11 December 2017
visit www.avoka.com

EU watchdog tells FS firms to focus on blockchain security risks

23 January 2017  |  11524 views  |  1 safelock

Financial services firms rushing to adopt blockchain need to make sure that they address the security challenges associated with the technology, the European Union Agency for Network and Information Security (Enisa) has warned.

Banks around the world are busily testing distributed ledger technology, lured by the promise of efficiency and cost savings in everything from remittances to securities settlements. And a recent World Economic Forum report revealed that over one billion euros has been invested in startups in the area.

In its own report, Enisa says that the technology has some obvious security benefits, including enhanced transaction privacy and the ability to follow an audit trail for agreements. Meanwhile, some principles used in the security of traditional systems and in blockchain, such as key management and encryption, are still largely the same.

However, there are new challenges that the technology brings, like consensus hijacking and smart contract management.

To tackle this, the report offers best practice advice, urging firms to monitor internal activity, automate regulatory compliance, disclose information only to relevant counterparts and authorities, and adopt industry level governance procedures for the updating of ledger implementations over time.

Udo Helmbrecht, executive director, Enisa, says: "Cyber security should be considered as a key element in the Blockchain implementation by financial institutions."

Read the full report:
» Download the document now 1.4 mb (PDF File)

Comments: (1)

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 23 January, 2017, 16:36

ENISA warns that "key management and encryption are still largely the same" challemnge with blockchain as traditional security. Well, yes and no. 

Certainly many blockchain pundits overlook key management.  I sifted through twenty-odd blockchain-for-healthcare proposals in the US Dept of Health & Human Service blockchain challenge last year, and attended the two day symposium at NIST headquarters. I was shocked at how few teams looked at key management. I don't just mean private key hygiene in hardware wallets and the like, but the management task of knowing which keys go with which users. See https://www.constellationr.com/blog-news/blockchain-healthcare-and-leading-edge-rd.

And here's the deep problem: blockchain's Proof of Work algorithm was designed so there is no need for key management.  It doesn't matter to the system which key goes with which user, because Bitcoin is electronic cash. Possession of the private key is all that matters.  Famously, you cannot recover lost Bitcoin balances if you lose your key, for there is no administrator. The absence of an administrator makes it necessary to crowd-source the overseeing of all currency movements (to stop Double Spends). That's what Proof of Work "consensus" does - it's the crowd satisfying itself that all spends are OK. 

When you hybridise blockchain, and adfold back in traditional key management and encryption (not to mention persmissions management for private blockchains), you take away the reason for being of the consensus algorithm. Why have crowd-sourced consensus when an administrator has already been able to oversee which key goes with which user?  As your selves: What is the real point of the original public blockchain? 

Consensus in the public blockchains as designed today becomes moot when you have key management. So yes, key management in blockchain technologies is much the same as with traditional security; just beware of where it leaves public blockchain architecture which was designed to expel all administration. Many hybrid blockchains look rather like solar powered race cars retrofitted with petrol engines to make them go faster.  

2 thumb ups! 2 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Finra paper explores implications of blockchain for securities industry

Finra paper explores implications of blockchain for securities industry

19 January 2017  |  10610 views  |  0 comments | 10 tweets | 12 linkedin
Blockchain could slash investment banks' costs by 30%

Blockchain could slash investment banks' costs by 30%

17 January 2017  |  9113 views  |  0 comments | 25 tweets | 23 linkedin
Blockchain impact timeline speeds up, massive cost savings forecast

Blockchain impact timeline speeds up, massive cost savings forecast

13 January 2017  |  18177 views  |  0 comments | 40 tweets | 39 linkedin
Swift goes deeper into the blockchain

Swift goes deeper into the blockchain

12 January 2017  |  20768 views  |  0 comments | 33 tweets | 45 linkedin
Deloitte invests in SETL

Deloitte invests in SETL

07 December 2016  |  10492 views  |  0 comments | 7 tweets | 5 linkedin
Blockchain adoption unlikely to affect bank ratings in the near term - S&P

Blockchain adoption unlikely to affect bank ratings in the near term - S&P

28 October 2016  |  12116 views  |  1 comments | 13 tweets | 18 linkedin

Related blogs

Create a blog about this story (membership required)
visit www.solutions.lexisnexis.comvisit www.atos.netvisit http://info.nice.com

Who is commenting?

Top topics

Most viewed Most shared
Revolut lets customers buy Bitcoin, Litecoin and EthereumRevolut lets customers buy Bitcoin, Liteco...
18425 views comments | 26 tweets | 22 linkedin
Saxo Bank's 'Outrageous Prediction': Bitcoin to peak at $60k next year before spectacular crashSaxo Bank's 'Outrageous Prediction': Bitco...
11334 views comments | 7 tweets | 7 linkedin
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
7710 views comments | 15 tweets | 21 linkedin
Santander UK poaches Barclays innovation chief Michael HarteSantander UK poaches Barclays innovation c...
6609 views comments | 8 tweets | 17 linkedin
Barclays, First Direct and Nationwide join FCA sandbox cohortBarclays, First Direct and Nationwide join...
6014 views comments | 5 tweets | 12 linkedin

Featured job

Competitive base, double ote, benefits
London, UK

Find your next job