may look like, you can take look at the following links:
Decentralized apps are a more general concept that includes smart contracts and many other types of apps. We will cover this aspect in detail in the blog post about Dapps. However, what you should keep in mind is that the Decentralized apps could be divided into 3 main types:
The best example to illustrate this is the Type 3 Dapps USDT Cryptocurrency that is based on the Omnilayer project which is itself a Type 2 Dapp built on Bitcoin (Type 1).
Written by: Z. Oualid
I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).
todayMay 31, 2023
NFTs are digital tokens that represent unique and scarce assets on the blockchain. They have become a popular way to create, buy, and sell digital art, collectibles, music, and more. [...]