Document Actions

Citation and metadata

Recommended citation

Adrian Hofmann, Fabian Gwinner, Axel Winkelmann, Christian Janiesch, Security Implications of Consortium Blockchains: The Case of Ethereum Networks, 12 (2021) JIPITEC 347 para 1.

Download Citation

Endnote

%0 Journal Article
%T Security Implications of Consortium Blockchains: The Case of Ethereum Networks
%A Hofmann, Adrian
%A Gwinner, Fabian
%A Winkelmann, Axel
%A Janiesch, Christian
%J JIPITEC
%D 2021
%V 12
%N 4
%@ 2190-3387
%F hofmann2021
%X By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors’ behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants’ roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain.
%L 340
%K Case Study
%K Consortium Blockchain
%K Ethereum
%K Privacy
%K Security
%U http://nbn-resolving.de/urn:nbn:de:0009-29-54531
%P 347-359

Download

Bibtex

@Article{hofmann2021,
  author = 	"Hofmann, Adrian
		and Gwinner, Fabian
		and Winkelmann, Axel
		and Janiesch, Christian",
  title = 	"Security Implications of Consortium Blockchains: The Case of Ethereum Networks",
  journal = 	"JIPITEC",
  year = 	"2021",
  volume = 	"12",
  number = 	"4",
  pages = 	"347--359",
  keywords = 	"Case Study; Consortium Blockchain; Ethereum; Privacy; Security",
  abstract = 	"By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors' behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants' roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain.",
  issn = 	"2190-3387",
  url = 	"http://nbn-resolving.de/urn:nbn:de:0009-29-54531"
}

Download

RIS

TY  - JOUR
AU  - Hofmann, Adrian
AU  - Gwinner, Fabian
AU  - Winkelmann, Axel
AU  - Janiesch, Christian
PY  - 2021
DA  - 2021//
TI  - Security Implications of Consortium Blockchains: The Case of Ethereum Networks
JO  - JIPITEC
SP  - 347
EP  - 359
VL  - 12
IS  - 4
KW  - Case Study
KW  - Consortium Blockchain
KW  - Ethereum
KW  - Privacy
KW  - Security
AB  - By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors’ behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants’ roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain.
SN  - 2190-3387
UR  - http://nbn-resolving.de/urn:nbn:de:0009-29-54531
ID  - hofmann2021
ER  - 
Download

Wordbib

<?xml version="1.0" encoding="UTF-8"?>
<b:Sources SelectedStyle="" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography"  xmlns="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" >
<b:Source>
<b:Tag>hofmann2021</b:Tag>
<b:SourceType>ArticleInAPeriodical</b:SourceType>
<b:Year>2021</b:Year>
<b:PeriodicalTitle>JIPITEC</b:PeriodicalTitle>
<b:Volume>12</b:Volume>
<b:Issue>4</b:Issue>
<b:Url>http://nbn-resolving.de/urn:nbn:de:0009-29-54531</b:Url>
<b:Pages>347-359</b:Pages>
<b:Author>
<b:Author><b:NameList>
<b:Person><b:Last>Hofmann</b:Last><b:First>Adrian</b:First></b:Person>
<b:Person><b:Last>Gwinner</b:Last><b:First>Fabian</b:First></b:Person>
<b:Person><b:Last>Winkelmann</b:Last><b:First>Axel</b:First></b:Person>
<b:Person><b:Last>Janiesch</b:Last><b:First>Christian</b:First></b:Person>
</b:NameList></b:Author>
</b:Author>
<b:Title>Security Implications of Consortium Blockchains: The Case of Ethereum Networks</b:Title>
<b:Comments>By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors’ behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants’ roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain.</b:Comments>
</b:Source>
</b:Sources>
Download

ISI

PT Journal
AU Hofmann, A
   Gwinner, F
   Winkelmann, A
   Janiesch, C
TI Security Implications of Consortium Blockchains: The Case of Ethereum Networks
SO JIPITEC
PY 2021
BP 347
EP 359
VL 12
IS 4
DE Case Study; Consortium Blockchain; Ethereum; Privacy; Security
AB By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors’ behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants’ roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain.
ER

Download

Mods

<mods>
  <titleInfo>
    <title>Security Implications of Consortium Blockchains: The Case of Ethereum Networks</title>
  </titleInfo>
  <name type="personal">
    <namePart type="family">Hofmann</namePart>
    <namePart type="given">Adrian</namePart>
  </name>
  <name type="personal">
    <namePart type="family">Gwinner</namePart>
    <namePart type="given">Fabian</namePart>
  </name>
  <name type="personal">
    <namePart type="family">Winkelmann</namePart>
    <namePart type="given">Axel</namePart>
  </name>
  <name type="personal">
    <namePart type="family">Janiesch</namePart>
    <namePart type="given">Christian</namePart>
  </name>
  <abstract>By definition, blockchain platforms offer secure and reliable data exchange between stakeholders without a trusted third party. Private and consortium blockchains implement access restrictions, so that sensitive data is kept from the public. However, due to its distributed structure, only one node with faulty configuration can leak all blockchain data. For our study, we scanned the Internet for misconfigured private Ethereum nodes. Overall, we found 1421 nodes belonging to 621 blockchains that are not one of the large Ethereum-based networks. For our analysis, we chose a diverse sample of networks. Then, we analyzed in-depth 4 different networks with 10 to 20 nodes enabling 800 to over 34 million transactions. We used the exposed remote procedure call interface of nodes to extract the complete transaction history and to gain insights into the actors’ behaviors those networks. We used graph visualization tools to picture the networks transactions and to identify stakeholders and activities. Additionally, we decompiled and reverse engineered smart contracts on the networks to infer the purpose of smart contracts, the network, and its participants’ roles. With our research, we show how to reveal confidential information from blockchains, which should not be exposed to the public and could potentially include identities, contract data as well as legal data. Thereby, we illustrate the legal and social implications of data leakage by this distributed and supposedly secure technology. In summary, we show that the large attack surface of private or consortium blockchains poses a threat to the security of those networks. The nodes used in this study were not configured according to the Ethereum guidelines and exposed information directly to the Internet. However, even correctly configured nodes provide an excellent target for attackers as they allow them to gain information about a whole network while only breaching one weak point. Lastly, our study discusses whether (private) blockchain networks can reach a consensus without sharing all data between nodes and what data distribution strategies defend best against weak links in the chain.</abstract>
  <subject>
    <topic>Case Study</topic>
    <topic>Consortium Blockchain</topic>
    <topic>Ethereum</topic>
    <topic>Privacy</topic>
    <topic>Security</topic>
  </subject>
  <classification authority="ddc">340</classification>
  <relatedItem type="host">
    <genre authority="marcgt">periodical</genre>
    <genre>academic journal</genre>
    <titleInfo>
      <title>JIPITEC</title>
    </titleInfo>
    <part>
      <detail type="volume">
        <number>12</number>
      </detail>
      <detail type="issue">
        <number>4</number>
      </detail>
      <date>2021</date>
      <extent unit="page">
        <start>347</start>
        <end>359</end>
      </extent>
    </part>
  </relatedItem>
  <identifier type="issn">2190-3387</identifier>
  <identifier type="urn">urn:nbn:de:0009-29-54531</identifier>
  <identifier type="uri">http://nbn-resolving.de/urn:nbn:de:0009-29-54531</identifier>
  <identifier type="citekey">hofmann2021</identifier>
</mods>
Download

Full Metadata

JIPITEC – Journal of Intellectual Property, Information Technology and E-Commerce Law
Article search
Extended article search
Newsletter
Subscribe to our newsletter
Follow Us
twitter