We talked about security earlier in the components of blockchain section. Security is one of the important components in the blockchain architecture. Based on the implementation of blockchain – whether permissionless or permissioned, required security and consensus strategies are applied. In public blockchain, every node can participate in the network, while in the permissioned network you have some form of access control that only allows required nodes to participate in a transaction.
Every entity in the blockchain network must be bound to an identity. In a permissionless network, entities are typically restricted to users participating in the transaction, while in case of a permissioned network, the entities comprise of organization, nodes, users and anything that has a role to play in the blockchain network.
For a permissioned blockchain, Public Key Infrastructure (PKI) platform can be used where a trusted Certificate Authority (CA) can issue crypto credentials. The crypto credentials could take the form of certificates and keys. Private keys can be used for signing and public key for verification. It results in a trusted network where all the participants know who they are and their roots of trust. Now as the parties involved in the blockchain network might leverage their own crypto credentials, possibly setting up their own CA, it is essential that the blockchain implementation provides a plug-and-play service or a level of abstraction to effectively manage, verify and validate entities using different security mechanism across the network.
In short, the blockchain security should be equipped with five effective measures viz. authentication, access control, integrity, confidentiality, and non-repudiation.