Presentation is loading. Please wait.

Presentation is loading. Please wait.

The future of blockchain

Published bySonja Eva Hendrickx Modified over 5 years ago

Similar presentations

Presentation on theme: "The future of blockchain"— Presentation transcript:

1

2 The future of blockchain
James Stanger, PhD ChannelCon August, 2019 Blockchain in 2019 and beyond

3 Our Agenda We’ll be talking about: Blockchain essentials
Why it’s useful – or promises to provide value Major blockchain platforms Industries ripe for disruption Five areas to consider As an enterprise or even a CompTIA partner you may be wondering where all the hype is going with blockchain. This session will define what blockchain technology is, why companies embrace this technology, and review the major enterprise blockchains (such as Hyperledger, Ethereum, Quorum, and R3 Corda). Additionally, we will look at which industries are ripe for distribution from Blockchain Technology and explain what blockchain-as-a-service (BaaS) is and why as a cloud expert you should understand it. Finally, we will touch on the top five areas that CompTIA partners should learn to profit from blockchain. Linux is everywhere these days – in many ways, it has been “Linux 2.0” over the past year. We’ve seen a peak, or at least a major burst, in Linux activity. Microsoft now “loves Linux.” From the cloud, to containerization, automation, AI, mobile and gaming devices, and IoT, Linux part of our ambient computing world. It is the operating system of choice for developers worldwide. Soon, however, we’re going to be seeing serverless architectures, containers, and increased automation – and interestingly enough, Linux (and open source) are at the forefront of these activities. For decades now, cybersecurity professionals have used Linux to help them provide security services. Kali Linux has, for better or for worse, become the “poster child” for pen testing, for example. The Security Onion Linux distribution has at the very least attempted to become the “poster child” for security analysts. But today, Linux is so foundational, it has also become a target. What is the future of Linux in cybersecurity in 2019 and beyond? In this age of automation and AI, what role does Linux play today in security? How will that role change? Is Linux going to retain its central position as the primary tool provider for the cybersecurity professional? In what way has Linux become the primary target today, instead of the primary cybersecurity toolkit?

4 CompTIA Web page: https://tinyurl.com/y94u3v7j
Your Presenter… James Stanger, PhD Chief Technology Evangelist – CompTIA A+, Network+, Security+, MCSE, LPI LPIC 1, Symantec STA Works with IT pros, managers and executives worldwide Tech support / help desk / service desk Automation and orchestration Security analytics Penetration testing Vulnerability management Intrusion detection Linux and open source Network administration Virtualization Web technologies Certification development Award-winning author and instructor Twitter: @jamesstanger CompTIA Web page: Linkedin:

5 blockchain 101

6 Satoshi’s white paper – just read it!
Quick overview Definition(s) Peer-based, hyper-distributed ledger Immutable record (public or permissioned / private), stored in a series of individual blocks Uses Public Key Infrastructure (PKI) Instant, authoritative record of a transaction Authoritative Traceable, yet decentralized No central authority; it is the authority Can be public or private Uses Cryptocurrency Smart contracts Supply chain management Can enable near-instant trust during transactions Satoshi’s white paper – just read it!

7 How blockchain works Applied encryption Proofs Consensus Calculations
Stake Other models Consensus Calculations Technical considerations are less important than business uses Demo sites / view blockchain at work (demo, “looking glass”):

8 How Blockchain Works (cont’d)
In systems that utilize distributed ledger technology such as blockchain, every node on a participating network keeps a copy of the full ledger of transactions. The cryptography built into the ledger maintains integrity while reducing overhead as well as transaction time. Cryptography and blockchain also eliminate the need for a central bank. When a new transaction is introduced, each node begins validating the transaction using an algorithm defined by the blockchain network. Once the transaction is validated, the new block is added to the chain. Each node on the network updates its copy of the ledger, and the node that successfully validated the block receives some sort of reward.

9 Blockchain DEMO You can try this demo (and any tinkering you wish) at this Blockchain demo site:

10 Services provided and sped up by blockchain
Trust / Nonrepudiation Automated Authoritative Traceable Chain of custody Supply chain management Real estate, food Asset ownership Protection against “double spend” Disintermediation Replace / disrupt traditional services Existing processes Contract management / lawyers Notary, title companies Employees? Can help solve long-standing technical and business problems

11 DISINTERMEDIATION Why is blockchain suddenly a big deal?
NO MIDDLEMAN DISINTERMEDIATION Eliminate the middle man to speed things up and improve efficiency

12 Classic uses Creating instant trust Smart contracts
Supply chain validation Cryptocurrency Records validation Real estate (titles) Court records Credentials, such as certification A reliable replacement for paper

13 Besides cryptocurrencies, who’s using blockchain, and what for?
FOOD SAFETY SMART CONTRACTS SUPPLY CHAIN (SHIPPING)

14 CompTIA survey – where is blockchain used today?
A quick survey we conducted in early 2018 Relieve business pressures Overhead Low margin Speed up transactions Improve efficiency Consider important sectors Finance and currency Healthcare Shipping Real estate Consider the pressures that affect today’s business sectors Survey info: You can have security without worrying about privacy, in a sense. But you can never ensure privacy unless security is first established.

