Unchaining Blockchain Security Part 1: The Emerging Risks of Private Blockchains in Enterprises


By Dr. Marco Balduzzi

What are the security challenges enterprises are bound to face when adopting blockchain technology?

In our Security Predictions report for 2024, we emphasized how threat actors will further target private blockchains as more enterprises leverage the technology for its beneficial features and lower costs. As is the case with any technology, cybercriminals persistently seek ways to abuse systems and use them for their own gain. And while this isn’t a new concept for blockchain, the scope and severity of risks associated with this technology have continued to mutate over the years.

It would serve industries well to be cognizant and vigilant of security challenges linked to blockchains. To look into this, we first explored past developments, present trends, and future projections involving this technology. Then, we dived deeper into its use cases, corresponding threats, and business impact companies could deal with if attackers break into the system.

In part one of our three-part series on the security issues of private blockchains, we discuss the evolution of blockchains and how enterprises are increasingly adopting this technology in their forms of private and hybrid blockchains.

Blockchain: Past, Present, and Future

The introduction of Bitcoin in 2008 by Satoshi Nakamoto (presumed to be pseudonymous) marked the beginning of the blockchain revolution. As the first decentralized cryptocurrency, Bitcoin was designed to enable peer-to-peer transactions without the need for intermediaries such as banks. Its underlying technology, the blockchain, provided a secure and transparent ledger where all transactions were recorded in a chronological and immutable manner. Bitcoin's primary function was to serve as a digital currency, and it quickly gained popularity due to its decentralized nature, security, and the promise of financial freedom.

While Bitcoin demonstrated the power and potential of blockchain technology, its functionality was relatively limited to being a digital currency and a store of value. This limitation prompted innovators to explore how the underlying blockchain technology could be leveraged for more complex applications. Among these innovators was Vitalik Buterin, a young programmer who envisioned a more versatile platform that could support decentralized applications and execute complex transactions.

In 2015, Buterin's vision materialized with the launch of Ethereum. Unlike Bitcoin, Ethereum was designed not just as a cryptocurrency but as a comprehensive decentralized platform. Ethereum introduced a new concept called "smart contracts" — self-executing contracts where the terms of agreement are directly written into code. These smart contracts automatically execute transactions when predefined conditions are met, eliminating the need for intermediaries and significantly expanding the potential use cases for blockchain technology.

Ethereum's blockchain is programmable, meaning developers can create and deploy their own distributed applications (dApps) on the network. This programmability is enabled by the Ethereum Virtual Machine (EVM), a decentralized computation engine that runs the smart contracts. The EVM makes Ethereum a Turing-complete system, capable of performing any computation that can be described algorithmically, given enough resources.

Several organizations and business categories have successfully adopted blockchain technology, showcasing its versatile applications. In finance, companies like JPMorgan Chase have implemented blockchain solutions to enhance payment processing and settlement efficiency, significantly reducing transaction times and costs. The supply chain sector has seen remarkable improvements with companies like IBM and Walmart utilizing blockchain to track products from origin to shelf, ensuring product authenticity and safety. In healthcare, institutions such as the Mayo Clinic are leveraging blockchain to secure patient records, facilitating better data sharing while maintaining privacy and security. The real estate industry is also benefiting, with platforms like Propy streamlining property transactions by using blockchain to handle contracts and title transfers, thus reducing the risk of fraud and speeding up the closing process.

The next figure illustrates the rapid evolution of blockchain technology in recent years. While Bitcoin has steadily grown since its introduction to consistently operate around 500,000 transactions per day in its public network, Ethereum has seen an exponential increase, surpassing one million transactions per day. This highlights the significant potential of data-centric blockchain networks compared to traditional financial networks like Bitcoin.

Figure 1. Bitcoin, Ethereum, and Litecoin transactions through the years

Figure 1. Bitcoin, Ethereum, and Litecoin transactions through the years
Source: bitinfocharts.com

When looking at the future, a similar trend is expected to continue. In the next figure, Precedence Research estimates a compound annual growth rate (CAGR) of 85% with a market size growing from US$16 billion this year to over US$2 trillion by 2032.

Figure 2. Blockchain technology market size, 2022 to 2032

Figure 2. Blockchain technology market size, 2022 to 2032
Source: precedenceresearch.com

This development of blockchain technology is well depicted in the following figure by Gartner. The analyst predicts that the technology will reach full maturity next year (2025). The years before 2010 are considered the foundation years, during which the blockchain paradigm was introduced as a platform for exchanging cryptographically signed information in a distributed form (e.g., Bitcoin). From 2010 to 2020, more advanced forms of blockchain networks emerged, with Ethereum taking a leadership role by offering a platform for hosting internet content in a distributed form and, more recently, enabling the execution of decentralized applications.

