SAP + Blockchain. How do I Secure it?
Security in the blockchain is one of the key topics in the minds of SAP’s customers implementing the highly disruptive blockchain technology in tandem with SAP’s standard products or an organization’s homegrown solutions. SAP always takes security with utmost priority and especially when it comes to delivering the intelligent enterprise, security is the backbone and frontrunner at the same time.
“What are the key security challenges in blockchain, identified by SAP”?
- Vulnerability in the Platform Code:
- Users’ dependency on the central code platform, such as , SAP CP Blockchain Service, for handling their blockchain nodes, could pose a vulnerability through the code of the platform to multiple users.
- A successful breach in the code platform may affect hundreds of thousands of users at once.
- Mitigation Strategy:
- Segregate the blockchain node platform from the central code platform to prevent the case of a single vulnerability affecting all users.
- Apply the holistic SAP Secure Development Lifecycle to the central code platform.
Deploy an Intrusion Detection System and review all usage and system logs frequently.
Policy Rule Abuse- Chain Takeover:
Attackers usually attempt to find loopholes in the existing policy-chain rules in order to get a free-hand in granting privileges.
Consider a policy rule where a peer can be promoted to an administrator if 2/3rds of existing administrators agree. If there exist 2 admins, X1 and Y1, it is sufficient for Y1 to convince X1 to promote another peer Y2 as an admin. he controls indirectly and thus allowing him to supervise Y2 to add multiple nodes Y3, Y4 and promote them as admin bypassing X1’s decision.
Keep user enrollment strict and controlled through an identification mechanism and thus controlling Y1 to falsify any lack of ties with Y2.
Maintain an audit log of all decisions taken for onboarding and administrator changes.
Incorporate a legal framework in order to prosecute such attacks
- Control block validation with pre-selected denial of service attack. In situations, where only a few nodes participate in validation of new block-addition, an attacker controlling a few nodes could initiate a denial of service attack against other nodes for a reasonable time to append own blocks to the main blockchain.Mitigation Strategy
- Designate a significantly large number of blockchain nodes for validation.
- Design an internal control or policy to require a minimum number of available nodes for block to be appended to the blockchain.
- Assess all changes done in a blockchain to gather proof of a targeted manipulation of a chain.
Hope this blog helps to address some of the security related concerns with Blockchain.