Blockchain Attacks By 7 Strata

Strata System Breaching

Attack on any IT services or systems can be assessed and managed with the 7 Strata paradigm. In this discourse, we use the paradigm to assess on the attack and defense of the blockchain.

To defend, first know which directions they are coming from.

NIST define security operations to be guarded in 7 categories, 33 specialities, and 52 work roles. NIST maps them into 1,007 tasks, 374 skills, 630 knowledge areas and 176 abilities. Another means would to categorize them into 7 stratified domains.

The first defense is all features of all strata must be unambiguous in M.E.T.A. Unintended usage must be constantly be revisited and reviewed. Un-used features removed, not just disabled. Usages of different categories, especially of security concerns, must be classified, isolated and segregated. All knowns parameters, such as system, service, entity (such as devices) and human profiles, E.S.I.O. (Entities, Subjects, Interfaces, Objects) vigilantly examined. Attackers will be hunting, mining and discovering them. Monitoring on attacks must be in hypercognizant and hyperawared mode. If there is a known attack, system and service updates, and countermeasures must be drilled in place. Anomaly detection should corral lessons to evolve the strata.

In all domains of (Hu)Man, Machine and Method, from configuration, secrets management and governance.

Information security (InfoSec) focuses on developing and implementing policies, procedures, controls, and technologies to safeguard the entire organization’s digital assets. It involves risk management, incident response, compliance with regulations and standards, and overall security governance.

Examples: InfoSec measures include firewalls, intrusion detection and prevention systems, access controls, encryption, security audits, employee training, security awareness programs, and more.

Application security (AppSec) focuses on secure coding practices, design principles, and testing methodologies to identify and address vulnerabilities early in the software development life cycle. It includes techniques such as static analysis, dynamic analysis, code reviews, penetration testing, and secure development training.

Examples: AppSec measures include input validation, output encoding, secure authentication and authorization mechanisms, implementing proper error handling, employing security libraries, using HTTPS for communication, and conducting regular security assessments.

DevSec is just a combined notion of InfoSec and AppSec on development environment and production environment (and hence, it is a confusing misnomer).

Instead of generalizing into InfoSec and AppSec where InfoSec addresses the overall protection of an organization’s digital assets, and where AppSec specifically focuses on securing software applications from potential vulnerabilities and attacks, the 7 strata is a much clearer and comprehensive strategy. There is also an extension of the 8th strata (which is related to the `Service Strata`) which we will explained at the end.

Service

Strata: Layer 3 (Services (business logic), Faculties and user experience)  / Applications
The services may be application, facilities, industrial facilities, banking services, development environment (CI/CD) facilities, etc, or any faculties that are represented, presented and manifest itself into a service. Services may be internal. This can be in the faculty of Governance, Risk, and Compliance (GRC, aligning security practices with its business objectives, assessing and managing risks, and ensuring compliance with industry regulations and standards), Identity and Access Management (IAM) as a form of Control, Security Operations Center (SOC, centralized team responsible for monitoring, detecting, analyzing, and responding to security incidents in real-time) as a form of Command and Control, Incident Response (Restoration and Recovery, Reformation and Refinement), Physical Security (securing physical assets, facilities, and equipment to prevent unauthorized access, theft, and other physical threats), etc.
Services may be external for business focus, extension, expansion and continuity.
[Approach of attacks/ Caveats of weaknesses]
Risk(s): Trusted availability oracle
""" Guidelines: 
1. Similar to platform domain, here we see service as a platform. Ensure service is derived and reuse where possible, because if there are different variation doing the same thing, the audit will be a chaotic mess to manage. Standardize, baseline and centralize the secure components and ensue people look up before they `ITU` or `reinvent a faulty wheel`, e.g. blockchain witness network service can be based line and derive into a framework for voting (can be derived for public or corporate decisions, etc), property transfer with contractual context (can be derived for goods and services, real estate, inheritance, etc), etc.
2. Emend (change with no addition or subtraction of components) or amend (change with addition or subtraction of components with no change to origin components) has to be examine to deter flaws and space for faults introduce to the design or solution. This often comes with requirement or scope change or re-definition with feature requests. Annotations to highlight the differences has to be clear and clarified. Each service and feature component must be attested and authorized. 
"""

