After keeping tabs for several years, CableLabs has identified the top blockchain security threats in a recent blog post.
The blog posted earlier this month by CableLabs' Brian Scriber, principal architect for security, is yet another signal flare that the cable industry, like the telecommunications industry in general, is starting to gear up on rolling out blockchain solutions. In May, CableLabs' Steve Goeringer, principal security architect, said that the cable industry would start to integrate blockchain solutions, "but it will be quiet and subtle."
By creating virtual ledgers, enterprises will be able to track and manage information across various parties in a value chain. Blockchain, which was developed for bitcoin, is a digitized, distributed ledger that tracks transactions as statements of facts that can be used in a digital economy by businesses, regulators, operators and consumers.
Blockchain creates a shared ecosystem across parties to exchange information in a way that grants permission, but the Security Technologies arm of CableLabs’ Research and Development organization has identified several "hazard groupings" for blockchain that need to be monitored:
• Smart Contract Injection—"The Smart Contract engine is an interpreter for a (sometimes novel) programming language and a parser of data related to the decisions the engine needs to make," according to Scriber. "The hazard in this situation is when executable code appears inside smart contracts in an effort to subvert the contract language or data. Implementers need to consider sanitizing inputs to smart contracts, proper parsing and error handling."
• Replay Attacks—"Not only is there a threat in transaction processing and validation, but also in node behavior, authentication, and the securing of confidential messaging. Adding nonces to check against prior transactions is critical," Scriber said.
• History Revision Attacks—“Blockchains that rely on fault-tolerant consensus models do well when there are many participating nodes processing, competing and collaborating on the next block,” according to Scriber. “When the number of nodes drops, or if there is predictably cyclic behavior, lulls can be leveraged in a history revision attack where a new branch is created, effectively deleting a previously accepted transaction. Designers should consider how to best guarantee minimum support and the diversity of nodes.”
• Permanence Poisoning—"Due to the permanence of blockchains and the cost to fork, it’s possible to sabotage a chain with even claims of illegal content to draw the ire of regulators and law enforcement,” Scriber said.
• Confidential Information Leaks—“Permanence increases the risk of data being exfiltrated out of the chain. Even encrypted data is at risk for future threats against those algorithms or brute-force attacks. Designers need to make sure that they understand the data being stored, how it is protected, who owns it and how it could be re-associated with any pseudonymized users," Scriber wrote.
• Node Spoofing—"Nodes are the entities that create and agree on the next new blocks in a chain," Scriber said. "Nodes should be authenticated like any other user or system, and authentication must be verified, with multiple votes prohibited. Designers who fail to look for voting irregularities open their implementation to risk."
Scriber listed other areas of concern for blockchain security and issued a warning: "Blockchains can help bridge trust gaps in an ecosystem, but security is foundational to that trust," he said.
CableLabs is responsible for driving innovation for the technologies used by its membership, which have included the various implementations of DOCSIS over the years as well as the more recent development of distributed access architecture technologies.
At CES earlier this month, CableLabs, along with the NCTA and SCTE, announced the cable industry's 10 gigabit broadband, which is called 10G, initiative.
Blockchain ramps up across telecommunications industry
As proof of blockchain in action across the cable industry, Comcast, NBCUniversal, Viacom and Spectrum Reach, the advertising sales division of Charter, announced their plans to deploy a blockchain-based ad platform in this year, according to a story by FierceVideo.
At the MEF18 conference late last year, several service providers and vendors demonstrated their proof-of-concept blockchain trials, while the European Telecommunications Standards Institute (ETSI) announced in December that it had launched a new industry specification group for blockchain.
In September, AT&T announced a suite of blockchain-based services designed to help its enterprise customers cut costs and speed automation processes.