BaFin - Navigation & Service

Go to:

BaFin Perspectives - current issue © BaFin / www.freepik.com

Erscheinung:01.08.2018 | Topic Fintechs Distributed Ledger Technology: Blockchain as a Basis for Information Security

Content

Blockchain provides an additional logical layer on the internet for transporting assets. The learning curve is steep, but blockchain can make IT both more secure and massively more cost-effective.

Introduction

Awareness of blockchain technology has been on the rise since the introduction of bitcoin in 2008. However, blockchain can do much more than managing a digital currency. The technology has the potential to challenge established business models fundamentally. Expectations for blockchain technology are already evident from the fact that the market capitalisation of the “cryptocurrencies” climbed to over 600 billion US dollars in 2017.1 In the fourth quarter of 2017, funds invested in “initial coin offerings” (ICOs) exceeded traditional venture capital financing by a factor of 16.2 An ICO is comparable to an IPO in which money is collected from investors, but is based on blockchain technology.

To enable an assessment of the realistic potential of blockchain technology, this article takes a closer look at this technology compared with conventional IT systems and focuses in particular on the security of IT systems. Blockchain technology challenges many of the principles of traditional IT and solves many security issues in a fundamentally different way. Blockchain has the potential to significantly increase the security of IT systems, while at the same time massively reducing IT costs. Blockchain is not automatically the best solution to every problem. Besides, specific requirements must be considered during implementation to prevent risks. This article therefore also describes critical success factors for implementing blockchain projects. Involving cryptography experts early in the development process is essential to ensure that blockchain applications are as secure as possible. Blockchain not only transforms a company’s IT department, but it can also impact the structure of the entire value chain. For this reason, the article also considers the potential for changing enterprise business processes from a holistic perspective.

Advantages of blockchain technology

Immutable database

A blockchain is an immutable, continuously evolving database (“ledger”). This immutability is an advantage over conventional databases that is usually underestimated. At present, data are objects that are very easy to change. For example, it is not difficult to modify an entry in the main memory of a computer or a conventional database. In fact, IT systems are designed so that data can subsequently be changed easily. This function makes sense for many applications, but it also represents a severe security risk in conventional IT systems. Blockchain technology represents a paradigm shift because absolute data immutability enables entirely new approaches to designing IT systems. For example, it is no longer necessary to safeguard system security using dedicated infrastructure and firewalls. Instead, all data in the blockchain is already secured by cryptography and cannot be manipulated.

Figure 1: Conventional database vs. blockchain ledger

Figure 1: Conventional database vs. blockchain ledger CryptoTec AG Figure 1: Conventional database vs. blockchain ledger

This data immutability allows for the implementation of entirely new business models because the data stored in the blockchain is resilient and trustworthy. As a result, payment transactions can be executed automatically using this data, for example, and the intermediary who confirms or guarantees the authenticity of the data becomes redundant. The data in a blockchain is so secure that even ownership rights and related details, such as those recorded in a land register, can be securely stored in the blockchain. Even democratic elections can be implemented by blockchain in a tamper-proof way. This preserves the secrecy of the ballot while ensuring that it is transparent to everybody that the elections were conducted properly.

Trustless systems

The principle until now has been that the longer data was held in the system, the more insecure it became because attackers could manipulate the data. The average time between a successful attack and detection of the attack is 180 days.3 Blockchain turns this principle on its head: The longer data is stored in the blockchain, the more secure it becomes because the authenticity of data is verified by a growing number of participants in the network. For the security of some blockchain architectures, it is even irrelevant whether the identity of the participants is known or not. Previously, systems became increasingly insecure when they were accessed by unknown participants. In the case of blockchain, even unknown participants can interact with it and make the system more secure.

In connection with blockchain, the term “trustless system” means that the servers involved and their operators do not have to be trusted because the data in the blockchain verifiably cannot be manipulated. The blockchain itself creates trust in the system since the blockchain protocols automatically verify compliance by the participants with the blockchain rules. Process risk can thus be reduced as a blockchain automatically ensures that contracts are executed and payments are processed.

