What are some of the latest security-related developments in the blockchain world? Here is a roundup of recent headlines:
Blockchain competition features ‘practical exploitation challenges’
Security Innovation, a risk-focused software company, recently launched a set of vulnerability exploitation challenges via its Blockchain Capture the Flag (CTF) decentralised app, or dApp. Kicked off on 1 March and running through to 11 March, Blockchain CTF gives developers and security experts a chance to “test their skills with practical exploitation challenges”, creator Mick Ayzenberg, Security Innovation’s blockchain centre of excellence lead, said in a press announcement. “Given it’s still an emerging technology, this demonstrates the demand for educational resources for Blockchain smart contract security.” The first participant to solve all 13 challenges will win $300 in DAI tokens. The Blockchain CTF dApp contains “vulnerable smart contracts with various business use cases ranging from decentralised trust funds and open source lottery systems, to ICOs and automated royalty agreements”, Security Innovation says. “Players are challenged to exploit vulnerabilities that are commonly found in smart contracts to steal fake testnet ETH and earn points. Hints are available when creativity is exhausted.”
Expert: Better regulation will help build trust in blockchain
Security and privacy concerns are among the leading reasons why many users don’t yet trust blockchain applications, writes business, policy and emerging technologies expert Kevin Werbach in a recent commentary on Slate. Building that trust will require well-thought-out and effective regulation, according to Werbach, a professor of legal studies and business ethics at The Wharton School at the University of Pennsylvania. “If people trust blockchain systems, they’ll use them,” Werbach writes. “That’s the only way they’ll see mass-market adoption. The jurisdictions with the best regulation – not the ones with the least – will attract activity. Like any technological system, blockchains combine software code and human activity. It’s not enough to trust the computers – which, after all, are built and programmed by people. For the technology to be used widely and wisely, there must be mechanisms to hold the humans accountable, too.”
Curv says institutional wallet service is ‘industry first’
Curv, a US- and Israel-based startup, has launched what it says is “the industry’s first” institutional digital asset wallet service. “Many financial institutions have been hesitant to fully embrace digital assets within their portfolios because of the lag, operational complexity, and single point of failure associated with the private keys needed to sign blockchain transactions,” the company said in a news announcement. “Curv eradicates the concept of private keys to eliminate these issues, introducing revolutionary cryptography that delivers a simple, distributed way to secure and sign transactions.” The company says the wallet service not only eliminates the need to use private keys, but also replaces both hot and cold wallets and offers a “flexible, enterprise-grade policy engine” to enable institutional users to define risk profiles and enforce controls.
Fujitsu and Sony test blockchain for education verification
Fujitsu, Sony Global Education and the Fujitsu Research Institute are testing a blockchain system aimed at verifying the Japanese language abilities of foreign students coming to Japan. Requiring language proficiency ensures that foreigners don’t have trouble adjusting to life in Japan, notes The Asahi Shimbun, but some language institutions have been found to have issued fake documents attesting to students’ skills. “Educational institutions will be afforded a firm grasp of the prospective student’s language ability by referring to the highly reliable learning data stored in the blockchain when checking the validity of the educational certificate submitted by the prospective student,” Fujitsu said in a press announcement about the field trial. “The implementation of this system will make it possible for learning institutions to support diverse ways of learning more effectively.” The organisations’ long-term goals, Fujitsu added, are to promote educational uses of blockchain and ensure that “data associated with an individual’s learning can be utilised safely and securely beyond the framework of companies and educational institutions”.
Researchers explore blockchain solutions for IoT security
An international trio of researchers has proposed using blockchain to support the security, authentication and maintenance services required by Internet of Things (IoT) systems. In an article accepted for publication in the journal Future Generation Computer Systems, Muneeb Ul Hassan, Mubashir Husain Rehmani and Jinjun Chen analyse how blockchain technology can be integrated into IoT systems, and discuss challenges for anonymisation, encryption, private contracts, mixing and differential privacy.
Study: Use blockchain to enable certified email
Spanish researchers say a new protocol based on blockchain could enable a workable way of sending certified emails. M Francisca Hinarejos, Josep-Lluis Ferrer-Gomila and Llorenç Huguet-Rotger – all computer researchers at the University of Balearic Islands – note that, while many proposals have been made for certified email systems, most require the use of a trusted third party (TTP) to “achieve fairness”. “Our proposed approach can be used without intermediate entities to satisfy the typical security requirements pursued in certified email (i.e., the approach does not require a TTP) or to publish the required key material on the blockchain. Meanwhile, the use of smart contracts, which can be expensive from both economical and temporal perspectives, is not necessary. Moreover, our solution is based on the current email infrastructure, and no changes to the email structure, known and certified addresses, or the certification infrastructure already used by people and businesses are required.”