29 April 2017
visit nextgenbanking.co.uk

EU watchdog tells FS firms to focus on blockchain security risks

23 January 2017  |  10307 views  |  1 safelock

Financial services firms rushing to adopt blockchain need to make sure that they address the security challenges associated with the technology, the European Union Agency for Network and Information Security (Enisa) has warned.

Banks around the world are busily testing distributed ledger technology, lured by the promise of efficiency and cost savings in everything from remittances to securities settlements. And a recent World Economic Forum report revealed that over one billion euros has been invested in startups in the area.

In its own report, Enisa says that the technology has some obvious security benefits, including enhanced transaction privacy and the ability to follow an audit trail for agreements. Meanwhile, some principles used in the security of traditional systems and in blockchain, such as key management and encryption, are still largely the same.

However, there are new challenges that the technology brings, like consensus hijacking and smart contract management.

To tackle this, the report offers best practice advice, urging firms to monitor internal activity, automate regulatory compliance, disclose information only to relevant counterparts and authorities, and adopt industry level governance procedures for the updating of ledger implementations over time.

Udo Helmbrecht, executive director, Enisa, says: "Cyber security should be considered as a key element in the Blockchain implementation by financial institutions."

Read the full report:
» Download the document now 1.4 mb (PDF File)

Comments: (1)

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 23 January, 2017, 16:36

ENISA warns that "key management and encryption are still largely the same" challemnge with blockchain as traditional security. Well, yes and no. 

Certainly many blockchain pundits overlook key management.  I sifted through twenty-odd blockchain-for-healthcare proposals in the US Dept of Health & Human Service blockchain challenge last year, and attended the two day symposium at NIST headquarters. I was shocked at how few teams looked at key management. I don't just mean private key hygiene in hardware wallets and the like, but the management task of knowing which keys go with which users. See https://www.constellationr.com/blog-news/blockchain-healthcare-and-leading-edge-rd.

And here's the deep problem: blockchain's Proof of Work algorithm was designed so there is no need for key management.  It doesn't matter to the system which key goes with which user, because Bitcoin is electronic cash. Possession of the private key is all that matters.  Famously, you cannot recover lost Bitcoin balances if you lose your key, for there is no administrator. The absence of an administrator makes it necessary to crowd-source the overseeing of all currency movements (to stop Double Spends). That's what Proof of Work "consensus" does - it's the crowd satisfying itself that all spends are OK. 

When you hybridise blockchain, and adfold back in traditional key management and encryption (not to mention persmissions management for private blockchains), you take away the reason for being of the consensus algorithm. Why have crowd-sourced consensus when an administrator has already been able to oversee which key goes with which user?  As your selves: What is the real point of the original public blockchain? 

Consensus in the public blockchains as designed today becomes moot when you have key management. So yes, key management in blockchain technologies is much the same as with traditional security; just beware of where it leaves public blockchain architecture which was designed to expel all administration. Many hybrid blockchains look rather like solar powered race cars retrofitted with petrol engines to make them go faster.  

2 thumb ups! 2 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Finra paper explores implications of blockchain for securities industry

Finra paper explores implications of blockchain for securities industry

19 January 2017  |  9197 views  |  0 comments | 10 tweets | 12 linkedin
Blockchain could slash investment banks' costs by 30%

Blockchain could slash investment banks' costs by 30%

17 January 2017  |  7620 views  |  0 comments | 24 tweets | 23 linkedin
Blockchain impact timeline speeds up, massive cost savings forecast

Blockchain impact timeline speeds up, massive cost savings forecast

13 January 2017  |  16432 views  |  0 comments | 40 tweets | 39 linkedin
Swift goes deeper into the blockchain

Swift goes deeper into the blockchain

12 January 2017  |  18590 views  |  0 comments | 31 tweets | 44 linkedin
Deloitte invests in SETL

Deloitte invests in SETL

07 December 2016  |  9156 views  |  0 comments | 7 tweets | 5 linkedin
Blockchain adoption unlikely to affect bank ratings in the near term - S&P

Blockchain adoption unlikely to affect bank ratings in the near term - S&P

28 October 2016  |  11575 views  |  1 comments | 13 tweets | 18 linkedin

Related blogs

Create a blog about this story (membership required)
Find out morevisit vasco.com/news/PSD2-compliant-solutionsvisit dh.com

Top topics

Most viewed Most shared
Six global banks join Swift DLT trialsSix global banks join Swift DLT trials
7715 views comments | 15 tweets | 36 linkedin
BBVA steps up fintech acquisition strategy with purchase of OpenpayBBVA steps up fintech acquisition strategy...
6963 views comments | 17 tweets | 16 linkedin
Should central banks open up payment and settlement systems to non-banks?Should central banks open up payment and s...
5984 views comments | 22 tweets | 21 linkedin
Token raises $15.7 million as PSD2 approachesToken raises $15.7 million as PSD2 approac...
5924 views comments | 20 tweets | 20 linkedin
hands typing furiouslyMobile Technology, Its Importance, Present...
5680 views 0 | 2 tweets | 1 linkedin

Featured job

to 120K base, £300K ote, stock options
London, UK

Find your next job