Protection from data theft

Another advantage of blockchain technology over conventional databases is the protection it offers against the theft of massive data sets. There have often been headlines in the past about hacks of central databases with millions of stolen records, such as at Sony, Target, and Home Depot. Since a blockchain no longer requires credit card records, for example, but relies on end-to-end security, the data can no longer be stolen from servers. In particular, blockchain technology also offers the capability to store data in encrypted form. Additionally, direct payment functionalities and automatically executed contracts (“smart contracts”) can be implemented in blockchains using international consensus. Capabilities like this – and many more – go far beyond the functionality of conventional databases.

Transparency and verifiability

Another innovation that blockchain offers is the validation of stored data. Gathering information has become very easy in the internet era. Google’s value proposition is to make all data available in the world searchable in a single search engine window. However, it is often challenging to validate the data. Blockchain technology now allows the authenticity of all data in the blockchain to be verified, a quality that brings with it many potential applications. For example, customers can be assured that drugs have been developed based on actual clinical studies that cars have been designed based on valid emission studies, and that food has actually been produced in the region stated on the label. Validating data in the blockchain thus increases transparency for companies, customers and citizens.

Blockchain supports information security

Information security is a key objective of many companies. The Allianz Risk Barometer 2018 lists the risk of cyber attacks as the second most significant risk for companies in Germany.4 Logistics service provider Maersk, for example, felt the impact of a cyber attack. An attack by the NotPetya trojan is estimated to have cost Maersk 200 to 300 million US dollars.5 Besides increased IT security requirements, companies are at the same time also pursuing the goal of reducing costs for existing IT systems and improving interoperability. Blockchain can be a crucial technology here, helping companies to enhance information security and cut costs. Blockchains are considerably more resilient to common attacks on web applications6.

Separation of information and network security

What exactly makes blockchain applications so secure compared with conventional IT systems? To be able to answer this question, it is necessary to address the network security structure of conventional IT systems. Conventional IT systems feature a strict boundary between the outside and the inside. Only users inside the system can access the data and make changes in the system. To ensure security, access to the inside part is controlled at the operating system level. Depending on the required security level, the design of this access control may be more or less complex. Firewalls and encrypted VPN7 connections, for example, ensure that conventional IT systems are secure.

In the world of blockchains, however, this separation between the inside and the outside is almost entirely eliminated. A “public blockchain” is a public, redundantly stored database. The security of the data depends solely on possession of the relevant key and is safeguarded by cryptographic protocols. Security, therefore, does not need to be ensured by firewalls, so the blockchain decouples information security from network security. Essentially, it does not really matter if third parties have access to the blockchain (network security), as long as the data in the blockchain is protected by cryptography (information security). Of course, a blockchain does not necessarily have to be publicly accessible – it can also stay within a company (“private blockchain”). This blockchain approach enables enhanced data security while reducing security effort compared with conventional IT systems.

Security of blockchain standards

Blockchain technology is still in an early stage of development. For this reason, there are many different providers with different approaches. One criticism often levelled is that blockchain does not yet have adequate, consistent standards.8 However, competitive advantages are rarely achieved by complying with rules, but rather by setting them. Companies such as Microsoft, Apple, Google and Facebook are among the most valuable companies in the world precisely because they have established their own standards and have not just waited for third-party standards. To gain a competitive edge in new technologies, it is often more important to be faster in the market than to offer the more perfect technology. Especially with blockchain, however, security is indispensable. In particular, if hardly any existing technology is reused and everything is developed from scratch, blockchain developments often contain critical implementation errors. zCoin, for example, was the victim of a denial-of-spending attack. This exploited a mistake in the protocol and gave attackers access to coins that did not belong to them.9 The DAO hack10 is another a well-known case. That is why it is crucial for the project team to work together with cryptography experts when implementing blockchain projects. If possible, a formal proof of security should be developed to accompany implementation. This aspect is dealt with in more detail in section 5.1.

