Citation and metadata
Recommended citation
Adrian Hofmann, Fabian Gwinner, Axel Winkelmann, Christian Janiesch, Security Implications of Consortium Blockchains: The Case of Ethereum Networks, 12 (2021) JIPITEC 347 para 1.
Download Citation
Endnote
%0 Journal Article %T Security Implications of Consortium Blockchains: The Case of Ethereum Networks %A Hofmann, Adrian %A Gwinner, Fabian %A Winkelmann, Axel %A Janiesch, Christian %J JIPITEC %D 2021 %V 12 %N 4 %@ 2190-3387 %F hofmann2021 %X By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors’ behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants’ roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain. %L 340 %K Case Study %K Consortium Blockchain %K Ethereum %K Privacy %K Security %U http://nbn-resolving.de/urn:nbn:de:0009-29-54531 %P 347-359Download
Bibtex
@Article{hofmann2021, author = "Hofmann, Adrian and Gwinner, Fabian and Winkelmann, Axel and Janiesch, Christian", title = "Security Implications of Consortium Blockchains: The Case of Ethereum Networks", journal = "JIPITEC", year = "2021", volume = "12", number = "4", pages = "347--359", keywords = "Case Study; Consortium Blockchain; Ethereum; Privacy; Security", abstract = "By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors' behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants' roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain.", issn = "2190-3387", url = "http://nbn-resolving.de/urn:nbn:de:0009-29-54531" }Download
RIS
TY - JOUR AU - Hofmann, Adrian AU - Gwinner, Fabian AU - Winkelmann, Axel AU - Janiesch, Christian PY - 2021 DA - 2021// TI - Security Implications of Consortium Blockchains: The Case of Ethereum Networks JO - JIPITEC SP - 347 EP - 359 VL - 12 IS - 4 KW - Case Study KW - Consortium Blockchain KW - Ethereum KW - Privacy KW - Security AB - By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors’ behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants’ roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain. SN - 2190-3387 UR - http://nbn-resolving.de/urn:nbn:de:0009-29-54531 ID - hofmann2021 ER -Download
Wordbib
<?xml version="1.0" encoding="UTF-8"?> <b:Sources SelectedStyle="" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" > <b:Source> <b:Tag>hofmann2021</b:Tag> <b:SourceType>ArticleInAPeriodical</b:SourceType> <b:Year>2021</b:Year> <b:PeriodicalTitle>JIPITEC</b:PeriodicalTitle> <b:Volume>12</b:Volume> <b:Issue>4</b:Issue> <b:Url>http://nbn-resolving.de/urn:nbn:de:0009-29-54531</b:Url> <b:Pages>347-359</b:Pages> <b:Author> <b:Author><b:NameList> <b:Person><b:Last>Hofmann</b:Last><b:First>Adrian</b:First></b:Person> <b:Person><b:Last>Gwinner</b:Last><b:First>Fabian</b:First></b:Person> <b:Person><b:Last>Winkelmann</b:Last><b:First>Axel</b:First></b:Person> <b:Person><b:Last>Janiesch</b:Last><b:First>Christian</b:First></b:Person> </b:NameList></b:Author> </b:Author> <b:Title>Security Implications of Consortium Blockchains: The Case of Ethereum Networks</b:Title> <b:Comments>By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors’ behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants’ roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain.</b:Comments> </b:Source> </b:Sources>Download
ISI
PT Journal AU Hofmann, A Gwinner, F Winkelmann, A Janiesch, C TI Security Implications of Consortium Blockchains: The Case of Ethereum Networks SO JIPITEC PY 2021 BP 347 EP 359 VL 12 IS 4 DE Case Study; Consortium Blockchain; Ethereum; Privacy; Security AB By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors’ behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants’ roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain. ERDownload
Mods
<mods> <titleInfo> <title>Security Implications of Consortium Blockchains: The Case of Ethereum Networks</title> </titleInfo> <name type="personal"> <namePart type="family">Hofmann</namePart> <namePart type="given">Adrian</namePart> </name> <name type="personal"> <namePart type="family">Gwinner</namePart> <namePart type="given">Fabian</namePart> </name> <name type="personal"> <namePart type="family">Winkelmann</namePart> <namePart type="given">Axel</namePart> </name> <name type="personal"> <namePart type="family">Janiesch</namePart> <namePart type="given">Christian</namePart> </name> <abstract>By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors’ behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants’ roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain.</abstract> <subject> <topic>Case Study</topic> <topic>Consortium Blockchain</topic> <topic>Ethereum</topic> <topic>Privacy</topic> <topic>Security</topic> </subject> <classification authority="ddc">340</classification> <relatedItem type="host"> <genre authority="marcgt">periodical</genre> <genre>academic journal</genre> <titleInfo> <title>JIPITEC</title> </titleInfo> <part> <detail type="volume"> <number>12</number> </detail> <detail type="issue"> <number>4</number> </detail> <date>2021</date> <extent unit="page"> <start>347</start> <end>359</end> </extent> </part> </relatedItem> <identifier type="issn">2190-3387</identifier> <identifier type="urn">urn:nbn:de:0009-29-54531</identifier> <identifier type="uri">http://nbn-resolving.de/urn:nbn:de:0009-29-54531</identifier> <identifier type="citekey">hofmann2021</identifier> </mods>Download
Full Metadata
Bibliographic Citation | Journal of intellectual property, information technology and electronic commerce law 12 (2021) 4 |
---|---|
Title |
Security Implications of Consortium Blockchains: The Case of Ethereum Networks (eng) |
Author | Adrian Hofmann, Fabian Gwinner, Axel Winkelmann, Christian Janiesch |
Language | eng |
Abstract | By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors’ behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants’ roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain. |
Subject | Case Study, Consortium Blockchain, Ethereum, Privacy, Security |
DDC | 340 |
Rights | DPPL |
URN: | urn:nbn:de:0009-29-54531 |