Example of a hidden feature (The same analogy can be apply as a method for any services or smuggling rigged implants into any organization, system or solution): `Devil Eyes` was the code name for a secret psychological warfare program in 2005–2006 by the United States CIA to develop an action figure of Osama bin Laden and distribute it in South Asia, especially Afghanistan and Pakistan. Custom-made terrorist action figure, with a twist. The plan was for the toys to be sent to the Afghanistan-Pakistan region, cheaply packaged, and handed out to children. The CIA had the perfect cover in place with their preexisting goodwill project - as pencils, notebooks, games and toys were all being placed in backpacks, the seemingly innocuous bin Laden dolls would also be slipped in. From there they would be given to unsuspecting children on a nationwide scale, where after finding the toy, they would play with the toy, and it would be all fun and games. Thereafter, until their faces start melting off, a demon face, red skin, green eyes, black markings. This was no ordinary doll, because this was a doll specifically designed to induce fear and anxiety. The doll’s face was painted with heat-sensitive material that was intended to peel off after a prolonged period.

Smuggling rigged implants can come in various forms. An example is described in the movie, Shiri (1999), where the partner of an agent convinced him to bring the fish from her shop to office. Unbeknownst to the agent, his partner is aware of his identity and had been in the shadows as a wanted fugitive for years even after going through cosmetic surgery. She had bugged (pun intended) him to help her sell her fish. When the agency found out, the fish are already well placed on the desks in the agency gathering intel on their operations. This explains where she is aways one step ahead of them. The hint that she does not know how to use chopsticks was a dead give away, of which the hapless audience was not able catch that she came from a place that is dearth of food given her claim that she is Korean.

Tools, Utilities And Software Supply-Chain Tampering And Exploits

The threat actor will attempt to:
1. Infiltrates the development network or supply/distribution network (sometimes as a vendor or insider).
2. Performs a scan to locate the repository (for source and tools) and build systems and to identify vulnerabilities.
3. Crafts an exploit to compromise the build system or repository (or both).
4. Deploys the exploit and await for an opportune time to activate the attack.