Communicable value added

Blockchain technology brings significant advantages to IT security. However, that does not mean that blockchain is automatically the best technology for each and every application. Before a company decides to implement a blockchain-based solution, it has to analyse the value added in great detail. If it does not, there is a risk that it will end up programming blockchain applications that offer no real advantages over other IT solutions. The principle of communicability is helpful here. It must be possible to communicate the added value to the customers or other stakeholders in an understandable manner. Blockchain applications that comply with this principle justify the investment and contribute to the success of the company. If this is not the case, blockchain may not be the best available technology. Some examples of actual value-added related to security thanks to blockchain technology are shown in the following:

  • Payments in a peer-to-peer blockchain network are securely validated and immutable. The sort of recall that is allowed in a SEPA core direct debit mandate is not possible.
  • Users can manage their own digital identity and themselves decide which provider should have access to which data if they maintain their user data using a blockchain. This allows users to benefit directly from the use of their data, for example by allowing it to be used for a clinical study.
  • As soon as a smart contract has been digitally signed by both parties to the contract, the programming code guarantees the performance of the contract. These examples of value-added related to security can be communicated advantageously to customers and other stakeholders and are therefore good use cases for blockchain technology.

Cryptography

Cryptography is essential for the security of blockchain applications. The integrity of the data is protected by hashing (arithmetic operations). Digital signatures protect the authorship of entry and encryption protects access to information. This makes it possible to restrict access to and use of data, money, goods or other assets to defined participants. This requires cryptographic protocols with complex mathematical models. To explain how cryptography works in a blockchain, some processes are described in a simplified form in the following. The explanation uses the example of bitcoin, the widely used digital currency.

Secure identity

To participate in the bitcoin network, all users need an account in the bitcoin blockchain. To do this, the computer emulates 256 random coin tosses and remembers the result. There are 1,157x1077 different possibilities for the result, namely

115.792.089.237.316.195.423.570.985.008.687.907.853.269.984.665.640.564.039.457.584.007.913.129.639.935

This number of possibilities is so large that it could be used to assign a unique number to each atom in the universe. To generate this amount of possibilities, you could alternatively roll 100 dice at the same time. The enormous number of different possibilities of dice rolls is responsible for information security in the blockchain. It is impossible to guess the outcome of the dice roll and it would take millions of years to try it out using even the most powerful computers. The outcome of the dice roll must remain secret and later serves as a key to read the encrypted information. Hashing is used to create a public bitcoin address from the secret dice roll, which is then stored in the blockchain. The encryption procedures are public and can, therefore, be audited. The security of the procedure is based on Kerckhoff’s principle (1883), under which the security of cryptography is based on the secrecy of the key instead of the secrecy of the encryption algorithm. This principle is an important component of modern cryptography.

Transactions in the blockchain

The randomly assigned bitcoin address represents an account in the blockchain. This address can be used to receive bitcoins. Digital assets and other information can also be sent to other blockchain networks. For example, a randomly created blockchain address might look like this:

92024 57150 21345 42342 34121 34230 16215 64644 54627 72316

Every participant who knows the address can send digital money or other assets to this address, in the same way as to a house address. And just like a house, only the owner of the blockchain address can use the money or decrypt the message. Decryption is done using a secret key (dice roll). It is not possible to extrapolate the underlying secret key from a public blockchain address. This is a one-way function of asymmetric cryptography. One-way functions are functions that can be easily calculated but cannot to all intents and purposes be inverted. For example, a blockchain address can be calculated from the dice roll, but not vice versa. One example of a one-way function from the physical world of a one-way function is when a glass is thrown onto the floor. The glass shatters into many small fragments and it does not require much effort to destroy the glass. However, an extreme effort is required to reassemble the fragments into the original glass.

Figure 2: Generating a blockchain account and address

Figure 2: Generating a blockchain account and address CryptoTec AG Figure 2: Generating a blockchain account and address

Authenticating identities

However, blockchain addresses can be used for much more than account numbers in the bitcoin network. For example, industrial companies can assign individual blockchain addresses to specific products, goods and components, and identify them unambiguously in the production and distribution process. With the help of QR codes11, these addresses can be made machine-readable and registered in a blockchain. In addition, blockchain addresses can be assigned any attributes. For example, assigning the name of a company as an attribute makes it easier for other participants in the blockchain to identify the address. Knowledge of the outcome of the dice roll is necessary to assign an attribute. This makes it transparent that the attributes were only added by a participant who is also the owner of the address.

