Are Cryptocurrencies Secure or Safe Because of their Distributed Ledger, Open-Source Software and Open-Source Collaboration?
Are Cryptocurrencies Secure or Safe Because of their Distributed Ledger, Open-Source Software and Open-Source Collaboration?
The simple answer is, no. Distributed Ledger also known as Blockchain, Open-Source Software, and Open-Source Collaboration can all help security but fall far short of an adequate solution.
Security Concerns:
1. Transparency of Open Source does not translate to Safety or Security. While Open-Source Software ensures transparency; safety and security are delivered through rigorous risk analysis and code examination following identified risks. This has not been done, nor will it, given competing interests and a lack of centralized responsibility for the system. It needs to be certified by competent cryptography and cyber security experts along with extensive penetration testing. But since no one owns BitCoin1 no one has paid for this work. There are those looking into it, but no one has come forward with an end-to-end certification and risk analysis. Yet, zealots continue to advance this as a solution to all current currency problems. AIDM will address this as part of transparent security analysis and response capability, ensuring that the system is used within rick boundaries for any particular application. International governance will ensure compliance with legal and regulatory requirements and the maintenance of all governance rules and agreements. None of this is happening within the current Cryptocurrency market.
2. Are Bitcoin or other Crypto projects safe due to the cryptography used in their block chains? No, Bitcoin is an application layer protocol. This means it does not cover the security of the whole system which includes machines, networks, exchange operations and much more. Would you trust the safety of your assets sitting in a small cafe in the middle of a shopping mall? This is what Bitcoin is doing and the safe is not even fastened to the floor. What protects you from hackers getting your keys? Can your wallet be stolen? Does your exchange keep your information secure? What happens if the government shuts your system down? Is the method of authentication guaranteed? The complex mechanisms used to ensure authenticity, honest adjudication and protection against playback attacks are all subject to intervention, potentially expose identity, and are cumbersomely slow leading to a variety of potential operational attacks. Further, in most open-source public Blockchains, there is a purposeful level of delay to make sure validation processes require a certain amount of time and “work” to be performed. This creates a huge potential synchronization problem that will only get worse if the use of Cryptocurrencies dependent on Proof of Work expands. On average, the validation process writes a new block every 10 minutes with Bitcoin. This delay means that a Bitcoin transaction is not considered safe until 1-3 blocks have been added to the chain. While this looks small, if any open source Blockchain is to be used for a wide range of economic purposes, such delays would become intolerable. For example, the US processes over 10,000,000 transactions per hour across the ACH systems and the major credit cards process over 5,000,000 transactions per hour.
Bitcoin cannot serve these major pieces of the financial eco-system. For larger interbank transactions, SWIFT and a few other systems are the primary means of moving money and are heavily regulated in all countries. To escape the SWIFT hegemony, there is a private Blockchain system that uses XRP to move large amounts of cash. The private system works for this purpose because access authorization and transaction security are much tighter and the validation process is orders of magnitude simpler. In the end, current open-source public Blockchain simply cannot fulfill this need as they use an extremely cumbersome way of preventing playback attack. It is important to understand the crypto structure of Blockchain does not cause this overhead, the mining/validation system does. With this delay, for a time from 10-30 minutes, the Blockchain is not reliably up to date, the entire system is at risk of replay during this time from any large holder of Bitcoin. If a DDOS or Segmentation attack occurs during this delay, it is possible the vulnerability to replay could last much longer. In short, the numerous systems vulnerabilities that exist in many of our software systems also create vulnerabilities with Bitcoin that are not protected by their Open-Source security and software. AIDM addresses these concerns through a distributed, self-regulating, international adjudication system. The need for mining is eliminated while trust and safety are assured through tight governance agreements and third-party insurance contracts. If an exchange violates the rules, it will be excommunicated from the system, putting massive investments at risk. Governance rules will appropriately cover reserve requirements to ensure liquidity.
3. The Open-Source claim does not cover the day-to-day operation:
a. Wallets are not secure and can be stolen. Wallets or exchanges hold the coins. Wallets can be special-purpose equipment or resident on various hardware like cell phones and PCs. This creates a large number of platform vulnerabilities. The wallets and sometimes credentials have been stolen and destroyed. If hackers get your private keys, they can spend your coins directly. Wallets are often broken into by hackers and some of the hardware devices are susceptible to hacking directly. If stored in databases at exchanges, the private keys must be held by the exchange. This creates a huge vulnerability to hacking. There have been several major hacks of the key storage systems, the two most notable being Gox and Coinbase. Further, although you can store your keys anywhere, they may be lost. Millions of Bitcoins have been lost forever in this way. AIDM addresses this through more comprehensive insurance and recovery routes. Since coin regeneration is guaranteed by exchange network and insurance; damaged, destroyed or lost tokens can be replaced directly.
b. Credentials and Bitcoin can be stolen in many other ways or fraudulently asserted; the most common exploits:
i. Phishing attacks,
ii. Sybil attacks,
iii. Malware,
iv. Man-in-the-Middle attacks,
v. Simple hacking of insecure systems. All of these attacks are addressed directly by regulations, comprehensive cybersecurity and insurance within the AIDM network.