15 taking a step back for a second

16 Essential considerations
Tech innovation Tech adoption The traditional innovation cycle Laws (e.g., Moore) Events The “death” of the innovation cycle Commoditization Ubiquitous tech Useful resource:

17 Your place in the innovation adoption lifecycle
asdf

18 The Web Linux Open source The “trifecta” of emerging tech
Security This is the “hat trick” Where are many innovations first developed? What platforms? How do you keep track? We’ve had a “tech trifecta” or “hat trick” at work The Web Open source Linux Kubernetes, Docker, Kali, the first Web-based ticketing and sales support systems, the list goes right back to the Web

19 major enterprise blockchain platforms

20 Major platforms Hyperledger Fabric Ethereum Quorum R3 Corda Ripple

21 Major platforms (cont’d)
Source:

22 Blockchain as a service (?)
Azure Blockchain Workbench Amazon Managed Blockcahin Oracle Ledger IBM Blockchain Platform

23 five areas to learn concerning blockchain

24 1. adding business value

25 Value-add questions to ask
How can we benefit from using blockchain-based smart contracts? What transaction costs would blockchain reduce or eliminate? Do we need to reduce transaction time? Do we need a new method to increase collaboration? Would we benefit from eliminating / replacing traditional banking functions? Do we have serious problems with transaction fraud?

26 2. know your fundamentals

27 Foundational concerns
End points Blockchain clients Management Servers Wallets Databases Storage Data Data being validated Networking Availability QoS

28 Foundational concerns
Cryptography Private key algorithms Advanced Encryption Standard (AES) DES / 3 DES Hashing algorithms SHA 256 SHA 512 Public Key Infrastructure (PKI) Certificates Private key security

29 3. security considerations

30 Most pressing issues for blockchain: What order?
What are the most likely problems that blockchain will experience? Social engineering Software development lifecycle issues (e.g., buffer overflows, race conditions) Problems with underlying platforms and associated protocols Browser Associated tech (databases, Web servers) Data corruption / manipulation of software (e.g., wallet, algorithms) Problems with the protocol itself (consensus algorithms) This was the finding of the RSA 2018 Blockchain Council These findings have been borne out over the last 18 months

31 Interstices and blockchain
Wallets Bad code Smart contracts In your browser Lack of monitoring Infrequent updates Dependencies and libraries Payment platforms Parity software and platforms

32 Browser elements Cookies leave . . . crumbs
Crumbs lead to information leakage ConJoin anonymity technique Wallet issues Helps Social engineers Reconnaissance JavaScript and other languages

33 Social engineering Only as safe as the person using blockchain
Transactions can’t be undone The human element Misuse of tech fundamentals (e.g.,private key) Networks of attackers Only as safe as the platform where information is stored Network connected? Physical security? The old principles still apply Information leakage Browser ISP / mobile provider Associated services SMS/SS7 hacks

34 Social engineering (cont’d)
The fundamental things apply. . . Here’s a social engineering case study Personal security hygiene Platform security Multifactor authentication

35 The wallet – how to attack it
Hot Internet-connected Like carrying cash Cold Holding funds Transfer ability available Physical stores Physical Side channel attack

36 The oracle The liaison function between the technical blockchain function and the rest of the organization A “translator” for information provided outside of a blockchain A particularly “juicy” element “Oracles provide the necessary data to trigger smart contracts to execute when the original terms of the contract are met. These conditions could be anything associated with the smart contract - temperature, payment completion, price changes, etc. These oracles are the only way for smart contracts to interact with data outside of the Blockchain environment.” How are these implemented? How can they be manipulated or compromised?

37 Progress of attacks over the years
Finney (2011) Vector 76 (one confirmation) 2011 Time jacking (2011) Double spend / race (2012 Brute force (2013) > 50% / 51% (2013+) Wallet theft (2014) DDoS (2014) Transaction malleability (2015) Refund (2017) Hijacking (2017, 2018) Fork (2013, 2016, 2018)

38 Case studies $530 million stolen? Private key stolen
Basic security measures not followed Internet-connected “hot wallet” Should have used cold storage instead No multifactor authentication Weak private key storage techniques Social engineering involved No IDS on key resources No analytics – no “red team, blue team”

39 Case studies (cont’d) $32 million loss What lessons can we learn?
Vulnerability in the wallet software Not in the protocol, per se What lessons can we learn?