Figure 3: QR code for a blockchain address

Figure 3: QR code for a blockchain address CryptoTect AG Figure 3: QR code for a blockchain address

In a blockchain network, however, it is not absolutely essential to know the participants of the network. Even unknown and unconfirmed participants can participate in the blockchain without any loss of security. Whereas unknown participants in traditional IT systems pose a security risk, this is not a security or stability problem for public blockchains. This quality is an advantage of the blockchain because the barriers to adding new participants are lowered tremendously and users reach critical mass faster. Bitcoin is an excellent example of this because each participant can create their own account without having to register previously at a bank or administrative office. The participating identities can be authenticated at a later date if required. It is also possible to subsequently verify an unknown identity, thus allowing earlier actions to be retrospectively assigned to the confirmed participant. This advantage is also termed “key continuity”.

Identity management and key management

Blockchain identity management ensures that users of a blockchain do not need to know the long numbers or QR codes of a blockchain address by heart. The assigned attributes (for example company names) provide information about the identity of the participant and can be stored transparently in a database. Sending money to a blockchain address thus becomes as easy as sending an email. For blockchain applications with good identity management, there is no longer any need to enter the sort of complicated long account numbers that are required for SEPA credit transfers. A characteristic of good blockchain identity management is that several blockchain addresses can be assigned to a company or an individual. In practice, a variety of cryptographic methods are used for different blockchain applications, with the result that the blockchain addresses are not interchangeable. For example, blockchain solutions for a document repository use different cryptographic methods from blockchain solutions for P2P money transfers.

The following example illustrates this scenario. A blog post author is normally paid for their work if it is published. However, the blog post is sent using a different blockchain than the agreed payment. Blockchain identity management is the interface between the two blockchains and ensures that the payment goes to the same person who wrote the post.

The function of the private key has already been explained. The secrecy of the key is important to ensure the security of the wallet (account) and the data. Additionally, the user must not lose the key because this would mean that the digital wallet or the stored data would no longer be accessible to anybody at all. There is, therefore, a need for extensive backup and recovery solutions, both for individuals and for companies. Such solutions should, of course, be encrypted end-to-end. Otherwise, the blockchain security promise is irrelevant. In addition, the keys can also be divided and stored redundantly at trustees. Examples of such methods are Shamir’s Secret Sharing or multi-signature wallets.

Blockchain in companies

Cash, information and goods flow

Blockchain also offers many advantages in enterprise applications, allowing the rapid, secure and cost-effective management of business processes. The technology allows for an automatic coordination of cash, information and goods flows. Any asset to which a value can be assigned can be managed in a blockchain. The owner of the asset can be identified unambiguously and reliably at all times. Furthermore, a blockchain can be used to transfer ownership and possession of an asset. Such a transfer of assets in the blockchain is secure and cannot be reversed without the consent of the new owner. When an email is sent, only a copy is created and exchanged between the mail servers, whereas the assets are actually transferred in a blockchain. Physical goods can also be assigned a digital token, making it possible to track the goods. QR codes or RFID12 chips can help amalgamate the physical good and the digital token.

Figure 4: The blockchain brings together the cash, information and the goods flow

Figure 4: The blockchain brings together the cash, information and the goods flow CryptoTec AG Figure 4: The blockchain brings together the cash, information and the goods flow

Accelerated process coordination

A blockchain can generate tremendous efficiency gains by modelling several processes, such as payments, contracts, supply chains, document exchange and protection against counterfeiting, in a single system. In such cases, the blockchain allows process steps to be optimally coordinated. For example, if an ordered item arrives at a company, documents can be automatically checked, forgeries identified, the underlying contract executed and the money sent to the other party to the contract. Processes that previously ran separately can be performed automatically and in seconds thanks to the blockchain. The increased throughput speed harbours tremendous potential for cutting costs. Optimising processes through blockchain solutions can achieve savings of up to 99.9 percent and accelerate processes by a factor of 1,000. Horizontal coordination of the process chain can also be implemented on a cross-industry basis to simplify additional business processes.

