Systematic approach to analyzing security and vulnerabilities of blockchain systems

Author(s)
Lee, Jae Hyung,S. M.Massachusetts Institute of Technology.
Thumbnail
Download1103445166-MIT.pdf (24.53Mb)
Other Contributors
Massachusetts Institute of Technology. Engineering and Management Program.
System Design and Management Program.
Advisor
Stuart Madnick.
Terms of use
MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582
Metadata
Show full item record
Abstract
Recent hacks into blockchain systems and heists from such systems have raised serious questions about whether this new technology can be secured from ongoing, evolving cyberattacks. While the technology is known to provide an environment that is fundamentally safer than other existing centralized systems offer, security professionals warn that the current blockchain ecosystem is still immature, harboring many known as well as unknown defects [1]. This thesis draws upon a number of research studies and various other inquiries into blockchain systems security. In addition, this paper gathers and summarizes information regarding 78 recent blockchain cyberattacks and heists, analyzing and categorizing them as to their cause: platform breach, dApps exploit, access point attack, or endpoint hacking. Two of these attacks (the Ethereum blockchain system and the Bitfinex cryptocurrency exchange) are analyzed in detail using Causal Analysis using System Theory (CAST) method. A novel top-down security assessment method inspired by System Theoretic Process Analysis for Security (STPA-Sec) is used to evaluate a sample blockchain system, such as might be proposed for voting. An analysis of possible vulnerabilities is conducted, and suggestions for remediation and protection.
Description
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2019
 
Cataloged from PDF version of thesis. Page 150 blank.
 
Includes bibliographical references (pages 119-149).
 
Date issued
2019
URI
https://hdl.handle.net/1721.1/121793
Department
Massachusetts Institute of Technology. Engineering and Management Program
Publisher
Massachusetts Institute of Technology
Keywords
Engineering and Management Program., System Design and Management Program.
Collections