Systematic approach to analyzing security and vulnerabilities of blockchain systems
Author(s)
Lee, Jae Hyung,S. M.Massachusetts Institute of Technology.
Download1103445166-MIT.pdf (24.53Mb)
Other Contributors
Massachusetts Institute of Technology. Engineering and Management Program.
System Design and Management Program.
Advisor
Stuart Madnick.
Terms of use
Metadata
Show full item recordAbstract
Recent hacks into blockchain systems and heists from such systems have raised serious questions about whether this new technology can be secured from ongoing, evolving cyberattacks. While the technology is known to provide an environment that is fundamentally safer than other existing centralized systems offer, security professionals warn that the current blockchain ecosystem is still immature, harboring many known as well as unknown defects [1]. This thesis draws upon a number of research studies and various other inquiries into blockchain systems security. In addition, this paper gathers and summarizes information regarding 78 recent blockchain cyberattacks and heists, analyzing and categorizing them as to their cause: platform breach, dApps exploit, access point attack, or endpoint hacking. Two of these attacks (the Ethereum blockchain system and the Bitfinex cryptocurrency exchange) are analyzed in detail using Causal Analysis using System Theory (CAST) method. A novel top-down security assessment method inspired by System Theoretic Process Analysis for Security (STPA-Sec) is used to evaluate a sample blockchain system, such as might be proposed for voting. An analysis of possible vulnerabilities is conducted, and suggestions for remediation and protection.
Description
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2019 Cataloged from PDF version of thesis. Page 150 blank. Includes bibliographical references (pages 119-149).
Date issued
2019Department
Massachusetts Institute of Technology. Engineering and Management ProgramPublisher
Massachusetts Institute of Technology
Keywords
Engineering and Management Program., System Design and Management Program.