Testing for Blockchain Security by Design
Duration: 1 Oct 2017 to 30 Sept 2019
PI and Co-PI: Asst Prof Pawel Szalachowski (PI), Asst Prof Georgios Piliouras 
Researchers: Dr Pieter Hartel, Dr Daniel Reijsbergen, Dr Li Jiaying, Dr Stefanos Leonardos, Dr Ivan Homoliak, Dr Sarad Venugopa, Dr Richard Schumi
Funding agency: National Research Foundation

Blockchain technology is relative new, and with emerging risks not well understood and sometimes ignored to gain first mover advantage, we see a fast developing eco-system with a need for Blockchain Security. The commercialisation process for the project outcomes is guided by TNO’s Blockchain Security program. This program focuses on the development of sufficient insights and maturity level of testing tools from a technology and security perspective towards implementation of security by design, coupled with tangible and concrete requirements and inputs from the blockchain industry to ensure user relevancy and market feasibility. The exploitation plan consists of three phases:

  1. Attract industry and build capacity (2017) – Key is to attract the industry as participants into the program and to initiate an open dialogue about the vulnerabilities. In the end, Blockchain Security is a joint responsibility among multiple stakeholders from users, technology suppliers, system integrator till regulators. To achieve sufficient knowledge for this dialogue, capacity is built through a training course: Blockchain Basics and its Security Perspectives. The feedback of these stakeholders meetings will be applied to amend our in-house blockchain security training course to demands.
  2. Experiment and implement security testing (2018) – By means of the BCS Stakeholder Group a first attempt is settled towards industry commitment and to create a safe environment for translating and transiting research results and outcomes into practical solutions.
  3. Certification of blockchain technology and applications (2019) – This project focuses on testing for Blockchain Security by Design, but it requires certification to realise Security by Design. Certification is out-of-scope.

The deliverables of the project are as follows:

D 1.1 Blockchain Vulnerability and Defence Catalogue [M12] – The catalogue contains security attributes, vulnerabilities and defences. It will serve as a checklist of known vulnerabilities for their blockchain deployments.
D 1.2 Network of Blockchain Incentives [M18] – Economic incentives lie at the core of many blockchain technologies. The deliverable will result from a game theoretic analysis of the blockchain protocols.
D 1.3 Blockchain Security Reference Architecture [M18] – This is a key deliverable to build a common understanding of blockchain technology between technology providers, their clients and the regulators in order to implement security controls in an unambiguous way.
D 2.1 Security Test Script Collection [M12] – A collection of test scripts created manually and a test harness that runs the security test scripts.
D 2.2 Security Model Builder [M24] – This deliverable is a prototype that allows appropriate models to be built, and that generates tests scripts automatically.
D 3.1 Use Case Definitions [M6] – This report presents  an inventory of potential case studies on FinTech, IoT and/or Logistics.
D 3.2 Technical Guidelines [M24] – Three guidelines are delivered: two confidential ones for the owners of the case study, and one aggregated public technical guideline with anonymized outcomes and insights.