Blockchain

Security
A Framework for Trust and Adoption

www.dutchblockchaincoalition.org
2 Dutch Blockchain Coalition
Authors:
Nicolas Castellon, CGI Nederland
Peter Cozijnsen, CGI Nederland
Tjerk van Goor, CGI Nederland

Graphic design by Dune Pebbler

Graphic design of infographic by Elene Pacuk, CGI Nederland

The authors would like to thank the following people for their input in
the different stages of defining this framework:
Pawel Szalachowski, Singapore University of Technology
Virgil Griffith, Ethereum Foundation
Sofie Berns, Berenschot
Tommy Koens, ING
Tey El-Rjula, Tykn
Idius Felix, Zorginstituut Nederland

We would also like to thank the partner organizations that have

contributed content and analysis to this framework:
TNO
Delft University of Technology
Pels Rijcken & Droogleever Fortuyn
LedgerLeopard
Amsterdam University of Applied Sciences
ECP | Platform voor de InformatieSamenleving

This whitepaper was funded by the Ministry of Justice and Security

for the Dutch Blockchain Coalition.

3
Executive Summary
With the current rise in popularity of blockchain, more organizations are beginning to consider this technology to
innovate their IT environments. With every new technology, security risks are amplified or diminished depending on its
characteristics. This whitepaper provides a framework on the major security considerations to consider when adopting
blockchain technologies. The framework was written to be used by decision makers in organizations that are planning to
adopt blockchain technology. The framework is meant to be a high-level practical guide of the top security concerns an
organization should consider when starting their own blockchain application or migrating a current application to this new
environment.

The following are the top 18 security risks to consider when adopting the technology:
1. Security of Smart Contracts
2. Forks
3. Crypto Algorithms
4. Cryptographic key management
5. Access Control
6. Scalability
7. Intrusion Detection
8. Targeted attach resistance
9. Data Propagation attach resistance
10. Operations & Communications security
11. System Acquisition, Development, and Maintenance
12. Asset management
13. Human resource security
14. Supplier relationships
15. Incident management
16. Organization of Information Security
17. Information Security Policies
18. External/Internal Compliance

The following are the top 6 security risks to consider when migrating a current application to this new environment:
1. Choosing the right blockchain
2. Special considerations for testing
3. Awareness and training
4. Contingency planning
5. Simplicity as a security measure
6. Privacy

These considerations will offer organizations a strong base upon which to adopt blockchain technology and do so in
a secure manner. With these 24 security recommendations, organizations can begin trusting this technology and find
innovative ways to use it in their IT environments.

4 Dutch Blockchain Coalition

Do you need Blockchain?
Does more than one Data records, once
Do you need a shared, Do all the contributors
Yes entity need to contribute Yes No written, are never Yes
consistent data store? trust each other?
data? deleted?

No? Consider: E-mail/Spreadsheets No? Consider: Database Yes? Consider: Database No? Consider: Database

Do you want a Sensitive identifiers WILL

You may have a useful Having issues with who
Yes temperproof log of all Yes Yes NOT be written to the
Blockchain use case controls the data?
writes to the data store? data store?

No? Consider: Managed Database No? Consider: Managed Database No? Consider: Database

Top The Blockchain Trilemma

Security Decentralisation

Considerations
Smart contracts
Risks lie in life cycle of contract. Since
code cannot be changed, through
testing of the functionality is required.
Scalability Security
Cryptography
In public blockchains, the
algorithm is pre-determined by
the creators of the blockchain and Remember to consider how
will rely on the community using decentralization and scalability affect
the chain. the security of the application.

In private blockchain: adequate

configuration, control of the
configuration, including the amount of
miners, the distribution, and the
appropriate hashing algorithm.

Privacy
It is highly advised to not have any personal user
data on the blockchain itself

It is important to be compliant with the General Data

Protection Regulation (GDPR).

Public VS Private
Commonly used are “Proof of Stake” and Consensus algorithm Agreed-upon with pre- defined rules. “Proof
“Proof of Work” of Authority” mostly used in Netherlands

Scalability
High number of nodes
Low

In general slow Performance In general high

transaction per second

Everybody is free to join

Participation in the Defined group of participants
network

Determined by the community Development Controlled by the participants

Privacy when using

Not recommended Generally not recommended. Implement
personal data high-levels of security if considered

Identity of the nodes

Anonymous or Pseudonymous Known identities
in the network

5
6 Dutch Blockchain Coalition
Contents
1. Introduction 8
2. Understanding the Technology 10
3. Do You Really Need a Blockchain? 16
4. Blockchain Security Framework 18
5. Risks when Migrating 28
6. Considerations for Privacy 32
7. Use-Cases 36
8. Endnotes 42

Abbreviations

2FA Two Factor Authentication

ABCI Application Blockchain Interface
CPU Computer Processing Unit
DLT Distributed Ledger Technology
DPA Data Protection Authority
GDPR General Data Protection Regulation
KYC Know Your Client
PIA Privacy Impact Assessment
PKI Public Key Infrastructure
PoA Proof of Authority
PoS Proof of Stake
PoW Proof of Work
OPSEC Operations Security
OWASP Open Web Application Security Project

7
1. Introduction

8 Dutch Blockchain Coalition

Introduction
This framework was developed in order to help
organizations understand the security risks that
come with blockchain technology. This framework
Blockchain has become a fast-rising technological was written for organizations that have made
trend. Though the origins of its popularity are the decision to adopt blockchain technology and
in cryptocurrencies, we are now starting to would like to be made aware of the security issues
appreciate this technology for the changes it to consider in this new environment. It is meant
can bring in our IT environments. Blockchain to be a high-level guide that should be used as a
technology provides some advantages that reference point for decision makers speaking to
are not available in conventional databases, IT suppliers, developers or integrators of this new
systems or applications. Blockchain offers the technology. Though the content of the framework
possibility to avoid a central authority, eliminates is meant for all organization sizes, we are aware
intermediaries, provides real-time settlement, that SMEs might not have the resources to have
reduces operational costs, and has high levels a team of researchers or experts dedicated to
of transparency. These are just some of the exploring the impact of blockchain technologies on
potential advantages that this new technology can the security of their organization. With this in mind,
contribute to our IT environments. we have aimed to produce a practical and tangible
list of recommendations to be considered. This
With every new technology, also come new framework will describe the current blockchain
perspectives to security risks. In this way, landscape, highlighting some of the major terms
blockchain technology is no different than and concepts in this field, it will present the major
any other modern technology- such as Cloud security issues to consider when adopting this new
computing or the Internet of things. All technology technology, and it will present case studies that
is vulnerable to security risks. highlighted the security concerns.

Identifying risks for new technologies entails It is important to note that blockchain technology
examining the technology and assessing how is in its infancy, and we are only beginning to
it can amplify or reduce certain risks. As more understand how its different characteristics can
organizations begin to consider blockchain be used to innovate and improve our IT systems.
technology as a possible solution to innovate This also means that we are only beginning to see
their IT infrastructure and applications, it is the security implications that come with this new
important to consider the security risks of this technology. We invite the reader to see blockchain
new environment. For blockchain, this will as another information technology, and we aim to
concern risks brought by its key characteristics. highlight the characteristics of this new technology
These characteristics are its distributed nature, that amplify or reduce certain security risks. No
its cryptographic seal, its immutability, and technology is 100% secure and this certainly also
its transparency to name a few. These new applies to blockchain. Understanding the security
characteristics are at the core to understand what risks is a first step in instating trust in blockchain
the security risks are for this new technology. and therefore stimulating its further adoption.

