27 June 2017
visit http://events.sap.com/gb/fsi-forum-2017/en/home

EU watchdog tells FS firms to focus on blockchain security risks

23 January 2017  |  10824 views  |  1 safelock

Financial services firms rushing to adopt blockchain need to make sure that they address the security challenges associated with the technology, the European Union Agency for Network and Information Security (Enisa) has warned.

Banks around the world are busily testing distributed ledger technology, lured by the promise of efficiency and cost savings in everything from remittances to securities settlements. And a recent World Economic Forum report revealed that over one billion euros has been invested in startups in the area.

In its own report, Enisa says that the technology has some obvious security benefits, including enhanced transaction privacy and the ability to follow an audit trail for agreements. Meanwhile, some principles used in the security of traditional systems and in blockchain, such as key management and encryption, are still largely the same.

However, there are new challenges that the technology brings, like consensus hijacking and smart contract management.

To tackle this, the report offers best practice advice, urging firms to monitor internal activity, automate regulatory compliance, disclose information only to relevant counterparts and authorities, and adopt industry level governance procedures for the updating of ledger implementations over time.

Udo Helmbrecht, executive director, Enisa, says: "Cyber security should be considered as a key element in the Blockchain implementation by financial institutions."

Read the full report:
» Download the document now 1.4 mb (PDF File)

Comments: (1)

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 23 January, 2017, 16:36

ENISA warns that "key management and encryption are still largely the same" challemnge with blockchain as traditional security. Well, yes and no. 

Certainly many blockchain pundits overlook key management.  I sifted through twenty-odd blockchain-for-healthcare proposals in the US Dept of Health & Human Service blockchain challenge last year, and attended the two day symposium at NIST headquarters. I was shocked at how few teams looked at key management. I don't just mean private key hygiene in hardware wallets and the like, but the management task of knowing which keys go with which users. See https://www.constellationr.com/blog-news/blockchain-healthcare-and-leading-edge-rd.

And here's the deep problem: blockchain's Proof of Work algorithm was designed so there is no need for key management.  It doesn't matter to the system which key goes with which user, because Bitcoin is electronic cash. Possession of the private key is all that matters.  Famously, you cannot recover lost Bitcoin balances if you lose your key, for there is no administrator. The absence of an administrator makes it necessary to crowd-source the overseeing of all currency movements (to stop Double Spends). That's what Proof of Work "consensus" does - it's the crowd satisfying itself that all spends are OK. 

When you hybridise blockchain, and adfold back in traditional key management and encryption (not to mention persmissions management for private blockchains), you take away the reason for being of the consensus algorithm. Why have crowd-sourced consensus when an administrator has already been able to oversee which key goes with which user?  As your selves: What is the real point of the original public blockchain? 

Consensus in the public blockchains as designed today becomes moot when you have key management. So yes, key management in blockchain technologies is much the same as with traditional security; just beware of where it leaves public blockchain architecture which was designed to expel all administration. Many hybrid blockchains look rather like solar powered race cars retrofitted with petrol engines to make them go faster.  

2 thumb ups! 2 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Finra paper explores implications of blockchain for securities industry

Finra paper explores implications of blockchain for securities industry

19 January 2017  |  9717 views  |  0 comments | 10 tweets | 12 linkedin
Blockchain could slash investment banks' costs by 30%

Blockchain could slash investment banks' costs by 30%

17 January 2017  |  8101 views  |  0 comments | 24 tweets | 23 linkedin
Blockchain impact timeline speeds up, massive cost savings forecast

Blockchain impact timeline speeds up, massive cost savings forecast

13 January 2017  |  16961 views  |  0 comments | 40 tweets | 39 linkedin
Swift goes deeper into the blockchain

Swift goes deeper into the blockchain

12 January 2017  |  19399 views  |  0 comments | 32 tweets | 44 linkedin
Deloitte invests in SETL

Deloitte invests in SETL

07 December 2016  |  9542 views  |  0 comments | 7 tweets | 5 linkedin
Blockchain adoption unlikely to affect bank ratings in the near term - S&P

Blockchain adoption unlikely to affect bank ratings in the near term - S&P

28 October 2016  |  11753 views  |  1 comments | 13 tweets | 18 linkedin

Related blogs

Create a blog about this story (membership required)
visit vasco.com/news/PSD2-compliant-solutionsvisit www.finastra.comdownload the report now

Top topics

Most viewed Most shared
Live: EBAday 2017, day twoLive: EBAday 2017, day two
10892 views comments | 4 tweets | 5 linkedin
ECB preps eurozone-wide instant payments serviceECB preps eurozone-wide instant payments s...
8648 views comments | 19 tweets | 33 linkedin
hands typing furiouslyArtificial Intelligence- Computer to IOT
7994 views 0 | 4 tweets | 2 linkedin
ABN Amro tests wearable tech for contactless paymentsABN Amro tests wearable tech for contactle...
7799 views comments | 9 tweets | 6 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job