Blockchain Security from the Bottom Up

The gold standard in up-to-date blockchain cybersecurity handbooks

In Blockchain Security from the Bottom Up: Securing and Preventing Attacks on Cryptocurrencies, Decentralized Applications, NFTs, and Smart Contracts, accomplished blockchain and cybersecurity consultant and educator Howard E. Poston delivers an authoritative exploration of blockchain and crypto cybersecurity. In the book, the author shows you exactly how cybersecurity should be baked into the blockchain at every layer of the technology’s ecosystem. You’ll discover how each layer can be attacked and learn how to prevent and respond to those attacks in an environment of constant technological change and evolution.

You’ll also find:

• Illuminating case studies of real-world attacks and defenses at various layers in the blockchain ecosystem
• Thorough introductions to blockchain technology, including its implementations in areas like crypto, NFTs, and smart contracts
• Comprehensive explorations of critical blockchain topics, including protocols, consensus, and proof of work

A can’t-miss resource for blockchain and cybersecurity professionals seeking to stay on the cutting-edge of a rapidly evolving area, Blockchain Security from the Bottom Up will also earn a place on the bookshelves of software developers working with cryptocurrencies and other blockchain implementations.

Chapter 1 Introduction to Blockchain Security 1

The Goals of Blockchain Technology 2

Anonymity 2

Decentralization 2

Fault Tolerance 2

Immutability 3

Transparency 3

Trustless 3

Structure of the Blockchain 3

The Blockchain Network 5

The Blockchain Node 5

A Blockchain Block 6

A Blockchain Transaction 7

Inside the Blockchain Ecosystem 8

Fundamentals 8

Primitives 9

Data Structures 9

Protocols 9

Consensus 9

Block Creation 10

Infrastructure 10

Nodes 10

Network 11

Advanced 11

Smart Contracts 11

Extensions 11

Threat Modeling for the Blockchain 12

Threat Modeling with STRIDE 12

Spoofing 12

Tampering 12

Repudiation 13

Information Disclosure 13

Denial of Service 13

Elevation of Privilege 13

Applying STRIDE to Blockchain 14

Conclusion 14

Chapter 2 Fundamentals 15

Cryptographic Primitives 15

Public Key Cryptography 16

Introducing “Hard” Mathematical Problems 16

Building Cryptography with “Hard” Problems 18

How the Blockchain Uses Public Key Cryptography 19

Security Assumptions of Public Key Cryptography 20

Attacking Public Key Cryptography 20

Hash Functions 25

Security Assumptions of Hash Functions 25

Additional Security Requirements 27

How the Blockchain Uses Hash Functions 28

Attacking Hash Functions 31

Threat Modeling for Cryptographic Algorithms 32

Data Structures 33

Transactions 33

What’s In a Transaction? 33

Inside the Life Cycle of a Transaction 34

Attacking Transactions 34

Blocks 37

Inside a Block 37

Attacking Blockchain Blocks 38

Threat Modeling for Data Structures 39

Conclusion 39

Chapter 3 Protocols 43

Consensus 43

Key Concepts in Blockchain Consensus 44

Byzantine Generals Problem 44

Security via Scarcity 45

The Longest Chain Rule 46

Proof of Work 46

Introduction to Proof of Work 47

Security of Proof of Work 48

Proof of Stake 53

Introduction to Proof of Stake 53

Variants of Proof of Stake 54

Security of Proof of Stake 54

Threat Modeling for Consensus 59

Block Creation 59

Stages of Block Creation 60

Transaction Transmission 60

Block Creator Selection (Consensus) 60

Block Building 61

Block Transmission 61

Block Validation 61

Attacking Block Creation 62

Denial of Service 62

Frontrunning 63

SPV Mining 65

Threat Modeling for Block Creation 65

Conclusion 65

Chapter 4 Infrastructure 67

Nodes 67

Inside a Blockchain Node 68

Attacking Blockchain Nodes 68

Blockchain- Specific Malware 69

Denial-of-Service Attacks 70

Failure to Update 71

Malicious Inputs 72

Software Misconfigurations 73

Threat Modeling for Blockchain Nodes 74

Networks 74

Attacking the Blockchain Network 75

Denial-of-service Attacks 75

Eclipse/Routing Attacks 76

Sybil Attacks 78

Threat Modeling for Blockchain Networks 80

Conclusion 80

Chapter 5 Advanced 83

Smart Contracts 83

Smart Contract Vulnerabilities 84

General Programming Vulnerabilities 85

Blockchain- Specific Vulnerabilities 94

Platform-Specific Vulnerabilities 103

Application- Specific Vulnerabilities 119

Threat Modeling for Smart Contracts 128

Blockchain Extensions 128

State Channels 129

State Channel Security Considerations 129

Sidechains 130

Sidechain Security Considerations 131

Threat Modeling for Blockchain Extensions 132

Conclusion 133

Chapter 6 Considerations for Secure Blockchain Design 137

Blockchain Type 137

Public vs. Private 138

Benefits of Public vs. Private Blockchains 138

Open vs. Permissioned 139

Benefits of Open vs. Permissioned Blockchains 139

Choosing a Blockchain Architecture 140

Privacy and Security Enhancements 140

Zero-Knowledge Proofs 140

Stealth Addresses 141

Ring Signatures 141

Legal and Regulatory Compliance 142

Designing Secure Blockchains for the Future 143

Index 145

HOWARD E. POSTON III is an independent blockchain consultant, educator, and content creator who has developed and taught over a dozen courses covering cybersecurity topics. He holds a master’s degree in Cybersecurity from the Air Force Institute of Technology and is a Certified Ethical Hacker. He has developed and facilitated blockchain security courses for major companies.

Blockchain tech has seen an explosive increase in popularity and utility over the last few years, with cryptocurrencies alone accounting for market capitalization in the trillions of dollars. Many crypto and blockchain users simply assume that the underlying technology is secure and that the supposedly invulnerable ledger is actually immutable. Importantly, however, this is not always the case.

In Blockchain Security from the Bottom Up: Securing and Preventing Attacks on Cryptocurrencies, Decentralized Applications, NFTs, and Smart Contracts, renowned blockchain and crypto expert Howard E. Poston III delivers a comprehensive intro to blockchain security at every layer of the blockchain ecosystem. The author offers in-depth discussions of how blockchain security should be implemented and how it can be attacked. Both theoretical and practical attack vectors are explained, along with accompanying countermeasures and case studies of real-world attacks and defenses.

This book expertly explores the constantly changing and evolving technology that forms the foundation of blockchain applications and offers readers a clear understanding of current industry best practices in blockchain cybersecurity.

Perfect for cybersecurity professionals whose work intersects with cryptocurrencies and other blockchain technologies, Blockchain Security from the Bottom Up belongs in the libraries of software developers at companies of all sizes engaged in the implementation of blockchain tech. Readers will also find:

• A thorough introduction to blockchain technology
• Comprehensive explorations of blockchain protocols
• In-depth discussions of the concept of blockchain consensus
• An exploration of smart contract vulnerabilities
• Illuminating case studies of real-world blockchain attacks and defenses