Linked e-resources
Details
Table of Contents
Intro
Cover Page
Title Page
Copyright Page
Dedication Page
Foreword
About the Author
About the Reviewer
Acknowledgement
Preface
Errata
Table of Contents
1. Blockchain Security Overview
Introduction
Structure
Fundamentals of blockchain
Blockchain security overview
Confidentiality in Blockchain
Data Integrity in Blockchain
Data Availability in Blockchain
Traceability in Blockchain
Blockchain Security ecosystem
Application Layer
Consensus Algorithm Layer
Network Layer
Data layer
Infrastructure and Virtualization Layer
Exploring blockchain security benefits
Case Study: Procurement and Supply Chain
Inherent security capabilities of Bitcoin
Conclusion
Points to remember
References
Multiple choice questions
Answers
2. Blockchain Security Variations
Introduction
Structure
Types of blockchain
Public blockchain
Private blockchain
Hybrid blockchain
Consortium blockchain
Ethereum Overview
Introduction to Ethereum
Difference between Ethereum and Bitcoin
Working of Ethereum
Ethereum virtual machine
Smart contracts
Use case
Structure of an Ethereum node
Ethereum security review
Smart contract review
EVM security review
Ethereum security design review
Hyperledger fabric
Hyperledger Fabric security review
Use Case - Central Bank Digital Currency
Conclusion
Points to remember
References
Multiple choice questions
Answers
3. Attack Vectors Management on Blockchain
Introduction
Structure
Blockchain risk management
Security objective
Risk Identification
Risk classification
Mitigation strategy
Risk management template
Top security risk in blockchain
Technology stack
Regulatory and Data privacy
Governance
Data communication.
Threat model overview
Threat model architecture
Applying Threat Modeling to Blockchain
Mitigations against STRIDE Attack Vectors
Conclusion
Points to remember
References
Exercise
4. Blockchain Application Exploitation
Introduction
Structure
Blockchain Penetration Testing
Planning
Vulnerability Scanning
Exploitation
Maintaining Access
Hacking Smart contracts
The Lab setup
Examining the source code
Mitigations against Overflow and Underflow Attacks
Smart Contract Attack Vectors Analysis
Access Control
Best Security Practices and tools to secure Smart Contracts
Conclusion
Points to remember
References
5. Blockchain Application Audit
Introduction
Structure
Smart Contract Auditing
Methods for testing smart contract
Automated Testing
Unit testing
Integration testing
Property-based testing
Manual testing
Formal Verification of a Smart Contract
KEVM as a specific application of the K Framework
Defining the EVM specification
Bug Bounty Program
Conclusion
Points to Remember
References
6. Blockchain Security Solution
Introduction
Structure
Zero-Knowledge Proof
Types of Zero-Knowledge (ZK) Proof
Application of Zero-Knowledge Proof
Identity and Access Management
Identity and Access Management for Public Blockchain
Identity and Access Management for Smart Contracts
Ownable Pattern
Role-Based Permissions
Multi-Signature
Time locks
Logging audit events in a Smart Contract
Public Key Infrastructure
Public Key Cryptography
Symmetric Encryption
Asymmetric Encryption
Asymmetric and Symmetric encryption relationship
Components of Public Key Infrastructure
PKI Applications to Blockchain
Security Logging and Monitoring
Security Logs Analysis
Ethereum Event logs.
Topics and Data in Ethereum Log Records
Storage of Ethereum logs
Conclusion
Points to remember
References
Index.
Cover Page
Title Page
Copyright Page
Dedication Page
Foreword
About the Author
About the Reviewer
Acknowledgement
Preface
Errata
Table of Contents
1. Blockchain Security Overview
Introduction
Structure
Fundamentals of blockchain
Blockchain security overview
Confidentiality in Blockchain
Data Integrity in Blockchain
Data Availability in Blockchain
Traceability in Blockchain
Blockchain Security ecosystem
Application Layer
Consensus Algorithm Layer
Network Layer
Data layer
Infrastructure and Virtualization Layer
Exploring blockchain security benefits
Case Study: Procurement and Supply Chain
Inherent security capabilities of Bitcoin
Conclusion
Points to remember
References
Multiple choice questions
Answers
2. Blockchain Security Variations
Introduction
Structure
Types of blockchain
Public blockchain
Private blockchain
Hybrid blockchain
Consortium blockchain
Ethereum Overview
Introduction to Ethereum
Difference between Ethereum and Bitcoin
Working of Ethereum
Ethereum virtual machine
Smart contracts
Use case
Structure of an Ethereum node
Ethereum security review
Smart contract review
EVM security review
Ethereum security design review
Hyperledger fabric
Hyperledger Fabric security review
Use Case - Central Bank Digital Currency
Conclusion
Points to remember
References
Multiple choice questions
Answers
3. Attack Vectors Management on Blockchain
Introduction
Structure
Blockchain risk management
Security objective
Risk Identification
Risk classification
Mitigation strategy
Risk management template
Top security risk in blockchain
Technology stack
Regulatory and Data privacy
Governance
Data communication.
Threat model overview
Threat model architecture
Applying Threat Modeling to Blockchain
Mitigations against STRIDE Attack Vectors
Conclusion
Points to remember
References
Exercise
4. Blockchain Application Exploitation
Introduction
Structure
Blockchain Penetration Testing
Planning
Vulnerability Scanning
Exploitation
Maintaining Access
Hacking Smart contracts
The Lab setup
Examining the source code
Mitigations against Overflow and Underflow Attacks
Smart Contract Attack Vectors Analysis
Access Control
Best Security Practices and tools to secure Smart Contracts
Conclusion
Points to remember
References
5. Blockchain Application Audit
Introduction
Structure
Smart Contract Auditing
Methods for testing smart contract
Automated Testing
Unit testing
Integration testing
Property-based testing
Manual testing
Formal Verification of a Smart Contract
KEVM as a specific application of the K Framework
Defining the EVM specification
Bug Bounty Program
Conclusion
Points to Remember
References
6. Blockchain Security Solution
Introduction
Structure
Zero-Knowledge Proof
Types of Zero-Knowledge (ZK) Proof
Application of Zero-Knowledge Proof
Identity and Access Management
Identity and Access Management for Public Blockchain
Identity and Access Management for Smart Contracts
Ownable Pattern
Role-Based Permissions
Multi-Signature
Time locks
Logging audit events in a Smart Contract
Public Key Infrastructure
Public Key Cryptography
Symmetric Encryption
Asymmetric Encryption
Asymmetric and Symmetric encryption relationship
Components of Public Key Infrastructure
PKI Applications to Blockchain
Security Logging and Monitoring
Security Logs Analysis
Ethereum Event logs.
Topics and Data in Ethereum Log Records
Storage of Ethereum logs
Conclusion
Points to remember
References
Index.