Figure 5: Horizontal coordination of the process chain

Figure 5: Horizontal coordination of the process chain CryptoTec AG Figure 5: Horizontal coordination of the process chain

Changing the value chain

Blockchain technology enables direct contact with all participants in a supply chain. For example, companies that are currently trapped in the middle of a supply chain have the opportunity to establish direct contact with customers. This allows manufacturers to sell a product or service directly to the end customer. However, this opportunity also poses a risk for established companies that previously had exclusive market access and mediated between manufacturers and end customers. Blockchain technology attacks existing business models and strengthens the position of suppliers and manufacturers in the value chain. Moreover, blockchain enables companies to work together more efficiently and more quickly along the value chain. That is why being one of the winners in the future depends on understanding the value added of a blockchain.

Implementation of blockchain applications

Proof of security

“The main advantage of blockchain technology is supposed to be that it’s more secure, but new technologies are generally hard for people to trust, and this paradox can't really be avoided.”– Vitalik Buterin

The security of a blockchain application is decisive for its success or failure, so it is important not to make any mistakes during development that might endanger the security of the application at a later date. To better understand how to avoid such errors, it is helpful to visualise the process of developing a blockchain application. An idea for a blockchain can be outlined in three sentences. A concept can be defined in approximately 40 pages. The specifications need a further 150 pages. The actual implementation can then consist of three million lines of program code, corresponding to around 30,000 pages.

It is more or less impossible to check millions of lines of program code for security after the event and reveal conceptual errors. However, conceptual errors can have serious consequences for the blockchain, and in many cases cannot be rectified by a software update. It is therefore advisable to provide a formal proof of security at an early stage to ensure the correct statics, as it were, of the system. This proves mathematically that a system cannot be hacked by an existing computer. This abstract proof requires an adversarial model and protection objectives to be modelled. Such a positive proof of security requires only 20 pages and avoids subsequent high costs due to conceptual errors. The possibility of proofs of security has been known in computer science for years but is still only implemented rarely in practice. In accordance with a development process tailored to blockchain projects (see Figure 6,), CryptoTec (editor’s note: where two of the authors of this article are employed), for example, provided proof of security to accompany the development of its internally developed blockchain document repository, guaranteeing document security, confidentiality and integrity.

Figure 6: Illustrative development process for blockchain projects

Figure 6: Illustrative development process for blockchain projects CryptoTec AG Figure 6: Illustrative development process for blockchain projects

Adversarial models and protection objectives

“If you don’t understand what you want to achieve, how can you possibly know when (or if) you have achieved it?” – Jonathan Katz

Adversarial models and protection objectives model possible scenarios and define the level of security required. An adversarial model defines the capabilities a potential attacker has and how an attacker can act. An attacker can be a professional hacker group or a user who circumvents payment. Developers must put themselves in the shoes of potential attackers to cover all possible attack scenarios. If one possibility is overlooked, it limits the security of the entire system. This takes a lot of time and experience with hacking attacks. In practice, internal employees at companies are often under time pressure and primarily know the perspective of their own company, not that of an attacker. In addition, the following principle applies in computer science: “A developer cannot test their own system.” Therefore, involving external experts is more or less mandatory when creating an adversarial model. By changing perspectives, potential new attack scenarios can be developed and the internal employees can focus on their core task of developing the system.

Protection objectives define the security level a system needs and the attacks that are to be prevented. There are two types of protection objectives:

  1. Every attack should be thwarted (100 percent protection).
  2. Attacks that are economically advantageous for attackers should be thwarted.

100% protection is a difficult target to achieve as increasing the protection of a system becomes exponentially more expensive. In many cases, it is sufficient to make attacks by organised crime economically uninteresting. Figure 7 shows the gain per attack and the cost per attack as a function. The costs for the attacker increase exponentially as system protection increases. Once the cost of an attack is greater than the gain, the attack becomes uneconomic and unattractive for organised crime. It may, therefore, be sufficient to make a system secure enough that an attack is not profitable. The blockchain also increases the risk of an attacker being caught and prosecuted. In the past, hackers tried to remove possible traces on servers to avoid being identified. In blockchain applications, however, transactions cannot be retrospectively changed, but are transparently documented. The increased risk for attackers is an advantage of blockchain technology and can ultimately lead to lower costs for security measures.

