Blockchain Security: Reality Check

Blockchain Security: Reality Check

A blockchain is a decentralized, distributed record or “ledger” of transactions in which the transactions are stored in a permanent and near inalterable way using cryptographic techniques. Let’s do a reality check on Blockchain security

Unlike traditional databases, which are administered by a central entity, blockchains rely on a peer-to-peer network that no single party can control.

Authentication of transactions is achieved through cryptographic means and a mathematical “consensus protocol” which determines the rules by which the ledger is updated and allows participants with no particular trust in each other to collaborate, without having to rely on a single trusted third party. We can say that Blockchain is a “trust machine”.

Although blockchains are highly resilient compared to traditional databases due to their decentralized and distributed nature and the use of cryptographic techniques, they are not completely immune from traditional security challenges and advances in technologies, in particular, the rise of quantum computing could, in the long term, represent a threat to blockchain Security.

Security Challenges:

  1. From Centralized to Decentralized:
    Blockchain shifts data storage and protection from a centralized to a decentralized model. In traditional centralized models, security methods can be consolidated with the technology products they serve. Blockchain requires innovative security measures to protect the dynamic and highly distributed financial products the technology aims to support.
    As with any crypto-based infrastructure, protecting keys is paramount to ensuring a blockchain system’s security. A successful blockchain system needs highly reliable methods of interfacing with the strong key protection practices afforded by Hardware Security Modules (HSMs) and these HSMs must deliver the scaling and flexibility a decentralized blockchain model needs.
  2. The Asset is the Key:
    Blockchain and distributed ledger technology applications combine the message and the asset in a single token. When an asset is embedded into a blockchain or distributed ledger, possessing the associated cryptographic keys is the only way to retrieve or move the asset. In other words, the key becomes an asset.
  3. Instant Exploitation:
    When the key and the assets are one and the same, anyone who obtains the key can monetize and exploit the asset instantly. As we’ve seen in security breaches in public blockchain settings, such as Bitfinex, Mt. Gox and others, the malicious transfer of ‘value’ can be instantaneous, irreversible and significant.
    Participants in these systems lost millions of dollars as a result of compromised security systems. However, these attacks exploited vulnerabilities at the application layer—the wallets holding the keys to the assets—rather than the underlying blockchain protocol. So far, blockchain technology itself has proved tamper-resistant.
  4. Protecting the Key is critical:
    The ability to edit a distributed database broadens the technology’s applicability.
    While the redaction capability broadens blockchain’s applicability, it also makes the protection of the keys that must come together to “unlock” and relock the chain mission-critical.
Blockchain Security levels | Parangat

Blockchain researchers are working to patch up security vulnerabilities. We have also witnessed the hard-fork in extreme cases, where they can result in a new version of that blockchain. Considering all things, blockchain is a much better solution to many of the enterprises.  But still, it is important to keep developing and improving the blockchain ecosystem to make it as secure as possible.


Blockchain Concept Simplified

Blockchain Concept Simplified

Blockchain is everywhere, literally. But not many people have a clear understanding of this simple, transformational technology. I say “simple” because if you understand its architecture and functionality, you will be marveled by how brilliant it is and in how many ways it can be exploited. Of course, there are complexities involved but they are at a micro-level. So, if you are looking for a jargon-free, not-so-technical explanation of the blockchain concept, this post is for you.

Another thing before you dive deep, blockchain finds many other applications apart from Bitcoin. In fact, Bitcoin is just one of the 700 applications that work on the blockchain principle. But since cryptocurrencies seem to be the flavor of the season, I will mainly talk about blockchain technology in the context of digital payments.

Why Blockchain Technology?

Historically, monetary transactions have relied heavily on intermediaries or middlemen for authenticating the transactions and maintaining records. They acted as a regulatory body to prevent frauds.

Digital assets are more vulnerable since they are easy to compromise and duplicate. They are generally files that can be duplicated if their source code is accessed. Therefore, permission had to be sought from banks in case of money) or intermediaries (for stocks, etc.) for completing a digital transaction. This process could take time but was important to prevent the problem of double-spending (spending the same asset more than once).