40 4. software development lifecycle

41 Software development lifecycle and blockchain
You need programming to connect the dots We already struggle as an industry with software dev The same principles apply! It’s clear blockchain is being developed in the standard languages What existing issues will we port over to blockchain? What new issues will arise? Smart contracts Identity management

42 5. is my business ready?

43 Technology challenges Regulatory challenges
Business challenges Technology challenges Validating stages as we create info out of data Regulatory and compliance concerns Working with businesses Overcoming hype Determining the real business need Regulatory challenges Business challenges

44 Business readiness Communications
Executive management to middle management Management to tech worker How will blockchain implementation affect Help desk Cloud and networking Cybersecurity Cloud administrators / architects New job roles for the organization? Data analyst Business analyst Programming Project manager (Agile, etc.)

45 Q & A

46 Thank You! James Stanger, PhD Latest articles and blog entries:
+1 (360) Skype: stangernet Latest articles and blog entries: What is the difference between IT security and cybersecurity? (CompTIA) The Skills needed to combat today’s cybersecurity threats (RSA) Automated Pen Testing (Admin Magazine) The IT security disconnect (HP Enterprise) The role of the service desk in the cybersecurity kill chain (HDI) Two sides of the same coin: Pen testing and A blockchain manifesto? A report from the RSA 2018 Blockchain Focus Group security analytics How to prevent insiders from breaching What’s hot in network certifications Cloud Orchestration with Chef your data (Forbes) Admin Magazine (NetworkWorld) Threat Hunting with Yara No more close shaves: Talking end user security Escaping the Cybersecurity Metrics Matrix (CompTIA) Not quite time to abandon blockchain 10 critical security skills every IT team needs (interview, CIO Magazine) Private Eye: Open source tools for automated pen testing Admin Magazine How AI can help you stay ahead of Vulnerability management: How to target cybersecurity threats (CSO Magazine) A blockchain manifesto? bug bounty programs (CompTIA – RSA 2018) (TechTarget) Don’t hack me, bro! (Admin Magazine) The Hunt for the Meaning of the Red team My career change journey: The importance At the hop: Security testing with hping3 of networking (Linux Magazine) Putting AI and ML to work (CompTIA) Observations at RSA San Francisco 2019 (CompTIA) My CompTIA hub:

47 UP NEXT 2:45 PM - Industry Panel Session Tech Talents, Skills & Abilities Thank you for joining us for the IT Industry Trends Track! 

Download ppt "The future of blockchain"

Similar presentations

OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Www.appmobi.com The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.
© 2016 consensys.net Intro to The Blockchain. © 2016 consensys.net.

© 2016 consensys.net Intro to The Blockchain. © 2016 consensys.net.
SDN & NFV Driving Additional Value into Managed Services.

SDN & NFV Driving Additional Value into Managed Services.
Block Chain 101 May 2017.

Block Chain 101 May 2017.
When BPM meets Blockchain

When BPM meets Blockchain
Security and resilience for Smart Hospitals Key findings

Security and resilience for Smart Hospitals Key findings
Lecture 6: Cloud Computing

Lecture 6: Cloud Computing
Introduction to Blockchain

Introduction to Blockchain
Cisco Defense Orchestrator

Cisco Defense Orchestrator
Microsoft Certification Paths

Microsoft Certification Paths
BLOCKCHAIN APPLICATION IN CORE BANKING

BLOCKCHAIN APPLICATION IN CORE BANKING
Transform yourself and build your IT cloud career path

Transform yourself and build your IT cloud career path
Raihana Ferdous, Vallipuram Muthukkumarasamy

Raihana Ferdous, Vallipuram Muthukkumarasamy
Data and database administration

Data and database administration
WEBINAR Blockchain: Time For A Reality Check

WEBINAR Blockchain: Time For A Reality Check
Blockchains in 12 Easy Steps and Observations to Ponder…

Blockchains in 12 Easy Steps and Observations to Ponder…
Bitcoin - a distributed virtual currency system

Bitcoin - a distributed virtual currency system
KrypC Technologies Accelerated Blockchain Adoption.

KrypC Technologies Accelerated Blockchain Adoption.
Introduction to Hyperledger Fabric

Introduction to Hyperledger Fabric

Similar presentations

Ads by Google