Figure 3. Gartner blockchain spectrum

Figure 3. Gartner blockchain spectrum
Source: gartner.com

As anticipated, the result of this evolution is a broader application of blockchain technology, as reported by Fortune Business Insights in the following image. While the BFSI (Banking, Financial Services, and Insurance) sector still represents the largest industry due to its historical adoption of traditional blockchain for financial services, other industries have also begun to invest in this space. For example, organizations in the manufacturing domain are now extensively using modern blockchain networks to track their production of goods and improve the traceability of their supply chains.

Figure 4. Global blockchain technology market share, by industry, 2023

Figure 4. Global blockchain technology market share, by industry, 2023
Source: fortunebusinessinsights.com

All regions witnessed this evolution as reported by Precedence Research, shown in Figure 5.

Figure 5. Blockchain technology market share, by region, 2022

Figure 5. Blockchain technology market share, by region, 2022
Source: precedenceresearch.com

The emergence of private blockchains

In the rapidly evolving landscape of blockchain technology, private and hybrid blockchains have emerged as compelling solutions tailored to the specific needs of business enterprises. Unlike public blockchains, which operate on decentralized networks accessible to anyone, private blockchains are restricted environments where access is controlled by a single organization or a consortium of entities. This permissioned nature allows for greater control over network governance, enhanced privacy, and improved transaction speeds, making private blockchains an attractive option for enterprises seeking to leverage blockchain technology while maintaining stringent control over their data and operations.

Private blockchains are designed to address several key challenges faced by businesses today. One of the primary advantages is the ability to ensure data confidentiality. In industries such as finance, healthcare, and supply chain management, sensitive information must be protected from unauthorized access. Private blockchains provide a secure environment where data can be shared among authorized participants without exposing it to the broader public. This is particularly important for enterprises that must comply with regulatory requirements and protect intellectual property.

Another significant benefit of private blockchains is their ability to offer faster and more efficient transaction processing. Since the network is restricted to a known set of participants, consensus mechanisms can be optimized for speed and efficiency, reducing the time and computational resources required to validate transactions. This makes private blockchains well-suited for applications that require high throughput and low latency, such as real-time financial settlements and supply chain tracking.

Moreover, private blockchains offer enhanced control over network governance. Enterprises can establish their own rules and policies for participation, data access, and transaction validation, ensuring that the network operates in alignment with their specific business needs and regulatory requirements. This level of control enables businesses to create customized blockchain solutions that can be seamlessly integrated into their existing systems and processes.

Adding to the enterprise landscape, hybrid blockchains combine elements of both public and private networks to offer a flexible solution tailored to specific business needs. Hybrid blockchains enable organizations to maintain private, sensitive data on a private ledger while still leveraging the security and transparency benefits of a public blockchain for certain transactions. This dual approach allows businesses to optimize their blockchain use, balancing the need for confidentiality with the advantages of decentralization. For instance, a company might use a private blockchain to manage internal operations while using a hybrid blockchain to interact with external partners or customers.

The next figure shows how private and hybrid networks have gained popularity, capturing approximately 40% of the market share.

Figure 6. Blockchain technology market share, by type, 2022

Figure 6. Blockchain technology market share, by type, 2022
Source: precedenceresearch.com

The following table summarizes the main differences between a public network, such as the Ethereum mainnet, and its corresponding private network.

PublicPrivate
SecuritySecured by the interaction of thousands of independent nodes run by individuals and miners all over the world.Typically have a small number of nodes controlled by one or a few organizations; those nodes can be tightly controlled, but, in case of a 51% attack, the chain can be compromised.
PerformanceNormally low. High throughput can be achieved with Layer 2 scaling solutions.Normally built on top of high-performance nodes controlled by the organization. They usually achieve higher transaction throughput at Layer 1.
CostWhile there is no cost to connect to public Ethereum, there is a gas cost for every transaction, which must be paid for in ether.Primarily reflected in labor to set up and manage the chain, and the servers to run it. No other costs (e.g., transaction costs) are present.
Node permissionAnybody can set up a node on public Ethereum.Only authorized nodes can join private networks.
PrivacyAll data written is viewable by anyone, so sensitive information must be stored and transmitted off-chain, or else encrypted.Access to data written to private chains can be controlled by restricting access to the network, and on a finer-grained basis with access controls and private transactions.

Table 1. Differences between public and private blockchain networks

In the next installment of this series, we will explore the business drivers behind the deployment of private and hybrid blockchains in organizations. It can be said that these types of blockchains have been developed to meet the needs of modern enterprises, offering improved performance, fewer errors, increased automation, and reduced costs. As a result, it's not surprising that an increasing number of organizations are adopting the blockchain paradigm. We'll discuss this trend in the next article, which will also include the presentation of real-world use cases.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Опубликовано в Cybercrime & Digital Threats, Research