So, in 2008, someone called Satoshi Nakamoto released a whitepaper in which he detailed a revolutionary technology by which digital transactions could be verified, authenticated, recorded and completed, without any intermediary! In fact, all the checking and record-keeping was to be done by people themselves. But not everybody is equipped with special verification powers. This can be achieved by specialized people who can solve complex puzzles (miners) by a process called mining. The good news is that miners are normal people like you and me (peer to peer), not banks or middlemen. They use the processing power of super-powerful computers and software to solve big puzzles (like Sudoku, only tougher). Each puzzle has a definite answer and follows a complex algorithm. The puzzle gets harder as the network gets bigger. All miners in a network have to follow the network’s protocol strictly and they are rewarded for their services by Bitcoins. Once a transaction is verified and attached to the network, it is irreversible. Reversing, modifying or deleting a transaction would require manipulation of all previous transactions (remember, it’s a chain). This is practically impossible and thus blockchains are thought secure.

Blockchains have eliminated the need for a bank by fulfilling three of its roles- storing value, verifying identities and keeping transactions records. Hence, blockchains intrigue people more than other digital payment methods like PayTM that require tie up and verification from banks.

A network of value

Blockchain can be interpreted linguistically as a chain of blocks. A block being a bundle of transactions and the chain made up of many interconnected blocks. Miners compete with each other to verify all new transactions by solving complex puzzles. The miner who gets to the result first, attaches his solution (proof of work) and is awarded with a fraction of Bitcoins that are generated now. The other miners double-check his solution and if a majority is in agreement, the transaction completes (Consensus).

Verified transactions are bundled up with their proof of work and made into a block. The new block is time stamped and attached to the existing blockchain, in a chronological order. Now, everybody in the network knows that payment has taken place and it becomes impossible to spend the same currency twice.

Blockchain Concept Simplified process | Parangat

Since every block contains an encrypted link to a previous block, all transactions can be back-verified till we reach the origin of the first transaction. So, data that once enters a blockchain becomes immortal, a property it shares with internet!

Some people describe blockchain as the internet of value, and it seems fitting. In the internet, anyone can upload information and others can view it. A blockchain allows anyone to send Bitcoins (encrypted currency) anywhere but only the person who knows its unique address (private key) can access them. So, to transfer your Bitcoins you have to share your coins’ unique address with the recipient.

A distributed ledger

Blockchains not only have an auto-verification system, record-keeping is also automated. A copy of the entire blockchain is available to everybody on the system. Since blocks contain encrypted records representing receipt or payments of money (Bitcoins, in this case), blockchain is a type of virtual ledger. There is no central server that holds the record database or that gives permission to access the database. It is distributed and decentralized. As explained before, there is no need for an intermediary.

Blockchains can be private

Another revelation- blockchains can be private. I know, this essentially kills our favorite feature of blockchains- decentralization. But hold on; there’s more to this. Bitcoin blockchains are public, meaning anybody who has a computer and an internet connection and follows the rules of the blockchain, can join. Then he is given a copy of the entire database. A new transaction cannot be added to the ledger till all its associated previous transactions are verified. Once everything is found in order, the new entry is written and the entire database is synced and replicated to reflect new addition. As you can note, their process has built-in redundancy. This also makes the blockchain concept a bit sluggish.

Enter… private blockchains. They have rules governing who can access the network. They are mostly initiated by enterprises for their private use; something like an intranet. Private blockchains can be accessed by anyone who has been granted permission (invitation) by the starter of the network or who matches the protocol set by the starter. Since the number of participants in private blockchains is less, processing speeds are much faster and processing costs are lower than of public blockchains.

Blockchain Concept Simplified concept | Parangat

Aside from the access rights, public and private blockchains share similar features:

  • Both are decentralized. A copy of the entire blockchain is available with each and every participant.
  • Both have an access protocol (consensus).
  • Both are immutable and irreversible.

Public or private, the blockchain concept is intriguing. They have made digitization of assets possible and transfer of assets faster. Their encrypted, peer to peer mechanism has phased out the need for regulatory bodies and administrators. And while the blockchain concept purists might protest that private blockchains aren’t exactly permission-free, we say- better a devil known than a devil unknown!

Blockchains are made to go beyond Bitcoins

Although blockchain’s application in digital currencies and asset transfers is most widely documented and exploited, blockchains go way beyond finance. Blocks can store any kind of encrypted information. Bitcoins are also lines of code that hold a unique address.

Blockchain Potential Applications & disruption | Parangat


Apart from handling currency, the blockchain concept can be made to execute some actions (in the real and physical world) if they work in tandem with other technologies. Actions can be to fetch external data such as medical records, census information, intellectual property, weather reports, inventory details, etc. But here comes a problem. Not all participants in a blockchain trust each other. So, how can they filter who can access their data? This can be done using smart contracts. A smart contract contains sets of conditions that must be met by a user, for him or her to gain trust and enter a blockchain. Once a user meets all criteria, blockchain programs trigger and perform some action.

