In Blockchain Security from the Bottom Up: Securing and Preventing Attacks on Cryptocurrencies, Decentralized Applications, NFTs, and Smart Contracts, accomplished blockchain and cybersecurity consultant and educator Howard E. Poston delivers an authoritative exploration of blockchain and crypto cybersecurity. In the book, the author shows you exactly how cybersecurity should be baked into the blockchain at every layer of the technology’s ecosystem. You’ll discover how each layer can be attacked and learn how to prevent and respond to those attacks in an environment of constant technological change and evolution.
You’ll also find: - Illuminating case studies of real-world attacks and defenses at various layers in the blockchain ecosystem - Thorough introductions to blockchain technology, including its implementations in areas like crypto, NFTs, and smart contracts - Comprehensive explorations of critical blockchain topics, including protocols, consensus, and proof of work
A can’t-miss resource for blockchain and cybersecurity professionals seeking to stay on the cutting-edge of a rapidly evolving area, Blockchain Security from the Bottom Up will also earn a place on the bookshelves of software developers working with cryptocurrencies and other blockchain implementations.
Table of Contents
Chapter 1 Introduction to Blockchain Security 1
The Goals of Blockchain Technology 2
Anonymity 2
Decentralization 2
Fault Tolerance 2
Immutability 3
Transparency 3
Trustless 3
Structure of the Blockchain 3
The Blockchain Network 5
The Blockchain Node 5
A Blockchain Block 6
A Blockchain Transaction 7
Inside the Blockchain Ecosystem 8
Fundamentals 8
Primitives 9
Data Structures 9
Protocols 9
Consensus 9
Block Creation 10
Infrastructure 10
Nodes 10
Network 11
Advanced 11
Smart Contracts 11
Extensions 11
Threat Modeling for the Blockchain 12
Threat Modeling with STRIDE 12
Spoofing 12
Tampering 12
Repudiation 13
Information Disclosure 13
Denial of Service 13
Elevation of Privilege 13
Applying STRIDE to Blockchain 14
Conclusion 14
Chapter 2 Fundamentals 15
Cryptographic Primitives 15
Public Key Cryptography 16
Introducing “Hard” Mathematical Problems 16
Building Cryptography with “Hard” Problems 18
How the Blockchain Uses Public Key Cryptography 19
Security Assumptions of Public Key Cryptography 20
Attacking Public Key Cryptography 20
Hash Functions 25
Security Assumptions of Hash Functions 25
Additional Security Requirements 27
How the Blockchain Uses Hash Functions 28
Attacking Hash Functions 31
Threat Modeling for Cryptographic Algorithms 32
Data Structures 33
Transactions 33
What’s In a Transaction? 33
Inside the Life Cycle of a Transaction 34
Attacking Transactions 34
Blocks 37
Inside a Block 37
Attacking Blockchain Blocks 38
Threat Modeling for Data Structures 39
Conclusion 39
Chapter 3 Protocols 43
Consensus 43
Key Concepts in Blockchain Consensus 44
Byzantine Generals Problem 44
Security via Scarcity 45
The Longest Chain Rule 46
Proof of Work 46
Introduction to Proof of Work 47
Security of Proof of Work 48
Proof of Stake 53
Introduction to Proof of Stake 53
Variants of Proof of Stake 54
Security of Proof of Stake 54
Threat Modeling for Consensus 59
Block Creation 59
Stages of Block Creation 60
Transaction Transmission 60
Block Creator Selection (Consensus) 60
Block Building 61
Block Transmission 61
Block Validation 61
Attacking Block Creation 62
Denial of Service 62
Frontrunning 63
SPV Mining 65
Threat Modeling for Block Creation 65
Conclusion 65
Chapter 4 Infrastructure 67
Nodes 67
Inside a Blockchain Node 68
Attacking Blockchain Nodes 68
Blockchain- Specific Malware 69
Denial-of-Service Attacks 70
Failure to Update 71
Malicious Inputs 72
Software Misconfigurations 73
Threat Modeling for Blockchain Nodes 74
Networks 74
Attacking the Blockchain Network 75
Denial-of-service Attacks 75
Eclipse/Routing Attacks 76
Sybil Attacks 78
Threat Modeling for Blockchain Networks 80
Conclusion 80
Chapter 5 Advanced 83
Smart Contracts 83
Smart Contract Vulnerabilities 84
General Programming Vulnerabilities 85
Blockchain- Specific Vulnerabilities 94
Platform-Specific Vulnerabilities 103
Application- Specific Vulnerabilities 119
Threat Modeling for Smart Contracts 128
Blockchain Extensions 128
State Channels 129
State Channel Security Considerations 129
Sidechains 130
Sidechain Security Considerations 131
Threat Modeling for Blockchain Extensions 132
Conclusion 133
Chapter 6 Considerations for Secure Blockchain Design 137
Blockchain Type 137
Public vs. Private 138
Benefits of Public vs. Private Blockchains 138
Open vs. Permissioned 139
Benefits of Open vs. Permissioned Blockchains 139
Choosing a Blockchain Architecture 140
Privacy and Security Enhancements 140
Zero-Knowledge Proofs 140
Stealth Addresses 141
Ring Signatures 141
Legal and Regulatory Compliance 142
Designing Secure Blockchains for the Future 143
Index 145