9
2. Understanding
the Technology

10 Dutch Blockchain Coalition

Understanding
2.2 New Perspectives to Security
Concerns

the Technology As previously stated, blockchain technology

presents a new perspective on security issues.
“Blockchain” is a term often used to describe Two considerable attributes of this technology
distributed ledger technologies (DLT). Though are it scalable and decentralized natures. These
distributed ledger technologies are not a new two characteristics of blockchain provide major
technology, the popularity of cryptocurrencies advantages for its use. These advantages
have revamped this technology into a new phase may also present strains on the security of the
we have started calling blockchain. As there are technology. The Blockchain Trilemma is a concept
various definitions and understandings of what this that exemplifies how the characteristics of this
technology is, we will be defining it for the purpose technology may pose a strain on its security. The
of having a common understanding when applying blockchain trilemma is a concept that explains
this framework. This section will discuss definitions how there is a tension between the scalability,
of the most commonly known attributes of the decentralization, and security of the technology.
technology, it will define and identify consensus Though this concept is not widely agreed upon,
mechanisms, explain the types of blockchain, and it will be used as an analogy to explain how the
illustrate how this would look in a corporate IT different unique characteristics of this technology
environment. have consequences on the security of the
application.
2.1 Defining the Technology
Decentralization: This is the attribute at the core
For the purposes of this framework, we have of blockchain and the main tenant upon which
defined blockchain technology as an immutable communities around this technology were built. Its
distributed ledger of cryptographically signed sets decentralized nature means there is no central body
of records or transactions that a number of parties that is in control of the information being handled.
want to continuously extend. These updates, or This means it is censorship-resistance and allows
sets of updates, are saved on the ledger in the for a nearly democratic participation of users in the
form of a “block”. Each of the new updates to ecosystem.
the ledger is linked to the preceding block and is
timestamped, establishing an order for the records. Scalability: This refers to the capability of a single
Blockchain technology makes use of two proprietary node on a blockchain network to handle a growing
characteristics - the use of validation rules and their amount of transactions per second and thus be
enforcement. Validation rules define the conditions enlarged to accommodate that growth. A node can
in which the records and blocks will be included in be considered scalable if it is capable of increasing
the blockchain and the enforcement of validation the total output under an increase in transactions
rules work in the way of an algorithm or protocol per second when it is scaled horizontally or
that enforces rules that have been entrusted by all vertically. Scalability can be done horizontally,
parties that contribute data to the blockchain. instantiating the same node again so two or more
nodes can handle the increased load. Scalability
can also be achieved vertically by adding more
resources such as additional memory or Computer
Processing Units (CPU) to the single node.

11
 of the most prominent consensus mechanisms
are known as Proof of Work (PoW) and Proof of
Stake (PoS). There are many other widely used
consensus mechanisms at the moment, including
Proof of Identity, Proof of Capacity, Proof of
Burn, and Proof of Authority (PoA). Consensus
mechanisms ensure that all transactions within
a block are agreed upon before adding a new
block. As part of this wider verification, blockchain
technology makes use of miners that create new
blocks and to verify these transactions, very much
Security: This attribute concerns the risks that in the same way we may hire an accountant to
particular blockchain technology is susceptible review financial information. Miners are selected in
to. In a general sense, the security concerns accordance with the chosen consensus mechanism,
the Confidentiality, Integrity, and Availability of and the miners who successfully respond will verify
the technology. For blockchain, confidentiality transactions and also create new blocks on the
means the authentication of the user or node on blockchain. Various consensus mechanisms will do
the chain; integrity means the data on the chain is this in different ways.
immutable and authentic, and availability means the
reliable use of the data stored and handled by the Proof of Work does this by letting miners solve
blockchain. encrypted puzzles. The first miner to solve the
encrypted puzzle will verify the transaction, create
The blockchain trilemma suggests that increasing a new block, and announces the solution to the
any two of these attributes will have a decrease entire network. In return for this work, the miner
on the third. Choosing to have a highly scalable gets a reward in the form of an amount of the
blockchain may mean the widening of the attack crypto-currency being transacted. Without the
surface, while decentralization means losing the reward system, miners would not be willing to
control and authority over data. Though these are solve the puzzles, so it is important to be aware of
presented as security risks, these characteristics the importance of the reward system. Hardware
may make a chain more secure, such as scalability to mine transactions is expensive and requires a
providing more resilience for the application and significant amount of electricity to power. This leads
decentralization spreads the risk of a single point to miners operating in consortiums known as Mining
of failure. Taking this dilemma into account, we Pools. These offer miners the opportunities to pool
encourage the user of blockchain technology to resources to mine a block, spread the risks, and
use the security of the blockchain as a parameter split the rewards.
to measure the attributes and characteristics of this
technology, especially when using data linked to Proof of Stake differs significantly from a proof of
personally identifiable information. work system. Instead of building blocks through
work output, the share or stake in a cryptocurrency
2.3 Consensus Mechanisms determines the creator of a block. In other words,
the bigger the share that a miner owns, the more
Blockchain technologies make use of consensus mining capabilities a miner will have. This allows a
mechanisms to achieve an agreement on a single miner to only mine a percentage of the transactions
data value without a centralized authority. Two that are similar to its own share.

12 Dutch Blockchain Coalition

 Public Private

Examples Bitcoin and Ethereum Hyperledger-Fabric and R3 Corda

Commonly used are Proof of Stake and Proof of Agreed upon with pre-defined rules. Proof of
Consensus algorithm
Work Authority mostly used in the Netherlands
Scalability of the network
Low High
(Txs/second)
Mostly Permissioned. A defined group of partic-
Participation in network Mostly Permissionless. Users are free to join
ipants

Development Determined by the community Controlled by a central party

Privacy when using Not recommended. Links to data through block-

Not recommended.
personal data chain is safe up to a certain degree.
Identity of the nodes in the
Anonymous or Pseudonymous Known identities
network

Table 1: Differences between public and private blockchains

invitation to join, subsequently either the network
2.4 Public, Private and Hybrid starter or a set of rules put in place, determine if
Blockchains someone is fit to join.

Blockchain technology can be explained in terms of Hybrid Blockchain: A hybrid blockchain, also
access to a transaction, defining public, private, and known as a consortium blockchain, uses attributes
hybrid blockchains, and can be defined by access of both private and public chains. It refers to a
to transaction processing creating the distinction closed environment in which various parties work
between permission and permissionless blockchain together in sharing data and transactions. Members
network. can also determine which transactions can remain
public and which have to be restricted to a smaller
Permissionless Blockchain: In permissionless group of members.
networks, any user is able to join and begin interac-
ting with the network, such as submitting transacti-
Table 1 provides a quick overview of the differences
ons, adding entries to the ledger, running nodes on
between public and private blockchain types and
the system, and verifying transactions.
their characteristics.
Permissioned Blockchain: In a permissioned
blockchain, the network owner decides who can join
the network and only a few members are allowed to 2.5 Blockchain in your corporate
verify blocks. network

Public Blockchain: A public blockchain has When considering blockchain for your IT processes
entirely an open read access and anyone can join and application, it is important to have an
and write in the network. Public blockchains often understanding of how the blockchain network will
work with Proof of Work consensus mechanisms to relate to IT systems already in place. Diagram 1
incentivize participation. exemplifies how multiple participants interact in
a blockchain network and connect to a central
Private Blockchain: A private blockchain often application.
is the opposite of a public blockchain and only
authorized participants have read access and can In case of a public blockchain, there will be several
write and join the network. Often this requires an participants, shown in diagram 1 as participants A