Consider an example. You must have heard of smart devices. They are regular appliances fitted with sensors and connected to the Cloud. These devices are programmed to operate in a predefined manner if certain conditions are met. For example, a smart glucometer keeps monitoring the user’s glucose level and triggers an alarm when levels rise beyond a certain defined limit. They might also send a message to the user’s physician if a low or high sugar situation arises. Now, add blockchain to this equation.

Suppose the physician stores all patient records in a blockchain and shares its private key with his patients. He will be controlling access to confidential records. Apart from securing his patients’ data in encrypted form, the blockchain will be governed by smart contracts that will control who can access the data. Suppose an invalid transaction is tried, the entire blockchain is alerted and doctor, as well as patient, gets a notification. A smart contract can set a protocol that if an input is valid, access should be granted. Programmed devices will be triggered to perform any action- increase insulin dose, contact emergency room, etc. incredible, isn’t it? No need for manual intervention, no hassle, no delay!
The Blockchain concept is more than a bubble. It’s an ocean of possibilities and opportunities. Take a dip and find out for yourself!




How to Develop Blockchain Applications Using Hyperledger Fabric?

How to Develop Blockchain Applications Using Hyperledger Fabric?

Hyperledger Fabric is an opensource collaborative effort created to advance cross-industry blockchain technologies. It is a global collaboration including leaders in banking, finance, Internet of Things, manufacturing, supply chains, and technology.

The Linux Foundation hosts Hyperledger under the foundation.

Hyperledger does not promote a single blockchain codebase or a single blockchain project. Rather, it enables a worldwide developer community to work together and share ideas, infrastructure and code.

Hyperledger Fabric is one of the project framework under Hyperledger, it can be deployed as fully disjoint networks with separate endorser sets and ordering nodes to provide privacy and confidentiality.

Image result for Hyperledger Fabric
(Hyperledger Fabric)

(Image Source: https://www.hyperledger.org/blog/2018/10/26/hyperledger-fabric-now-supports-ethereum)

It is a platform for building distributed ledger solutions with a modular architecture that delivers a high degree of confidentiality, flexibility, resiliency and scalability. This enables solutions developed with Fabric to be adapted for any industry.

The Hyperledger Fabric can be classified into 3 steps:

Step 1: Execution Phase

In the execution phase, clients sign and send the transaction proposal (or simply, proposal) to one or more endorsers for execution.

Recall that every chaincode implicitly specifies a set of endorsers via the endorsement policy. A proposal contains the identity of the submitting client, the transaction payload in the form of an operation to execute, parameters, and the identifier of the chaincode, a nonce to be used only once by each client (such as a counter or a random value) and a transaction identifier derived from the client identifier and the nonce.

Hyperledger Fabric Process
Transaction flow

The endorsers simulate the proposal, by executing the operation on the specified chaincode, which has been installed on the blockchain. The chaincode runs in a Docker container, isolated from the main endorser process.

Executing a transaction before the ordering phase is critical to tolerating non-deterministic chaincodes. A chaincode in Fabric with non-deterministic transactions can only endanger the liveness of its own operations, because a client might not gather a sufficient number of endorsements, for instance. This is a fundamental advantage over order-execute architecture, where non-deterministic operations lead to inconsistencies in the state of the peers.

Finally, tolerating non-deterministic execution also addresses DoS attacks from untrusted chaincode as an endorser can simply abort an execution according to a local policy if it suspects a DoS attack. This will not endanger the consistency of the system, and again, such unilateral abortion of execution is not possible in order execute architectures.

Step 2: Ordering Phase

When a client has collected enough endorsements on a proposal, it assembles a transaction and submits this to the ordering service. The transaction contains the transaction payload (i.e., the chaincode operation including parameters), transaction metadata, and a set of endorsements. The ordering phase establishes a total order on all submitted transactions per channel.

In other words, ordering atomically broadcasts endorsements and thereby establishes consensus on transactions, despite faulty orderers. Moreover, the ordering service batches multiple transactions into blocks and outputs a hash-chained sequence of blocks containing transactions. Grouping or batching transactions into blocks improves the throughput of the broadcast protocol, which is a well-known technique used in fault-tolerant broadcasts.