Figur 7: Profitability of attacks

Figur 7: Profitability of attacks CryptoTecAG Figur 7: Profitability of attacks

User-friendliness

“Complexity is the worst enemy of security.” – Bruce Schneier

Bruce Schneier, American cryptography and computer security expert, succinctly summed up the connection between complexity and security in IT systems. An unnecessarily complicated design not only complicates usability but also creates more security gaps. An application should be as easy to use as possible and contain only the functions that are actually needed. User-friendly software does what the user expects it to do. Secure software does what the user expects it to do and nothing else. All other additional functions that the user does not need to increase the complexity of a system and at the same time impair security. This principle should be kept in mind especially when developing blockchain applications. In a highly networked world, products that are easy to use and difficult to hack are the most successful. Therefore, in addition to security, user-friendliness should also be an objective when developing new applications.

Developing blockchain applications

“Bitcoin is not the kind of software where we can leave so many unresolved bugs that we need a tracker for them.” – Satoshi Nakamoto

It has already been mentioned that blockchain applications must be of high quality and may not contain any bugs. In many cases, bugs in the blockchain software cannot be reversed. For example, 500,000 Ethers, or about USD 375 million, of Parity Wallet users were frozen because the developers overlooked a serious bug in the code.13 Quality management and auditing are very important when developing blockchain applications. It is therefore advisable to build on blockchain modules that have already been developed and audited. Development costs can be reduced through collaboration with external blockchain experts, and security will be increased by proven solutions.

Defining requirements

When new blockchain applications are being developed, it is vital to define the requirements clearly in advance. This is the only way to select the best solution and prevent problems at a later stage. The Ethereum blockchain is a very popular platform for implementing new projects. However, that does not mean at all that it is the right platform for every project. For example, if you want to execute 1,000 transactions per second (TPS) in an industrial application, the Ethereum Network, which currently offers 20 TPS, cannot meet the application requirements.14 The evaluation of requirements can be facilitated by an evaluation matrix for blockchain applications (see Table 1).

Table 1: Assessment matrix for blockchain applications

Table 1: Assessment matrix for blockchain applications Table 1: Assessment matrix for blockchain applications

Responsibility for blockchain development

“Blockchain is 80% business and 20% technology.”– William Mougayar

The enterprise-wide standardisation of processes is a major advantage of the blockchain. This often leads to the complete redesign of business processes, also known as “business process re-engineering”. It is not sufficient to transfer the existing processes to a blockchain. This only results in costs for the transition, but no value added is created for the customer and no process optimisation is achieved. Competitive advantages can only be generated and the customer experience improved by completely redesigning business processes. The blockchain is, therefore, a topic that must be implemented by corporate management and the strategy department; individual departments lack the overview and decision-making authority for this. It would also be fatal to delegate the topic of blockchain to the IT department alone. The business share of blockchain developments is significantly larger than the actual programming since blockchain always includes security and economic incentives. An external perspective can also help analyse the company from a different perspective.

Summary

The blockchain is a crucial technology and can play a role in many sectors in the future. This technology has the potential to disrupt existing business models and replace them with more efficient models. Blockchain has several advantages compared with conventional IT systems. For example, data stored in a blockchain cannot subsequently be manipulated. Due to the separation of information and network security, third-party participants can also use the blockchain without posing a security risk. Information security is ensured through the use of cryptography. As a result, there is no need for the sort of complex protection mechanisms (VPNs or firewalls) that are necessary for conventional IT systems. Data can only be read by parties who know the secret key for opening the message. It is therefore also essential for the security of the data that the owner of the data keeps the key secret. The blockchain is by no means limited to the implementation of digital currency. Instead, the technology brings together the cash, information and goods flow in a single system. This enables processes to be executed faster and more efficiently, which ultimately has a positive impact on the customer experience. Besides efficiency and new business models, blockchain solutions can enhance the security of IT systems. In practice, however, errors are often made when implementing blockchain applications. In many cases, such errors cannot be rectified by a simple update, but require additional development effort. For this reason, security should be ensured with the help of mathematical proof when blockchain solutions are implemented. In this context, all potential attack scenarios must be modelled and the required security level must be defined. Internal employees often do not have the experience and skills to develop bug-free blockchain solutions. The development of blockchain solutions should be managed by corporate management or the strategy department, as not only the IT department but all business units are affected by the changes brought about by blockchain technology.