13
and B in the network that connects their system with be halted. When there is an off-chain database
a blockchain infrastructure through an Application used, there must also be a process in place to
Blockchain Interface (ABCI). In the case of the synchronize the blockchain with the off-chain
Bitcoin network, a user installs the Bitcoin wallet database on a regular basis.
software on their device, creating a transaction node Blockchain technology is praised for the fact
and mining node that will allow the user to transact that there is no need for a lead organization.
Bitcoins. Nevertheless, in practice, hybrid or private
blockchains often do have a lead organization. If
In case of a private blockchain or a hybrid an organization uses a private blockchain for the
blockchain, there can be a separate authority that distribution of information across its suppliers, it can
can host a central application for an optional off- optionally host a central application on which all
chain database. There is often an organization that other users will connect to its server and then on to
initiates the blockchain, and can therefore be seen the central application. In this setup, an organization
as the lead organization. This organization will also would then be able to store the data off-chain for
most likely be the host of the optional off-chain the case as described above concerning the backup
database. This optional off-chain database can be system. This authority may also host an optional
used as a backup system to verify data in relation mining node and a transaction node to contribute to
to data that is stored on the blockchain when the the blockchain infrastructure itself.
gateway to the blockchain is not available for a
moment in time and the business process cannot

Diagram 1: Example of private / hybrid blockchain infrastructure in corporate network

14 Dutch Blockchain Coalition

15
3. Do you
Really Need
a Blockchain?

16 Dutch Blockchain Coalition

Do you
a modern innovative way. As mentioned earlier,
this technology is not suitable for all use-cases.

Really Need a
In order to determine if blockchain technology is
ideal for the IT system or process in question, we

Blockchain?
suggest using the diagram bellow developed by
IEEE.2

Blockchain can be simply described to be the This diagram will walk the user through the
orchestration of three technologies- the internet, different considerations to take into account
private key cryptography and a protocol governing when wanting to adopt blockchain technology
incentives. This all results in a secure system for
1
more generally. These considerations include the
digital interaction without the need for a trusted satisfaction with using traditional databases, the
third party to facilitate digital relationships. In this number of participants that will contribute data, the
way, blockchain technology should be seen as level of trust among participants, and the level of
a consortium of current technologies applied in privacy and control needed over the data.

Diagram 2: IEEE

Blockchain Decision

Tree, 2017

17
4. Blockchain
Security
Framework

18 Dutch Blockchain Coalition

Blockchain
to challenge IT suppliers on how they implement
security controls for the applications that are

Security
requested. For a high-level overview of these
security controls, it is recommended to use

Framework
ISO/IEC 27001:2013 or NIST version 1.1 as a
baseline. This framework presents 14 security
considerations for secure blockchain applications,
Like all other technologies, blockchain faces a of which are divided into four categories:
number of security risks that are amplified and
minimized accordingly to its unique characteristics. Blockchain specific:
An example of this can be seen in blockchain’s This category will describe security issues that
consensus mechanism, where it both amplifies are most amplified by blockchain technology. The
and reduces different security risks. In terms of issues presented in this category are not unique
amplifying threats, consensus mechanisms may to blockchain technology but are amplified by the
make certain types of blockchains vulnerable to technologies characteristics. These will include
a 51% attack where an attacker can overpower smart contracts, forks, cryptographic algorithms,
the network and effectively monopolize and and cryptographic key management.
control the application. By controlling the
network, attackers would be able to prevent new Network and Infrastructure:
transactions from gaining confirmations, allowing This category will describe how blockchain
them to halt payments between some or all users. should be considered for operations and the
They would also be able to reverse transactions general IT infrastructure of an organization.
that were completed while they were in control of These considerations will consist of access
the network, meaning they could double-spend control, scalability, intrusion detection, targeted
cryptocurrencies. In terms of minimizing security attack resistance, and data propagation attack
risks, this attribute ensured that altering data on resistance.
a chain is significantly more difficult as the data
has been encrypted and cross-checked by other Operational and Organizational:
peers in the network. There are several more This category will highlight security issues
examples of this sort, where blockchains specific that affect an organization at an operational
characteristics can reduce and at the same time and organizational level. These security
increase security risks. For this reason, it is considerations are not unique to blockchain,
recommended to assess this technology with a but must not be forgotten when implementing
minimum set of security controls. or adopting this technology. These include
operations and communications security, system
This minimum set of controls take care of acquisition, development and maintenance, asset
common security risks ranging from operational management, human resource security, and
such as access control and secure system supplier relationships.
development, to strategic such as security policies
for your organization. If an organization is not Management-level:
developing or maintaining information systems, This category will highlight considerations for an
it is recommended to have a basic level of organization’s management level. They are also
understanding of what are common security good not unique to this technology but are crucial for
practices. This understanding allows organizations establishing a culture of secure development,

19
 Public Private

Blockchain Specific
1 Security of Smart Contracts + +

2 Forks - +

3 Crypto Algorithms - +

4 Crypto key management + +

Network and Infrastructure

5 Access control - +

6 Scalability - +

7 Intrusion Detection - +

8 Targeted attack resistance - +

9 Data Propagation attack resistance - +

Operational and Organizational

10 Operations & Communications Security - +

11 System Acquisition, Dev and Maintenance + +

12 Asset Management + +

13 Human Resource security + +

14 Supplier Relationships - +

15 Incident Management - +

Management Level
16 Organization of InfoSec - +

17 Information Security Policies + +

18 External/Internal Compliance + +

implementation, and operation of this technology. 4.1 Blockchain Specific:

These include organization of information security,
information security policies, and external and 1) Security of Smart contracts
internal compliance. A smart contract is a computer program that
acts as an agreement where the terms of the
The table above gives an overview of the level of arrangement can be preprogrammed with the
influence an organization can have in mitigating ability to self-execute and self-enforce itself. Smart
the security considerations listed below. contracts are available on both public and private
blockchains. The main goal of a smart contract
is to provide a superior system for contractual

20 Dutch Blockchain Coalition

agreements solely based on computer code as Verification and testing are especially important
a set of instructions, possibly complementing or in smart contract development and should be an
substituting current legal contracts. integral part of the analysis and design steps.
These practices may be perceived as contrary to
A good example to illustrate what smart contracts traditional development life-cycles that may only
do can be seen in the mortgage industry. Smart follow implementation requirements.
contracts can automate mortgage contracts by
automatically connecting the parties, providing for If developers do not have much experience
a frictionless and less error-prone process. Smart in working with smart contracts, it may be
contracts can automatically process payments recommendable to build in functionality that is
and release liens from land records when the loan only accessible by an authorized party, possibly
is paid. They can also improve record visibility a third party to those getting into the agreement.
for all parties and facilitate payment tracking This functionality would only be intended to be
and verification. They reduce errors and costs used in the case that an intervention is necessary.
associated with manual processes. Digital identity,
in this case, is a key requirement. The level of influence an organization can have in
mitigating the smart contracts security considerations
From the security point of view, this model has for public and private blockchains are:
many important security risks to consider. First of
Public Private
all, the development life cycle of smart contracts is
significantly different from the traditional software Smart Contracts + +

development life cycle, where testing, integration,

and maintenance are repeatable. Since a smart 2) Forks
contract’s code is unchangeable after being At its most basic definition, a fork is what occurs
appended to a blockchain, developers have to when a blockchain diverges into two potential
implement specific functionality if they wish to paths forward. This occurs either with the
modify the behavior of their contracts later on. In network’s transaction history or a new rule in
that context, the development life cycle of smart deciding what makes a transaction valid. Forks
contracts is much different from standard software can be distinguished into hard and soft forks.
that can be patched and fixed throughout its entire
support-life. Hard Forks: A hard fork is a permanent
divergence from the previous version of a
Incidents with smart contracts occur when a smart blockchain in which a new set of consensus
contract does not work the way it was intended. rules are introduced into the network that is

Blocks from
nonupgraded Follows Follows Follows Follows
nodes old rules old rules old rules old rules

Blocks from
Follows Follows Follows Follows
upgraded
new rules new rules new rules new rules
nodes

A Hard Fork: Non-upgraded nodes reject the new rules, diverging the chain

Diagram 3: Investopedia description of Hard Forks.