The ordering service ensures that the delivered blocks on one channel are totally ordered.

However, every individual ordering implementation is allowed to come with its own liveness and fairness guarantees with respect to client requests.

Step 3: Validation Phase

Blocks are delivered to peers either directly by the ordering service or through gossip. A new block then enters the validation phase which consists of three sequential steps:

  • The endorsement policy evaluation occurs in parallel for all transactions within the block. The evaluation is the task of the so-called validation system chaincode (VSCC), a static library that is part of the blockchain’s configuration and is responsible for validating the endorsement with respect to the endorsement policy configured for the chaincode.
  • A read-write conflict check is done for all transactions in the block sequentially. For each transaction it compares the versions of the keys in the read set field to those in the current state of the ledger, as stored locally by the peer, and ensures they are still the same. If the versions do not match, the transaction is marked as invalid and its effects are disregarded.
  • The ledger update phase runs last, in which the block is appended to the locally stored ledger and the blockchain state is updated. In particular, when adding the block to the ledger, the results of the validity checks in the first two steps are persisted as well, in the form of a bit mask denoting the transactions that are valid within the block. This facilitates the reconstruction of the state at a later time.

Fabric allows components, such as consensus and membership services, to be plug-and-play. It leverages container technology to host smart contracts called “chaincode” that contain the business rules of the system. And it’s designed to support various pluggable components and to accommodate the complexity that exists across the entire economy.

Starting from the premise that there are no “one-size-fits-all’’ solutions, Fabric is an extensible blockchain platform for running distributed applications. It supports various consensus protocols so it can be tailored to different Blockchain use cases and trust models.

Request for a free quote to reach out to us on [email protected] and our experts will get back to you with the best solution for your business. 

Why Blockchain Development in Singapore is Emerging?

Why Blockchain Development in Singapore is Emerging?

The small island nation of Singapore consistently ranked as the world’s best place to do business, witnessed a massive growth in the number of businesses using Blockchain technology and cryptocurrencies. A free-market economy, investor-friendly laws combined with high levels of education and internet penetration, are some reasons for Singapore’s conducive reputation.

Singapore have become the up-and-coming destination for companies that want to raise funds using blockchain technology.

The number of companies launching initial coin offerings (ICO) in Singapore has rocketed in recent months, according to fintech businesses, lawyers and industry groups.

Key initiatives around blockchain development in Singapore:

  1. Global eTrade Services (GeTS), a subsidiary of CrimsonLogic (a leading provider of eGovernment products and services based in Singapore), has launched Open Trade Blockchain (OTB), an inclusive and extensible blockchain service built for the trade communities to boost overall efficiency, security, and transparency for global trade. The geolocation of existing and upcoming nodes provides an extensive blockchain network across Asia. With OTB linking China to the rest of the region provides a strategic edge to businesses wanting to participate in China’s BRI initiatives as it offers greater connectivity with the country’s “Digital Silk Road”.
  2. Singapore Airlines has officially launched its blockchain-based loyalty program for frequent customers. KrisPay, a digital wallet developed in partnership with KPMG and Microsoft, allows Singapore Airlines customers to turn travel miles into units of payment, which can be used with partner merchants in Singapore. The innovative platform allows members to choose from using as little as 15 KrisPay miles (equivalent to about $0.10) to pay for their purchases at partner merchants, either partially or in full.
  3. Singapore’s leading higher education institution Ngee Ann Polytechnic announced in May, 2017 that it has teamed up with United Overseas Bank’s FinLab blockchain startup Attores. Ngee Ann students will be awarded digital certificates called Diploma Plus Certificates, which will be deployed directly on the students’ LinkedIn profiles. Ngee Ann Polytechnic’s blockchain initiative is in line with Singapore’s massive efforts to become a Smart Nation.
  4. Project Ubin, a Monetary Authority of Singapore-led initiative where DLT (Digital Ledger Technology) can be used for the clearing and settlement of payments and securities, specifically the use of a tokenized form of the Singapore dollar on a distributed ledger.
  5. Averspace, a Singapore P2P real estate startup launched a new feature of blockchain-enabled house rentals. Homeowners and prospective tenants can enter into a digital tenancy agreement right on their smartphones, without needing both parties to meet face to face – all communication can be facilitated through the in-app online chat feature.
  6. The Intellectual Property Intermediary (IPI), an organisation established under Singapore’s Ministry of Trade and Industry, has been working on a ‘Blockchain Technology for Food’ project. This technology tracks and traces materials and products using the blockchain database to store information gathered from all the actors that take part in the food production chain. The solution ensures leading-edge data structure management and data storage standards, ensuring food quality, guaranteeing food safety and reducing food waste.
  7. SGInnovate, Singapore’s government-owned deep technology development firm, has invested in MediLOT Technologies, a Singapore-based blockchain and healthcare analytics startup, for an undisclosed amount as part of its strategy to develop research-based deep tech startups. Blockchain could help to reduce those admin tasks considerably and help doctors spend more time with those who really need them – their patients.
  8. Electrify, an energy-based startup changed the way in which people buy electricity in Singapore. Through a web and mobile platform, consumers can buy energy from electricity retailers through “smart contracts” which directly write the terms between the buyer and the seller into lines of code, enforcing the agreement through a blockchain network.