Authors

Christian Flasshoff
Research assistent,
Frankfurt School Blockchain Center,
Frankfurt am Main

Michael Mertens
Chair of the Executive Board,
CryptoTec AG; Köln

Prof. Dr. Philipp Sandner
Head, Frankfurt School Blockchain Center,
Frankfurt am Main

Sebastian Stommel
Researcher, CryptoTec AG,
Köln

Footnotes:

  1. 1 Coindesk, Q4 2017 State of Blockchain, https://www.coindesk.com/research/state-blockchain-q4-2017, retrieved on 8 May 2018.
  2. 2 Coindesk, loc. cit. (footnote 1).
  3. 3 Backofen, We need a comprehensive immunization of society against cyberattacks, https://www.telekom.com/en/company/management-unplugged/details/eight-steps-to-cyber-immunity-for-enterprises-517446, retrieved on 8 May 2018.
  4. 4 Allianz Risk Barometer, Die 10 wichtigsten Geschäftsrisiken in Deutschland (The 10 most important business risks in Germany), https://www.allianz.com/v_1516057200000/media/press/photo/risk-barometer-2018/Allianz_Risk_Barometer_2018_Top_10_Business_Risks_Deutschland.jpg., retrieved on 8 May 2018.
  5. 5 Scherschel, Heise Online – NotPetya: Maersk erwartet bis zu 300 Millionen Dollar Verlust (NotPetya: Maersk expects a loss of up to USD 300 million), https://www.heise.de/newsticker/meldung/NotPetya-Maersk-erwartet-bis-zu-300-Millionen-Dollar-Verlust-3804688.html (only available in German), retrieved on 8 May 2018.
  6. 6 OWASP, Top 10 – 2017, The Ten Most Critical Web Application Security Risks, https://www.owasp.org/index.php/Top_10-2017_Top_10.
  7. 7 Virtual Private Network.
  8. 8 Hasso Plattner Institut, Bitcoin-Hype: HPI-Studie zum echten Innovationspotenzial der Blockchain (Bitcoin hype: HPI study of the true innovation potential of blockchain), https://hpi.de/en/news/jahrgaenge/2018/hpi-study-to-objectify-the-blockchain-and-bitcoin-debate.html retrieved on 8 May 2018.
  9. 9 Schröder, Friedrich-Alexander-Universität Erlangen-Nürnberg – FAU-Forscher warnen vor „verbranntem Geld“ bei verschiedenen Kryptowährungen (FAU researchers warn against “burnt money” in various cryptocurrencies), https://www.fau.eu/2018/04/19/news/research/attacks-detected-on-cryptocurrency/, retrieved on 8 May 2018.
  10. 10 Biederbeck, WIRED - Der DAO-Hack: Ein Blockchain-Krimi aus Sachsen (The DAO hack: A blockchain crime thriller from Saxony), https://www.wired.de/collection/business/wie-aus-dem-hack-des-blockchain-fonds-dao-ein-wirtschaftskrimi-wurde (only available in German), retrieved on 8 May 2018.
  11. 11 Quick Response (see Figure 3).
  12. 12 Radio frequency identification.
  13. 13 Penke, Gründerszene – Parity-Millionen in Kryptowährung wohl für immer verloren (It looks like Parity millions in cryptocurrency are lost for good), https://www.gruenderszene.de/fintech/parity-millionen-wallet-protokoll-999 (only available in German),retrieved on 8 May 2018.
  14. 14 AltcoinToday, Bitcoin and Ethereum vs Visa and Paypal – Transactions per second, https://altcointoday.com/bitcoin-ethereum-vs-visa-paypal-transactions-per-second/, retrieved on 8 May 2018.

Additional information

Hinweis

Did you find this article helpful?

We appreciate your feedback

Your feedback helps us to continuously improve the website and to keep it up to date. If you have any questions and would like us to contact you, please use our contact form. Please send any disclosures about actual or suspected violations of supervisory provisions to our contact point for whistleblowers.

We appreciate your feedback

* Mandatory field