21
 Blocks from
nonupgraded Follows Follows Follows old rules but Follows
nodes old rules old rules violates new rules old rules

Blocks from
Follows old Follows old
upgraded
& new rules & new rules
nodes

A Soft Fork: Blocks violating new rules are made stale by the upgraded mining majority

Diagram 4: Investopedia description of Soft Forks.

not compatible with the older network. In other newer blockchain gaining recognition as the ‘true’
words, a hard fork can be thought of as a software blockchain.
upgrade that is not compatible with previous
versions of the software. All network participants When two or more miners find blocks at nearly the
are required to upgrade to the latest version of same time, the blockchain temporarily diverges
the software in order to continue verifying and into two chains, which can also be seen as a soft
validating new blocks of transactions. Under a fork. This ambiguity is resolved when subsequent
hard fork, blocks that are confirmed by nodes blocks are added to one, making it the longest
that are not yet upgraded to the latest version chain, while the other block gets “orphaned”, or
of the protocol software will be invalid. Nodes abandoned, by the network.
running the previous version of the software will
have to follow the new set of consensus rules An example of a soft fork would be the
in order for their blocks to be valid on the forked implementation of a new consensus rule changing
network. In the event of a hard fork, if there is still the network block size from 1MB to 500KB.
mining support for the minority chain, then two Nodes that have not upgraded will continue to see
blockchains can continue to exist simultaneously. incoming transactions as valid, as these nodes
follow the old set of consensus rules as well as
Soft Forks: A soft fork is a backward compatible the new (500KB is less than 1MB). Mining nodes
method of upgrading a blockchain. In other words, that have not upgraded to the new consensus rule
a soft fork is software upgrade that is backward and attempt to mine new blocks will have these
compatible with previous versions of the software. blocks rejected, as it does not conform to the new
Soft forks do not require nodes on the network set of consensus rules (block sizes of 500KB).
to upgrade to maintain consensus, because all Thus, the blockchain with 1MB sized blocks is
blocks on the soft-forked blockchain follow the likely to fall into disuse as miners enforce the new
old set of consensus rules as well as the new consensus rule of 500KB.
ones. Blocks produced by nodes conforming to
the old set of consensus rules may violate the Forks can lead to the following risks:
new set of consensus rules, and as a result, will When a soft fork is supported by only a minority
likely be made stale by the upgrading mining of the nodes in the network, it could become
majority. For a soft fork to work, a majority of the shortest chain and consequently become
miners need to recognize and enforce the new orphaned by the network.
set of consensus rules. If this majority is reached,
then the older network will fall into disuse, with the In the case of a hard fork, the chain can be split

22 Dutch Blockchain Coalition

 off and create two separate chains. This may be taking over the majority before the algorithm is
acceptable for cryptocurrencies, but this may be changed.
become unwanted in business processes as it The desired distribution of miners.
may cause fragmentation or loss of control.
Processing power of a hash-function to provide a
Hard forks are also susceptible to political sufficient level of protection.
impasses, caused when a portion of the
community decides to not abide by new Monitoring of the used algorithms and take action
rules, and decide to keep implementing older when one is broken.
consensus rules.
Make sure controls are in place in the case at the
When forks are unmanaged, the risk of attacks blockchain technology provider.
could involve inconsistency of data stored in the
ledger. The level of influence an organization can have
in mitigating the crypto algorithms security
All major issues with forks occur mostly in public considerations for public and private blockchains are:
blockchains. For this reason, it is important to
Public Private
take this into consideration when considering a
public or private type of blockchain. The level of Crypto algorithms - +

influence an organization can have in mitigating

the forks security considerations for public and 4) Cryptographic key management
private blockchains are: Blockchain technology, whether it be in a private
or public chain, makes use of public and private
Public Private
keys. A private key can represent a natural person
Forks - + or an organization and is used to sign a transaction
on the blockchain. The following example of
3) Cryptographic algorithms transferring cryptocurrency explains the use of
One of the basic elements of blockchain public and private keys.
technology is the use of cryptographic algorithms
and protocols. When a cryptographic algorithm When a user sends cryptocurrencies over the
is broken, the blockchain cannot be continued blockchain, they are actually sending a hashed
and therefore will be stopped. Although it is very version of what is known as the “Public Key”. The
difficult to break a cryptographic algorithm, it other key, which is only known by the individual
has been done in the past and certainly will be user, is known as the “Private Key.” When
done in the future, especially as computer power receiving the currencies, the recipient will “unlock”
keeps getting exponentially higher. For public the sender’s Private Key by using the known
blockchains, it is nearly impossible to influence this public key. This way the recipient can verify the
matter, as one must rely on the wider community. authenticity of the transaction.
In the case of private blockchains, it is possible to
be in control of the following aspects: For an organization considering adopting
blockchain, it is essential to have a process
Proper configuration, including attributes such as in place for key management, addressing
the number of miners to prevent attackers from concerns such as what to do if private key gets

23
compromised or lost. It is important to note that applications and information of the organization.
blockchain technology is not similar to Public Key Special thought is needed for the joiners and
Infrastructure Architecture (PKI) where a private leavers of the organization. Withdrawing access
key can be easily replaced. In PKI architectures, an rights of people leaving the organization is
old key can be placed on a Certificate Revocation essential.
List. In blockchain architecture, this process of
revoking keys is not possible. When a private key The implementation of access control allows
used for accessing cryptocurrencies is lost, the an organization to mitigate unauthorized use of
cryptocurrency may often also be considered lost. applications or information.

The level of influence an organization can have The level of influence an organization can have in
in mitigating the crypto key management security mitigating access control security considerations
considerations for public and private blockchains are: for public and private blockchains are:

Public Private Public Private

Crypto key management + + Access control - +

4.2 
Infrastructure and Network 6) Scalability
The nodes in the blockchain network need to
5) Access control be scalable. If an application of the blockchain
Using private blockchain allows for the regulation network generates more transaction then was
of different types of permissions, such as how foreseen, the nodes in the network must have
to add a node to the blockchain network, and the availability to easily scale up their computing
what kind of transactions can neb performed on power. This should be done to prevent the
the network and by which users. In regards to blockchain network to become very slow, or even
access controls, the following aspects should be come to a halt. When using a private blockchain,
considered: this can be achieved by making contractual
agreements with the participants of the private
The assigning of authentication and authorities to blockchain and a constantly monitor the nodes
employees that need access to a node or nodes in the network. When using a public blockchain,
on the blockchain network. one must rely on trusting the wider community.
The level of influence an organization can have in
Implementation of separation of duties. An mitigating scalability security considerations for
organization should have several levels of public and private blockchains are:
authorization, based on the different roles that
Public Private
need to be in place. It is not advised for every
employee to have all possible authorizations. Scalability - +

Authorizations must be regularly reviewed, at 7) Intrusion Detection

least with a minimum of once a month, and In public and private blockchains, intrusions
withdrawn from users when applicable. can lead to unauthorized modification of data or
Controls need to be in place to prevent the disruption of a service. The main functionality
access of non-authorized users or system-to- of blockchain technology is in guaranteeing
system connections that request access to data consistency across all involved nodes