4. Open Blockchain attacks:
a. 51% voting allows direct fraud The system registers concurrence in a multi-node voting process from various nodes. If anyone is able to assert control of 51% of the voting systems, they can control the mining and validity systems, at least for a few minutes. This would allow them to fake transactions in the Blockchain, at least long enough to spend newly commandeered Bitcoin. This is not theoretical, there have been a number of times that over 51% of miners were under the control of one entity. Anytime the US, Russia, China or large hacker networks wanted to, they could assert enough mining nodes to take temporary control of the Bitcoin Networks and attack the coins or generate fraudulent ones. AIDM addresses these risks directly because there is no uncontrolled and wasteful mining process.
b. SHA256 attack is a known weakness of most Cryptocurrency. SHA256 is known to have several pattern attacks that will eventually compromise the integrity of Digital Signatures. Most discussions of the security issue have revolved around the Elliptical Curve based signature but this is not the only surface to attack, the Hashes themselves are vulnerable. The state of supercomputing and quantum computing is very close to breaking the SHA256 hash in real-time, now. When this happens there will be attacks on the Blockchain themselves which will be undetectable with current arbitration logic. AIDM solves this problem through using insurance enforced trust as described above with international governance.
c. Segmentation Routing Attack Any country or region where BGP can be controlled can be walled off from participating in the broader Cryptocurrency eco-system. This creates a significant vulnerability for attack by the 51% vulnerability cited above because segmentation reduces the number of voting nodes required to commandeer the Blockchain or perform an SHA attack. This creates other numerous for mischief in the smaller fishbowl. AIDM solves this problem through using insurance enforced trust as described above with international governance.
5. Many other insecurities exist, many obscure and highly technical. AIDM will address all of these due to its unique trust framework.
a. Protocol insecurities It is not our purpose to teach people how to hack Cryptocurrencies but the above-mentioned vulnerabilities are well known. What is less well known is that there are over 200 vulnerabilities in the basic way internal Bitcoin protocols works that have been identified by the Cloud Security Alliance. This is an artifact of the way the system is built, despite the vaunted and false claims of being protected by the Open-Source System. Blockchain Attacks, Vulnerabilities and Weaknesses | CSA (cloudsecurityalliance.org)
b. Direct Operational attacks:
These all-present direct vulnerabilities in real-time continuity of the Bitcoin networks.
i. DDOS attacks (Distributed Denial of Service)
ii. Network interruption
iii. Bot networks and many others.
6. Legal attacks are a clear security threat as well:
a. There are significant Intellectual Property issues surrounding Cryptocurrency from existing patents licensed and owned by the Company and others covering Peer to Peer Transaction fabric, the use of Secure Transaction tokens (which all cryptocurrencies are), Various Cryptocurrency use models, and Hash Cash derived protection models. There is a mistaken notion that this IP was invented by a pseudonymous Satoshi, in fact, it was borrowed and stolen.
b. Geopolitical risk is significant. Countries are already moving to clarify regulations, legal frameworks, and taxation laws. Anyone that believes that cryptocurrencies will sit outside the reach of their countries is dangerously naïve. Through International trust governance, insurance, and geostrategic diversification we will avoid these risks in the AIDM fabric.
Cryptocurrency and Bitcoin have been interesting experiments in Cyber-Security but the design only addresses part of the potential problems with security and creates unworkable delays in processing. There are many more issues of even deeper concern with Intellectual Property ownerships, anonymity, KYC, market making, trust, money laundering, illicit use, underlying value, overwhelming scarcity, volatility, wildly fluctuating, guarantee, warranty, and declining money supply and others to be discussed in different papers. AIDM is Crypto evolved, directly eliminating current risks and roadblocks to using Cryptocurrency.
1. It is important to note that many of my references are directly to Bitcoin. The reason is simple, Bitcoin represents 60% of the Cryptocurrency market and some variation of this model is used by most other open source Blockchains.
コメント