Infrastructure

Strata: Layer 1 (Infrastructure - network)
This strata includes Network (network infrastructure, including routers, switches, firewalls, and other network devices). It involves measures to prevent unauthorized access, network attacks, and data interception, i.e. ingress and outgress of the network security boundary (perimeter). The network can be in form of Cloud or other distributing computing topologies. 
[Approach of attacks/ Caveats of weaknesses]
1. Honest majority assumption for the Byzantine General Problem:
51% assumption: 
"""
51% means you can outrun 51% of the network. 51% also means you have a majority vote (and blocking others) - defining the source of truth witness by the network, and the aggregating of further mining gains and excluding others. Because the attackers have more hashing power they can mine blocks faster than the other 49% of the network combined the false chain continues to develop, eventually surpassing the original chain in length.
The attackers inform the remainder of the network's nodes about the forged chain. The remainder of the network is obligated to accept the attacker's fraudulent blocks because of the longest chain rule which considers the longest version of a blockchain as the legitimate version of the chain. Honest nodes assume their version of the chain is faulty and convert to the attacker's chain. The attackers are free to spend funds again because they force the network to accept the illegitimate chain on which their transaction never took place. The funds are sent a second time swapped for other coins and then liquidated or washed by the attacker with the rest of the network unaware of what has happened. 
For larger networks such as bitcoin and Ethereum, it is highly unlikely to pull off a 51% attack. The cost of performing a 51% attack rises significantly with the network's hash rate. The attackers would need to incur an enormous cost in order to gain the hashing power needed to take over larger networks -  meaning more computing power and more electricity - a cost that could perhaps not be worth the reward.
For smaller networks however there would be smaller costs and computing power needed to take over a network. This leaves smaller networks more susceptible to these types of attacks.
In 2018, bitcoin gold was attacked and hackers were able to make off with nearly 18 million dollars in assets. 2 years later, in 2020, another attempt was made but was fortunately thwarted by the bitcoin gold team in 2019. Ethereum classic came under attack and hackers were able to steal nearly 1.1 million dollars in assets. The `verge` was attacked in April of 2018 and hackers were successful in extracting over a million dollars. They were attacked again the following month in May and the attackers made off with an additional 1.75 million dollars worth of assets. The verge (XVG), in February of 2021, was discovered that they had fell victim to yet another attack. The hackers were able to reorganize or make changes to transaction history to an astounding 560, 000 blocks. In a short period of time 200 days worth of transactions disappeared.
Team notified mining pools and exchanges and circulated an update that created a checkpoint. The checkpoint prevented the hackers from taking over the chain. 
"""
65% of mining power is held by 1 single country. The problem with this assumption is flawed in the sense that it should be based on an assumption of a trustless system with uniformity of computational resource power instead. However, we know this assumption cannot be fair and true, as economics and resources of different groups or just countries themselves are different.
This not only is able to censor but present the majority of consensus of the version of reality / verity or history.
If miners mine on their isolated chain, they can conduct selfish mining attack, and publish when the chain out-race the targeted chain. * attackers can also lure victims to join and use their mining pools.
As well, can the hijacked 51% arrogate and start burning people's coins as a form of banishing and revocation?
If the network is corrupted, people will start to leave, hence, not theoretically not profitable to do so. Though, alternatively, the other 49% keeps getting refreshed, and you get fresh preys to sustain the entrapment - the blockchain network becomes purely a snare.
Net is live and well. i.e. not censoring, modifying transmission, DDoS, etc. Attackers can DDoS victims and block their transmission and therein their publishing or broadcast.
Mempools DDoS forcing users to pay a higher mining price.
2. The problem with decentralism is that they are divided and can be isolated and miscommunicated either by accident or hostile incidents. They can be divided and subdued separately.
Risk(s):
BJP hijacking, AS (Autonomous system) hijacking, Eclipse attack, Erebus, Partitioning attack, Sybils attack.
3. ISP intercepting mining (65.7%)
4. Network reliability (dropping, availability and latency) and synchrony.
""" Guidelines: 
1. The infrastructure is made up of systems, and infrastructure specialist(s) must working with system specialist(s) to be away of functional capabilities of each system. If the system does not require the feature, it should not just be disabled, but removed altogether. They should also examine what it is connected to, as functions can be relayed and related from other systems. Functions can be abused, misused and hijacked. To protect systems from potentially harmful network activity inbound and outbound network connections other than allowed URLs and necessary services should be blocked. Each system’s defenses should be configured to prevent infiltration and exfiltration on all engineering workstations (e.g., configuring intrusion detection and prevention, behavior blocking, reputation-based security, machine learning-based protection, application isolation and control, and vulnerability protection).
2. The trust of different systems and services should be categorized. There has to be trust management. Example: Trust can be breached akin how Snowden convinced different entities to accept his self-signed certificates, therein, forming a network of unchecked trusted path where data and components can be infiltrated and exfiltrated. 
3. The CMS (Configuration Management System) must be defensive of being hijacked and tampered with. 
4. [Resource and asset management] Access management should be resource and asset management centric. This requires Identity and access management facilities and tooling customization to the context of the organizational operations.
5. [Detection] You cannot react and respond if you cannot detect. Monitoring and logging facilities such as Firewall (+ Web Application Firewalls), tripwire, monitoring and logging, etc, has to be in place.
6. [Data protection] This involves secrets management (KMS), Certificate management, config manager, VPN, etc. 
7. [Incident response] Backup, HA/DR.
"""

Secure Build Environment. This is part of the environment. It is both infrastructural facilities and internal service.