24 Dutch Blockchain Coalition

and consequently guaranteeing that such data in mitigating data propagation attack resistance
is protected from unauthorized modification. If security considerations for public and private
unauthorized modification happens, it would lead blockchains are:
to loss of reliability and consistency of data across
Public Private
involved nodes, and therefore loss of immutability
Data Propagation attack
and loss of trust. The level of influence an - +
resistance
organization can have in mitigating intrusion
detection security considerations for public and 4.3 
Operational and Organizational
private blockchains are:
10) Operations & communications security
Public Private
Operations Security (OPSEC) is a process that
Intrusion Detection - + classifies information assets (see control 8 on asset
management) and determines the controls that
8) Targeted attack resistance are required to protect those assets. According to
For blockchain technology, this form of attack is research done by TNO on security aspects of the
called a 51% attack. This form of attack refers to blockchain, the majority of incidents investigated
an attack on a blockchain network by a group of indicate a lack of OPSEC measures in about 66%
miners controlling more than 50% of the network’s of the cases.3 To prevent OPSEC type of incidents,
mining hash-power. The attackers would then be standard cybersecurity solutions are available. The
able to prevent new transactions from gaining investigated incidents are mainly found in public
confirmations, allowing them to halt payments blockchains, with a few cases found in private
or other transactions between some or all users. blockchains. It is therefore important to note that
They would also be able to reverse transactions OPSEC issues are easier to oversee and mitigate
that were completed while they were in control of in private blockchains. The level of influence an
the network, meaning they could double-spend organization can have in mitigating operations &
cryptocurrencies. 51% attacks are mainly an issue communications security considerations for public
for public blockchains as the nodes are accessible and private blockchains are:
to everyone. In the case of private blockchains, this
Public Private
is less of a risk as they run on controlled networks,
Operations &
and may also be run on private networks. The level - +
Communications Security
of influence an organization can have in mitigating
targeted attack resistance security considerations 11) System acquisition, development, and
for public and private blockchains are: maintenance
This aspect of information security controls can
Public Private
be brief. Security by design must be common
Targeted attack resistance - + practice. Either if the organization develops
and maintains the IT facilities itself, or if it is
9) Data propagation attack resistance outsourced to an outsourcing partner. Detecting
Using the same 51% attack described in the vulnerabilities in a timely matter can be done by
previous point, malicious users try to stall the implementing security by design at all stages,
distribution of the transactions among the nodes to from the first development until maintenance.
reach consensus. With that, the blockchain does Organizations must ensure that the blockchain
not function and it would lead to a loss of reliability. specific security risks are addressed in the design,
The level of influence an organization can have whether it is developed in-house or outsourced to

25
a contractor. The level of influence an organization may provide an advantage to a party in the contract
can have in mitigating system acquisition, dev and (see section 4.13 for smart contracts). The level
maintenance security considerations for public and of influence an organization can have in mitigating
private blockchains are: human resource security considerations for public
and private blockchains are:
Public Private
System Acquisition, Public Private
+ +
Dev and Maintenancet
Human Resource security - +

12) Asset management

All organizations should have a clear overview 14) Supplier relationships
of its crucial assets, material and in terms of An organization’s security policy and security
the information it collects and processes. For controls should also be implemented by its
information used by the organization, it is important suppliers. This is especially true when personally
to enforce classification levels on that information. identifiable data is involved. It is encouraged for
By classifying the information, the risk of sharing organizations to request suppliers to present proof
information with others who have do not have on how they handle information security.
access rights can be mitigated. Classifying the The different security controls of this chapter can
information can help an organization to determine be used as a starting point to question suppliers or
what type of blockchain can be used and what outsourcing partners involved in the development
information to publish on the blockchain. For and maintenance of blockchain application on both
example, classifying information as “confidential” public and private blockchains. Take into account
might be a good deterrent from choosing a public that when a supplier is using a public blockchain,
blockchain, and thus provide a better argument for it is not always clear where responsibility resides.
using a private blockchain. The level of influence It is therefore advised to use a private blockchain
an organization can have in mitigating asset as a starting architecture as it is possible to define
management security considerations for public and responsibilities with external partners. The level
private blockchains are: of influence an organization can have in mitigating
supplier relationships security considerations for
Public Private
public and private blockchains are:
Asset Management + +
Public Private

13) Human resource security Supplier Relationships - +

The most important part of human resource security

is the screening of an organization’s staff and 15) Incident management
the continuous process of training and creating When it comes to security incidents, it is important
awareness of security risks to information. This to take immediate action. It is also important to be
security control should be seen as an entry point to able to identify them appropriately as security inci-
establish a secure foundation in the organization. dents. This means that staff should be trained and
Employee screenings are an important process when informed about guidelines that allow them to identify
developing smart contracts, as their development security incidents. This includes knowledge on how
relies on security and privacy by design. Once a to react and how to report on a security incident.
smart contract has been written, it is unchangeable This security control is a general good practice for
and therefore cannot be fixed retroactively. Smart your information systems. For blockchain environ-
contracts are also susceptible to back-doors that ments, this would mean to report security incidents

26 Dutch Blockchain Coalition

as soon as they happen. This is a good safeguard to show they value information security and therefore
prevent escalations of incidents and may be a good promote its awareness among employees. Without
way to detect information breaches that may need needing to specify the type of blockchain being
to be reported to a data protection officer. The level considered, it is important that information security
of influence an organization can have in mitigating policies be updated for the use of blockchain
incident management security considerations for technology. The level of influence an organization
public and private blockchains are: can have in mitigating information security policies
security considerations for public and private
Public Private
blockchains are:
Incident management - +
Public Private
Information Security
4.4 
Management Level + +
Policies

16) Organization of information security 18) External and Internal Compliance

Organization need to have an effective governance Information security should be compliant internally
structure detailing how information security ma- to company policies, and externally to legal and
nagement is organized, what are the roles in the industry requirements. This being said, information
organization, and who is the end-responsible for security needs continuous attention and a certain
security affairs. Knowing the security organization level of control. An example of this can be seen
entails knowing who the Chief Information Secu- in carrying out regular audits to ensure that
rity Officer (CISO) is, and who is responsible to policies and procedures are respected within an
determine if applications meet the desired security organization. One of these such audits can be
levels. An effective governance structure will help in the form of a Privacy Impact Analysis (PIA) to
the organization to implement a “Plan, Do, Check make sure that the implementation of blockchain
and Act” cycle to measure the effectiveness of technology will lead to compliance for the
information security. It is important to consult any organization.
security risks concerns regarding the adoption of
blockchain technology with the person responsible When an organization subcontracts their blockchain
for security in an organization, especially when activities to an outsourcing partner, the “right to audit”
considering to use a private or public blockchain. that partner should be part of the contract. But, even
The level of influence an organization can have in when this is part of the contract, audits can only be
the organization of information security considerati- done upon a certain level. When the partner is using
ons for public and private blockchains are: a public blockchain, the audit cannot be done on
that part of the solution. The level of influence an
Public Private
organization can have in mitigating external/internal
Organization of InfoSec - + compliance security considerations for public and
private blockchains are:
17) Information security policies
Public Private
A document that describes how the organization
External/Internal
protects their information, their ITS assets, + +
Compliance
and how to be compliant to existing laws and
regulations. A document that is shared with all
employees of the organization and can be shared
with suppliers. In this way, an organization can

27
5. Risks when
Migrating

28 Dutch Blockchain Coalition

Risks when
be released. With blockchain technology, this
is not possible. Once a chain is started, there is

