Let's talk about Blockchain
Blockchain. (2018, 28 febrero). [Ilustracion]. https://www.delitosfinancieros.org/varios-paises-se-estan-estudiando-minuciosamente-la-tecnologia-de-blockchain-para-combatir-la-corrupcion/
Blockchain has become a buzz word not only in the cybersecurity but more notoriously in the financial sector, through cryptocurrency; however, often times the concept of blockchain is still confusing for many people. In this blog article we will be going through the fundamentals of blockchain.
Blockchain is presented to us as a record book that cannot be manipulated or altered, it has a decentralized design that consists of a series of machines or nodes, which keep a copy of the record and are updated as operations are carried out. To achieve this P2P (peer to peer) connections are used, with this the records are synchronized and validated in all the nodes.
Blockchain, as the name implies, is a chain of blocks whose first block serves as a template for subsequent ones. The first block is the one that will have the "header" data and will also create the hash to encode our records, the blocks that follow will calculate their own hash based on the previous one. The hash is a string of letters and numbers that serves as an identifier, each block of the chain will have its own identifier.
The history of blockchain
The concept of blockchain dates to 1991, it was proposed to use cryptography for an electronic payment system. This first approach was evolving until in 2008 a person (or a group of people) with the pseudonym of Satoshi Nakamoto published the mechanism and implementation of a digital currency, bitcoin.
On January 3, 2009, the blockchain that today makes up the bitcoin project begins to work, thus becoming the first established cryptocurrency. Today there are more than 1000 cryptocurrencies.
Blockchain and cryptocurrency
Now, cryptos. Cryptocurrencies use the blockchain model, allowing nodes to provide processing power for the validation of records. Let's think of the blockchain as a ledger or a transactional database. When a user offers processing power for the generation of new blocks he is known as "Miner" and is rewarded with digital currencies, among the most popular are Bitcoin, TRON, Ethereum, etc. In the update, there are several blockchains focused on cryptocurrencies, as well as the registration of other tokens such as tickets, images, audio, and video.
For a miner to generate a new block it is necessary to find an acceptable hash, taking bitcoin as a reference it is necessary to have the following information: version, timestamp, the hashMerckleRoot (proof of the transactions made), the hash of the previous block and a nonce (Number only used once). To maintain integrity, each node is responsible for validating that the hashes have been calculated correctly and that all nodes have an updated version.
The nonce is the random number that ensures that the new hash is unique among the entire blockchain, its complexity of obtaining serves as a barrier that prevents previous records from being altered while protecting the chain from a replay attack.
For a nonce to be found, the miner must first focus on the network target (also known as a hash target). A target consists of 256 bits which all the nodes share, and it is this that determines the maximum limit of the new hash, the smaller the target the greater the difficulty of finding a hash that is approved by all the nodes. Because the nonce is 32-bit and the target is 256 bits, billions of combinations must be "mined" before finding the right value, these combinations are mined by trial and error, thus making it difficult to obtain, and not only that, to perform a change to the previous blocks it is not only necessary to get the nonce of the current block, but to do the same for all the previous blocks.
Although the structure of a blockchain is very secure, it is not exempt from cybercriminals, which in most cases point to the most vulnerable sector, users. Blockchain users are usually victims of phishing attacks reaching an equivalent of 4 million dollars in losses, the methods vary from the creation of fake wallets, in which the victims register the data of their accounts, to the joint use of keyloggers with which they register the victim’s username and password.
Another latent vulnerability is cryptojacking which hijacks an Internet browser to mine cryptocurrencies using the victim's resources.
Although the user is the most vulnerable point of the chain, some cybercriminals have managed to infiltrate malicious code to the tools used for mining, with this they can create hash collisions and signature forgery to facilitate the obtaining of data from other wallets.
In a nut shell
Blockchain offers an attractive alternative to save the records of the actions carried out within them, for now, this extends to digital currencies and the certification of multimedia files, thus helping to control the copyright of the contents created, but this decentralized and traceable model also offers convenient features for the control of identity and public administration documents.
Blockchain is monitored by all the nodes that make it up, the integrity of its data is linked to the hash algorithm that makes up each block identifier, and each block is linked to the previous one, a change to the records will not only alter the desired instance, but it would also alter the entire subsequent chain. If a node fails, it does not pose a risk to the chain, since each node has a copy of the records. The records are public, and we can all see them while keeping our identity private.
It is due to this, that Blockchain technology is favored for many industries as it provides a safeguard for the integrity and availability of the data. With it's rise in popularity, we expect to see Blockchain technology in other applications and adopted by more industries.
By Adiel Lizama
Junior Security Engineer
builtin. (n.d.). Obtained from https://builtin.com/blockchain
Centieiro, H. (May 10, 2021). levelup. Obtained from https://levelup.gitconnected.com/the-heart-of-blockchains-hash-functions-501d0b32762b
Frankenfield, J. (August 25, 2021). Investopedia. Obtained from https://www.investopedia.com/terms/n/nonce.asp#:~:text=Nonce%20in%20Cryptocurrency%3F-,A%20nonce%20is%20an%20abbreviation%20for%20%22number%20only%20used%20once,in%20order%20to%20receive%20cryptocurrency.
Iredale, G. (November 03, 2020). 101blockchains. Obtained from https://101blockchains.com/history-of-blockchain-timeline/
Maldonado, J. (April 22, 2020). cointelegraph. Obtained from https://es.cointelegraph.com/explained/what-is-the-nonce-a-vital-number-in-bitcoin
Martin, P. (n.d.). visualeo. Obtained from https://visualeo.com/blockchian-by-that-and-as-arises/#:~:text=Blockchain%20surge%20en%202008%2C%20dentro,P2P)%20con%20t%C3%A9cnicas%20criptogr%C3%A1ficas%20avanzadas.
Mcafee. (June 2018). Obtained from https://www.mcafee.com/enterprise/es-es/assets/reports/rp-blockchain-security-risks.pdf
Navarro, W. (n.d.). addalia. Obtained from https://blog.addalia.com/historia-del-blockchain
Nieto, A. (September 21, 2021). medium. Obtained from https://medium.com/swissborg/la-historia-y-la-evoluci%C3%B3n-de-la-cadena-de-bloques-blockchain-6c2495dbe391