System

Strata: Layer 1 (System - security)
While Endpoints can be seen as infrastructure, they are part of systems. This is the component of interface. Endpoint security involves securing individual devices whether mobile, Internet of Things (IoT), sensors, or any server or client devices that connect to a network. The goal is to prevent malware infections, unauthorized access, and data loss from these device systems.
Systems also include critical infrastructure systems such as Industrial Control Systems (ICS) like power plants, manufacturing facilities, and utilities from cyber threats that could impact their operations.
[Approach of attacks/ Caveats of weaknesses]
Incidents: Coinbase, MtGox
Risk(s): 
Malware, spyware, ransomware, system takeovers, and Stuxnet tunneling,
Other risks: Crypojacking
""" Guidelines: 
1. Systems must know what it is enable and connected to. Functions can be abused, misused and hijacked. 
2. Every function has to be examined for its afference (what it can be affected by) and efference (what it is affecting or creating an effect on). 
"""

Platform

Strata: Platforms (integration)
While platform can be referred to as the architecture, tools and processes, including integrating vendor-specific functions—and often third-party products, that ensure the functions of an entire computing environment, we refer to the computing language platform base that runs within each system. This can be on any layer depending on the language platform (including the different forms of smart contract platforms) in use.
[Approach of attacks/ Caveats of weaknesses]
Incidents: DAO (2016), Parity Wallet Hack (2017)
* DAO and Parity Wallet exploit can also be seen as (a flaw and bug) exploit at the platform layer (wallet), and it creates the flaw in L1, e.g. where there are multiple parties. The solution does not work alone, hence, we need to understand how the platform and network inter-function or inter-malfunction / dysfunction.
""" Guidelines: 
1. Different languages have different `gotchas`, and the versions of each language is changing fast. It behooves for the platform specialist to engage a team of specialize experts looking at the idiosyncrasies and flawed implementation that can occur for each language platform. Also note that, language can behave differently on different environments (cloud, mobile, embedded, etc), OS, runtime, hardware, etc.
2. Ensure function, module or component reuse where possible, as if there are different variation doing the same thing, the audit will be a chaotic mess to manage. Standardize and centralize the secure components and ensue people look up before they `ITU` or `reinvent a faulty wheel`. Each component must be attested and authorized.
3. Static analyzers work better on statically-typed languages such as C++, since the type of variables used within the code are known at compile time, whereas dynamically-typed languages such as Python resolve the variable types at runtime.
4. Often user input errors or malicious injections and can only be identified during testing at runtime, Interactive Application Security Testing (IAST), Dynamic Application Security Testing (DAST) and Runtime Application Self-Protection (RASP) tools should be used.
5. As IAST tools tend to have far more false positives than SAST, particularly with web applications, SAST tools that use introspection are encouraged when implementing the security testing requirements within this environment.
6. Many exploits use common compromise techniques such as buffer overflows, return-oriented programming (ROP) execution gadgets, delayed dynamic function loading, and overriding Software Exception Handlers (SEH). There should be defensive compiler, assembler, linker, and interpreter tools that have been extended to include defenses to mitigate these risks. Nonetheless, the platform specialists should compile a primer of build-chain defensive techniques that should be deployed to fend off the compromise vectors, e.g.: 
a) Stack Cookies – Prevents stack overwrites, 
b) Address Space Layout Randomization (ASLR) – Prevents ROP/Hardcoded IP references, 
c) SEHOP – Prevents SEH hooking, 
d) Data Execution Protection (DEP) – Stack/Heap execution prevention,
e) No Execute Bit (NX) – CPU flag execution prevention of memory locations, 
f) Static Libraries – Prevents preloading of malicious dynamic libraries, 
g) Stripping Binaries – Removing symbols from binary files makes it harder for the file to be reverse engineered, 
h) Hardware Specific Preventions – More preventions are available based on built-in hardware support.
For untrusted or hostile environments*, other countermeasure mechanisms that can be installed:
a) Heap Spray Mitigation – Monitoring commonly targeted heap addresses, 
b) Stack Pivot Detection – Detects ROP, 
c) ROP Call Detection – Detects JMP/RET (unconventional program flows), 
d) DLL Injection Detection – Dynamic Link Library (DLL) location and signature validation, 
e) Null Page Detection – Dereference exploitation prevention, 
f) Root-Kit Detection – Address hooking prevention, 
g) Behavioral Heuristics – Detection of unusual CPU, memory and resource activity.
* The platform specialists have to assess the environment with the infrastructure specialist(s) and system specialist(s), and as well with other security and knowledge domain specialists as required.
7. IDEs support multiple compiler languages and environments and the ability to extend the IDE by installing plug-ins (and sometimes "quiet patches"). Because of the complexity and untrusted sources, IDEs may become compromised, leading to an insecure local development environment. To ensure the integrity of the development process, all IDEs and their associated plug-ins used within a developer environment must be preapproved, validated, and scanned for vulnerabilities before being incorporated onto any developer machine.
8. Build environments may require the use of operating systems and packages, platform specialists are to consult with system specialists on the possible flawed and exploitable packages to ensure they are not within the operating tool-chains, utilities or operating environments.
9. The developer-defined build script must declare all dependencies, including sources and other build steps, using immutable references in a format that the build service understands. The build service: 
• Must fetch all artifacts in a trusted control plane, 
• Must not allow mutable references, 
• Must verify the integrity of each artifact, 
• Must prevent network access (MitM) while running the build steps.
"""