Migrating
no possibility to test the code further to weave
out bugs. In the case of private chains, it is
conceivable that a central authority tests the chain
Migrating an application or process to a and periodically moves over to a newer version,
blockchain architecture will require an additional consolidating all previous transaction in the new
list of topics to be considered. Though this new chain.
technology has attributes that make it different
than other architectures, it should be assessed Application testing should be considered one of
like any other technology. The following is a the most important considerations when migrating
list of comprehensive operational security risk a process to a blockchain architecture. It is a good
considerations. It is important to note that the organizational practice for organizations to have
considerations have been formulated under the testing procedures and methodologies in place.
assumption that organizations will be adopting In order to enhance the security of the testing, it
a blockchain technology and not developing a is highly recommended for organizations to use
proprietary chain. frameworks such as the Open Web Application
Security Project (OWASP) to make sure all
5.1 
Choosing the right blockchain industry standards are considered and covered.
Organizations have less control over the entire
As previously described in chapter 2 of this infrastructure when they use public blockchain,
framework, there are different sorts of blockchain and testing might become difficult. In that case, it’s
and different consensus mechanisms to consider. recommended to implement extra monitoring and
When an organization is engaging with blockchain control on business processes. This can be done
for the first time, it is highly recommended to start to ensure that abnormal behaviors are detected in
with a private blockchain. In private blockchains,
4
time.
the organization has full control of the architecture,
nodes, and access to the blockchain. This type of For one of the uses cases in chapter 7, load-
blockchain is recommended so that in the case testing was executed to test the boundaries of the
of a security breach, the organization can still architecture. For two other uses cases, external
have an overview of everything under control, and expertise was brought in to review and audit.
quickly identify the origin of the breach. Asides
from the Grain Initial Coin Offering, all other uses 5.3 
Awareness and Training
cases described in chapter 7 are implemented on
a permissioned blockchain. Security training is critical for any user. While
there are some security capabilities inherent in
5.2 
Special considerations for testing blockchain technologies, it is important to have
a training plan to ensure users understand what
Testing is an essential part of ensuring the they are permitted to do with the solution. A
reliability and security of an application. In non- training plan likely exists for most environments;
blockchain technology environments, it is a while users may not know that they are using a
normal practice to carry out further testing while solution that runs on the blockchain, the security
the application is in production environment. This training plan may need to be updated to include
means bugs can be fixed and a new version can unique aspects of the blockchain implementation.

29
Organizations should consider whether there is
any training in place to educate system owners Organizations considering to use blockchain
and users on blockchain technology and the to process attributes of personally identifiable
security risks that come with it. information must ensure to have a mature level
of information security. It is highly recommended
5.4 
Contingency planning for organizations to not keep any personally
identifiable information on a blockchain, whether
Organizations should develop a contingency plan it be public or private. For private blockchains,
for information systems that meet the following storing the personal information off-chain and
criteria: using the blockchain to reference the data is
conceivable under certain circumstances. There
Systems that identify essential missions and are three main privacy considerations to take into
business functions and associated contingency account when moving a process to a blockchain
requirements. environment:

Provide recovery objectives, restoration Inform the users of how their data will be
priorities, and metrics. processed and by what organization if a new
supplier has been sought.
Address contingency roles, responsibilities,
assigned individuals with contact information. Inform users of how their rights will be
considered in regards to the right to erasure,
Address maintaining essential missions and right to be forgotten, and right to correct their
business functions despite an information data.
system disruption, compromise, or failure.
Use the most modern and applicable
Address eventual, full information system cryptographic technology to secure the user’s
restoration without deterioration of the security data attributes.
safeguards originally planned and implemented.
For all uses cases described in chapter 7, privacy
5.5 
Simplicity as a security measure was an important security consideration. These
were implemented in the form of hashes for
When smart contracts are used, create guidelines documents or encrypted external file storage
that will help the developers keep the smart connected to the blockchain application. The
contracts as simple as possible. This will prevent next chapter will elaborate further on privacy
security breaches that may result from too implications related to the General Data Protection
much complexity in the code of smart contracts. Regulation.
Organizations should be sure to have a review
process in place, starting with peer-reviews.

For two uses cases described in chapter 7,

external expertise was brought in to review the
blockchain code and perform audits.
5.6 
Privacy

30 Dutch Blockchain Coalition

31
6. Considerations
for Privacy

32 Dutch Blockchain Coalition

Considerations
personal data on behalf of the controller.7 The
processing of personal data within a blockchain

for Privacy
presumes that there is no hierarchical relationship
between the participants. Each participant is
therefore equal and able to contribute and make
It is a current trend for privacy concerns in Europe use of the date as seen fit.8 If there are other
to be automatically linked to the General Data agreements in place, this could prove to be the
Protection Regulation (GDPR), which became exception.
directly applicable in all member states on 25
May 2018. Given its importance, we will focus For blockchain applications, a controller can
on illustrating the applicability of the GDPR, be defined as the participants of a blockchain
understanding the roles of Data Processor and who have the right to write on the chain and who
Data Controllers in this context, and the risks to decide to send data for validation by the miners.9
personal data.5 This chapter will take a closer More specifically, a controller can be more closely
look at the roles of the data processor and data defined as a participant that is seen as a natural
controller, the preferred type of blockchain in person that processes personal data related to
terms of privacy, the rights of the data subjects in a professional or commercial activity or when
the context of a blockchain application, and will a participant is a legal person that registers
discuss hashes in the context of the GDPR. personal data in a blockchain.10 In other words,
the participants that define the purpose and
The GDPR poses serious challenges for means of processing are the controllers, thus
organizations that have to comply in order excluding miners from being a controller. The
to avoid fines. Blockchain technology is not controller has different obligations under the
exempted from this obligation if personal or GDPR, such as reporting a data leak. If a group
pseudonymous data is involved in the process. of participants decides to carry out processing
One has to be aware of the fact that the GDPR operations with a common purpose, this would
still causes uncertainty about the interpretation lead to practical issues with regard to governing
of certain articles in it. Organizations face the these responsibilities. This should be addressed
same challenges with blockchain applications. in various ways. One way to do this is by
When considering blockchain technologies, it is identifying one participant as the decision maker
important to consider the relationship between by reaching an agreement on how to govern as
controller and processor and the user’s rights. joint controllers. Another way to achieve this is
by creating a legal persona such as an economic
6.1 Controller vs. Processor interest group or association.11 This issue can
likely be solved within a blockchain that is
The first main concern lies in defining the roles governed by one or a few parties.
of controller and processor for the blockchain
application. In the GDPR the controller is defined If parties that do not necessarily exchange
as the natural or legal person, public authority, personal data, but are contributing as nodes to
agency or other body which, alone or jointly with the blockchain network, it can be assumed that
others, determines the purposes and means of the these parties can be considered processors.12 In
processing of personal data.6 The processor can other words, one could say that all the nodes that
be defined as the natural or legal person, public are not specifically defined as being controllers
authority, agency or other body which processes could be considered processors since they all