The Asia Pacific region is currently the fastest growing market for blockchain in the world, according to a report by Genesis Market Insights. Another report by the consulting firm PwC highlights that 82 percent of executives in Singapore have reported that blockchain initiatives are underway in their organizations. Out of which, 13 percent have brought the initiatives live to the market.

The world’s best blockchain researcher along with the government that supports innovation is giving Singapore an edge over other countries in leading the blockchain revolution.

If you are looking to learn more about Blockchain Development in Singapore, drop us an email on [email protected] or schedule a free consultation with our team of blockchain experts who can guide you through the blockchain implementation in a specific use case.

Shaping the future of Healthcare Sector through Blockchain

Shaping the future of Healthcare Sector through Blockchain

Sharing, analyzing and verifying data is key to more efficient healthcare and blockchain technology may be the vehicle to get us there. A blockchain powered health information exchange could unlock the true value of interoperability. Blockchain-based systems have the potential to reduce or eliminate the friction and costs of current intermediaries.

So to comprehend the topic well, let us start with “What is Blockchain?”– Blockchain became one of the hot topics of the year 2018 and it came into the picture because of the overall buzz about cryptocurrency and Bitcoin but it should be noted that it was invented in 2008 which is more than ten years ago at this point of time. Blockchain is not that complexed as it seems to be, so to breakdown it in simple terms it can be referred as a digital ledger which keeps records of all transactions taking place on a peer to peer network. All information transferred via blockchain is encrypted and recorded, meaning once the block is created and added to the chain, it cannot be altered.

Blockchain-Process-Parangat-Technologies-blog

Breaking down Barriers- What Blockchain can do for Healthcare

Blockchain in Healthcare reduces cost by eliminating manual processes like reconciliation between multiple isolated ledgers and administrative processes, provides increased speed of transactions and settlements through immediate distribution and increased security through use of cryptography. It also reduces fraud by time-stamping entries and sharing a common, immutable ledger across the network and reduces risk of single points of failure and attack through distributed network nodes.

The current state of health care records is disjointed and stovepiped (transmitting information higher in a hierarchy while bypassing intervening levels that remain uninformed about this information) due to a lack of common architectures and standards. Health care providers track and update a patient’s common clinical dataset each time a medical service is provided. This information includes standard data, such as the patient’s gender and date of birth, as well as unique information pursuant to the specific service provided, such as the procedure performed, care plan, and other notes. Traditionally, this information is tracked in a database within a singular organization or within a defined network of health care stakeholders. This flow of information originating from the patient through the health care organization each time a service is performed does not need to stop at the individual organizational level. Instead, health care organizations could take one more step and direct a standardized set of information present in each patient interaction to a nationwide blockchain transaction layer.


Healthcare-sector-blockchain-process-parangat-blog

Even with the use of digital files, data loss continues to be one of the biggest problems in healthcare which resulted in $1.7 billion in damages and equivalent to 2,000 lives lost in the US. Adopting new technology can be intimidating, especially for an industry as heavily regulated as healthcare. Blockchain technology has already been adopted by several organizations, but before embracing this trend, one needs full-time IT experts to assess the systems and manage security. The stakes of security breaches are high – not just in monetary costs and losses to industry providers but to patients whose personal information is at risk. Blockchain technology holds a great deal of promise for the healthcare industry, and it is time for all providers and researchers to explore the potential.

If you are looking to understand blockchain’s implications in the healthcare sector or in your business, drop us an email on [email protected] or schedule a free consultation with our team of blockchain experts who can guide you through the blockchain implementation in a specific use case.