Algorithm

Strata: Algorithm (logic)
This can be on any layer depending on where and how the cryptographic suites are deployed, maintained and designated in usage.
[Approach of attacks/ Caveats of weaknesses]
Risk(s): Cryptography aging.
Reference(s):
1. Cryptographic Defenses
2. Cryptographic Flaws Exploited

Protocol

Strata: Layer 1 and 2 (Protocol (piece algorithms to be coordinated into a protocol for safe use and implementation))
[Approach of attacks/ Caveats of weaknesses]
Privacy lacking. ZK-snarks is slow and requires trusted key set-up.
Risk(s):
1. Merkle tree verification (on thin / light client for SPV client) assumes we trust the nodes of hash already trusted as proofs of intermediate hash for efficiency (speed and storage).
2. Where there is random in lottery or selection, e.g. PoW, authority of BTC transaction propagation (i.e. the orchestration of BTC consensus alignment finality - network latency on top of PoW (Proof of Authority is still quite centralized), if everyone is sending their own version asynchronously, the consensus cannot be reached in the chaos), the randomness is hard to be verified to be decentralized and fair.

.

Hardware

Strata: Hardware (+ IoT, embedded)
This can be on any layer that is designated and deployed for realizing the blockchain operations.
[Approach of attacks/ Caveats of weaknesses]
Limited computational resource to process intensive blockchain transactions.

.

The 8th Attack — Economic Attacks

Outside technological attacks, economic attacks are the exploits of the business and services. They are commonly misuse cases leading to the abuse of the business logic. The 2 forms of economic attacks are — criminal misuse of services and economic system exploits.

Economic Attacks

In each of the strata, address how each strata contribute to the goals of assurance and defense provisions on the following:

1. Privacy assurance (including opt-out for trusted shareability, such as for audit, and opt-out with zero-proof for managed authentication and evidence provision);

2. Secrets management (including control types, I.e. A6 and lifecycles);
* keys, secret parameters, data, etc

3. Vulnerability detection, exploitation and countering (pertains to abuse and misuse cases);

4. Sovereignty controls (opt-in / opt-out for escrowal, trusted delegation, trusted transfer of rights* and recovery, AML, CFT, KYC), etc.
* includes crawl-back and asset freezing depending on rights and responsibilities stated and agreed-upon (related: Sovereignty Trilemma)

5. Usability (the ease of use, and including use case coverage, even addressing scaling up for X-border coverage) and user protection.

As a base, the 7 Strata is a defensive framework. The attack surface and window can be circumspect on its Governance and IAM (rights and access, A6 on access), interactions and deployment and migration of systems, etc.

On the 8th Strata (Environment), the 5 domains can be used as a framework of examination.

All the above will contribute factors to be considered for risk assessments.

I understand blockchain as a decentralized P2P tech but hardly as a technology for economics or finance. I first worked on the Byzantine General Problem because organizational units did not trust each other (I am unsure if they have overcome their trust issues now), hence, I created a technological situation to enable a Mexican stand-off while they can continue the co-work without the need of that trust assumption. It was based on Lamport’s idea. That was in 2011.

The Guardian’s Handbook