33
contribute as a node to the processing, creation, at the core of the GDPR and present the biggest
and maintenance of the data on the chain. concerns as there are no exemptions to their
Consequently, all the controllers have to enter into compliance.
a processing contract with the processors. In a
small private blockchain this is quite manageable, Right to Erasure
yet in a larger private or public blockchains, this is The right to erasure is the first data subject right
a more complicated matter. Organizations should that becomes complicated when approaching
be aware that there is no legal precedence on blockchain applications. It is an inherent feature
this matter, thus European case law could lead to of blockchain applications to ensure that data
different interpretations. For this same reason, it is cannot or should not be deleted. In a way, this
currently unclear what the definition of processors undermines the actual purpose of a blockchain
could mean for public blockchains and what solution, making it impossible to adhere to the
legal obligations controllers have with regard to right of erasure. In a private blockchain, it is
processors. possible to make arrangements with participating
organizations to make erasure technically
From a privacy perspective, permissioned and feasible, yet again undermining the characteristics
private blockchain applications are the safe choice of blockchain. For the right to erasure, an
for organizations wanting to adopt this technology. organization should try to delete as much as
These two types of blockchain make it easier to possible and take proper steps to mitigate risks
identify controllers and processors. In return, this for the data subject as much as possible, within
makes the governance of legal obligations for the boundaries of blockchain. Consequently, for
controllers and processors more manageable, blockchain solutions that are programmed to
as well as taking care of the contractual not enable removal, this means that they should
obligations between controllers and processors. pursue this. This can be done by encrypting the
It is very difficult to identify all the controllers personal data, deleting the original data, and
and processors in a public blockchain, making it throw away the key. A log file that the data is
questionable if it is legally possible to adhere to actually encrypted can be added to provide proof.
the GDPR when using a public blockchain. Assuming that an advanced form of encryption
is being used and thus deemed most adequately
6.2 Data Subject Rights secure, this could be a reasonable solution for the
right to erasure.14 Nonetheless, taking the inherent
An important component of the GDPR concerns features of blockchain into account, it is not
the data subject rights. A data subject has six recommended to store personal data in plain-text
different rights under the GDPR: the right of on a blockchain.
access and rectification, the right of erasure,
the right to restrict processing, the right of data Right to Rectification
portability, the right to object, and the right to not The right to rectification also poses a problem
be subject to automated processing. 13
with regard to blockchain applications. Similar to
the right to erasure, this undermines the whole
We will be focusing on three of these rights idea of blockchain. This leads to the question of
and how they present challenges to the use of how you can do this if you want to completely
blockchain technology. These three rights are the rectify the information without keeping the original
right to erasure, the right to rectification, and the faulty information. In other words, blockchain
right to limit processing. Data subject rights are applications usually will allow rectification, yet the

34 Dutch Blockchain Coalition

faulty information will also remain on the chain. Thirdly, organizations often store the hashes with
In order to solve this, the same reasoning can other additional information. The combination of
be used as discussed in the previous paragraph those two could make it possible to link a person
on the right to erasure. A new log file can show to a hash. Two of the three mentioned factors
that the data is rectified, while the old incorrect can be limited by fully separating the hash from
information is encrypted and the key is thrown the source information and other additional
away. information, which is a measure that is mentioned
before when discussing the data subject rights.
Right to limit processing
In order to limit the processing of personal data 6.4 Compliance Beyond the GDPR
on a blockchain application, it is necessary to
identify how the access rights are arranged. To All in all, this section highlights some specific
limit processing, the access to personal data issues to be taken into account when discussing
should be restrained by denying some nodes in personal data processed on a blockchain
the blockchain network access to that information. application. Besides GDPR compliance, there
In return, this can limit controllers and processors are also other legal considerations that should
to adhere to the right to erasure. Henceforth, there be taken into consideration when working with a
should also be agreements on this matter in case blockchain application in general. A whitepaper
of the limitation of processing. This also seems from Pels Rijcken & Droogleever highlights a
to contradict the fact that a blockchain solution few of these legal considerations, such as how
should be decentralized since this construction to define the applicable national law for an
can be considered as a centralized solution. This international blockchain, how to define legally
is only manageable when a private blockchain is the ownership of a blockchain, legal issues with
used in which a single party has control over the regard to identity within a blockchain – which
majority of the nodes or when a few parties can especially applies to public blockchains, legal
come to a set of predefined rules on this matter. issues with regard to smart contracts, and legal
This may be very difficult to adhere to when using issues concerning the monitoring of blockchains.16
a public blockchain solution. It is sensible to delve into this matters, to make
sure that a blockchain adheres to certain legal
6.3 Regarding Hashes and obligations. In addition, it is crucial to always take
Personal Data specific legislation into account, which is already
applicable to the sector in which the blockchain
It is worth mentioning that at this moment, a hash will be used.17 Taking these considerations into
is considered to be personal data. The Dutch DPA account will bring organizations one step closer
provides three important reasons why a hash is to adhere to its legal obligations when using a
considered as personal data. Firstly, because the
15
blockchain application.
source data is often still available and the hash is
then used in combination with a linking table; this
leads to pseudonymization and not anonymization
of the data. Secondly, it is theoretically feasible
that hash values can be reproduced using a
brute-force attack. Although it is rather difficult to
brute-force a hash value back to the original data,
this notion postulates that is technically possible.

35
7. Use-cases

36 Dutch Blockchain Coalition

Use-cases
This blockchain architecture consists of a
permissioned Ethereum blockchain using Proof of
Authority The nodes are operated by the following
organizations:
This section will exemplify various cases of
security considerations in real blockchain Healthcare providers
use cases. These use cases span across the Insurance company
healthcare sector, real estate, and financial National Healthcare Institute
sectors. Every use-case will describe the use for LedgerLeopard
blockchain, the organizations participating as
nodes, and the security considerations for every Security Implications
case. Handling the data of mothers, babies, healthcare
providers, and an insurance company presents
7.1 “Mijn zorg log”: Blockchain baby a lot of risk and room for potential breaches.
The following security implications need to be
Market: Healthcare considered for a blockchain use case such as this
The maternity care blockchain system “Mijn one:
zorg log” was developed to connect clients,
parents, maternity care providers, and insurance Compliance and adherence to the GDPR
companies. This supply chain benefits from (sections 4.3, 4.4 and 7 of the framework).
the optimization and trust that the blockchain
technology brings. This project was started Place security measures to secure personally
by healthcare insurance company VGZ, and identifiable information on the chain or linked
the National Healthcare Institute (Zorginstituut to the chain (sections 4.3, 4.4 and 7 of the
Nederland), in partnership with the maternity care framework).
organizations Liemerscare, Kraamzorg Zuid-
Gelderland, and Kraamzorg VDA. Carry out load-testing to determine the
borders of the defined system (section 6 of the
In February 2018, the first “blockchain baby” was framework).
born. On this blockchain application, maternity
care workers and young mothers keep a record For this use-case, the development company
of the number of maternity care hours provided was assisted by an external company to perform
on Mijn Zorg Log using their smartphones. security audits on the blockchain architecture.
This means that the hours of care provided are This is also recommended for organizations
recorded and can be viewed directly by the considering their first blockchain application.
various parties involved. Mothers have the choice
to decide which parties have access to their data. 7.2 Microbiome center Nederland
They will also have real-time information at their
disposal regarding how many hours of maternity Market: Healthcare
care are left in their budget. This application The microbiome center blockchain system
created efficiency for all user involved as very little was implemented to connect and optimize the
auditing and checks will need to be performed microbiome supply chain. This microbiome supply
after the service has been provided. chain consists of the following parties:

37
 Patients Only use hashes and pointers in transactions
Doctors (section 4.3 of the framework).
Laboratories
Pharmacies Authentication/Authorization (2FA) handled
Personal healthcare environments by Microsoft Azure B2C (section 4.2 of the
framework).
In the process, a patient visits the doctor, who
advises on a performed feces analysis. This All data that is passed to the backend systems
analysis is then sent to a laboratory after being are to be sanitized in order to prevent NoSQL/
paid by the patient. When the analyses report is SQL injections (section 4.2 of the framework).
ready the patient and doctor receive a notification
with the results. The doctor and patient meet again As an addition to the security audit on the system
and the doctor creates a personalized prescription, from an external company, the development team
that is sent to the pharmacist once it has been hired internally an experienced cyber security
paid. The pharmacy creates the prescription and specialist to their development team in order to
sends the patient a notification with a tracking review system components.
code. This complete flow is managed by a
blockchain application, as the agreements are 7.3 Loek! Real estate management
handled by smart contracts.
Market: Real estate
The system is a permissioned Ethereum The Loek blockchain system was implemented
blockchain, using PoA. The nodes are run by the to connect data from multiple sources and grant
following stakeholders: the authenticity of building dossier documents.
The focus of the Loek application is to focus
Doctors on the management of buildings. The different
Pharmacists application users store all information regarding
Laboratories a building from a single online location, which is
Microbiome center Nederland a designated digital building file. As a result, the
LedgerLeopard user has all the relevant information at hand at
all times. Loek is connected to a blockchain in
Security Implications order to generate hashes and reference points to
Having had the experience of developing the “Mijn the digital building dossier. The system creates a
Zorg Log” application, the developers had an “fingerprint” to prove the structure of a document
idea of what security considerations to take into on a specific moment and a hashed pointer to the
account. The new challenge in this project was location, for role-based access.
the security of the following external connections
linked to section 4.2 of this framework: The system is a permissioned Ethereum
blockchain using PoA, where the nodes are run by:
Laboratory API
Payment systems Loek
Pharmacy API Connected buildings

Besides the secure connections we added the Security Implications

following security precautions: The security part of the blockchain focused on the

38 Dutch Blockchain Coalition

protection of the building dossier files and access are run by participants of the public blockchain
for users and roles. This expressed itself in the network.
following security precautions:
Security Implications
Hashed pointers (section 4.3 of the framework). The Security of a cryptocurrency exchange is
the key component for the creation of a smart
Hashes for documents (section 4.3 of the contract. When attackers find any flaw in the
framework). contract, money and trust may be lost. The
developers considered the following when
Encrypted external file storage connected to developing the smart contracts:
blockchain (section 4.3 of the framework).
To make use of smart contract security tools
This usage of the blockchain creates a digital trust (section 4.1 of the framework).
layer with a decentralized register of the building
dossier, where security and integrity of data plays Work according to financial market authority
an important role. security guidelines (section 4.4 of the
framework).
7.4 Grain Initial Coin Offering
Use the audited code (section 4.1 of the
Market: Financial, ICO framework).
The Grain Initial Coin Offering is blockchain
solution where developers wrote smart contracts External smart contract company audit (section
to be able to whitelist investors and distribute 4.1 of the framework).
cryptocurrencies. Grain processes write
agreements on the blockchain and have an For ICO smart contracting security, it is highly
instant payment mechanism. It helps companies recommended to do research on the latest
save billions of euros annually in middleman- practices, use the proven code, and work with
services and payment processing costs. Grain is experienced developers.
a backend solution that allows labor management
systems and freelancer platforms to integrate 7.5 Consentus
smart contract and financial transactions on the
blockchain. Market: Healthcare
The Consentus blockchain system was
For this project, smart contracts were created for implemented to handle the consent of patients for
the cryptocurrency usage on the grain blockchain handling their data by hospitals in a generic and
platform. For the ICO of grain, the developers private way.
created a smart contract to whitelist the keys
of investors as result of a knowing your client One of the limitations that always comes back
(KYC). The developers also implemented the with the exchange of medical data, is the process
smart contract that handled the distribution of the of obtaining and recording permissions from the
cryptocurrency as a result of a payment. patient. Permissions from the patient are required
before a source file holder can share data from
The smart contract was created to be used on this patient with other healthcare professionals,
the public Ethereum blockchain where the nodes even if they already had a treatment relationship

39
with the patient. This simply means that if a Secure external connections with hospital
patient in hospital X has data, for example of an systems. (section 4.2 of the framework)
antibiotic allergy, this fact is not readily available if
the patient unexpectedly reaches the emergency Hashes and pointers for users and system
department of hospital Y. in addition to this, the connections. (section 4.2 of the framework)
patient would also need to provide consent in
advance to hospital X.

Each hospital must request permissions from

the patient in their own way. There is no integral
overview of the permissions already granted and
the patient has very limited means to change that
permission. In addition, there are several types of
permission that a patient can give, each of which
is separately requested and stored.

The Radboud UMC has designed a solution that

answers the problem outlined above. By using
Blockchain technology, this smart architecture
can be used to set up a system that enables the
patient to manage all permissions themselves,
from a PC or mobile phone. This data is
cryptographically encrypted on the blockchain and
it is up to hospitals to check whether they have
permission to request this information.

The system is a permissioned Ethereum

blockchain using PoA, the nodes are run by the
connected hospitals

Security Implications
The major security risk identified for this
application concerns the possibility of a breach
that may cause a change in the consent for
medical data between the patient and the hospital.
For handling the consent of the users, the
developers took the following security precautions:

Authentication/Authorization to be handled by
the proven systems used by hospitals. (section
4.2 of the framework)

40 Dutch Blockchain Coalition

41
8. Endnotes

42 Dutch Blockchain Coalition

Endnotes
1. For more on this definition of blockchain, see Nolan Baurle’s article on CoinDesk titled “What is blockchain?”
2. For the full context of the IEEE decision tree for adopting blockchain technology, see Morgen E. Peck’s article:
https://spectrum.ieee.org/computing/networks/do-you-need-a-blockchain.
3. For more information regarding TNO’s research on blockchain security, see their research paper “Rethinking
Blockchain Security: Position” (IEEE Blockchain, 2018).
4. This recommendation was provided by Dr. Griffith from the Ethereum Foundation. In an interview, he recommended
any organization beginning to adopt blockchain technology to begin with a permissioned blockchain that would
allow the organization to have ample control over the blockchain.
5. When discussing legal matters such as the GDPR, it is useful to comment that one should also look at other
applicable legislation when using blockchain applications. It is advised to not simply focus on the impact of the
GDPR.
6. For more information see GDPR art 4 (7).
7. For more information see GDPR art 4 (8).
8. For more details on this case, see the white paper by Pels Rijcken titled “Legal aspects of blockchains” page 9.
9. This is also the position of the French national commission on communication and liberties (CNIL) as it can be seen
on page 1 of their report: https://www.cnil.fr/sites/default/files/atoms/files/blockchain.pdf.
10. Ibid.
11. Ibid page 2.
12. See also https://www.cnil.fr/sites/default/files/atoms/files/blockchain.pdf, page 3.
13. For more information see GDPR Art. 12-23
14. For more information see Pels Rijcken article, pages 10-11. And see Opinion 05/2014 on Anonymization
Techniques from the Article 29 Data Protection Working Party (WP216): “Neither encryption nor key-coding per
se lends itself to the goal of making a data subject unidentifiable: as, in the hands of the controller at least, the
original data are still available or deducible. The sole implementation of a semantic translation of personal data,
as happens with key-coding, does not eliminate the possibility to restore the data back to their original structure
- either by applying the algorithm in the opposite way, or by brute force attacks, depending on the nature of
the schemes, or as a result of a data breach. State-of-the-art encryption can ensure that data is protected to a
higher degree, i.e. it is unintelligible for entities that ignore the decryption key, but it does not necessarily result
in anonymization. For as long as the key or the original data are available, even in the case of a trusted third
party, contractually bound to provide secure key escrow service, the possibility to identify a data subject is not
eliminated.”
15. For further details on the stand point of the Dutch DPA, see:
https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/beveiliging/beveiliging-van-persoonsgegevens
16. For more details see the Pels Rijcken article, pages 4-8
17. As is the case with the NEN 7510 security standard for Dutch healthcare organizations.

43
 info@dutchblockchaincoalition.org
www.dutchblockchaincoalition.org