1. Introduction
Blockchain, a distributed ledger based on cryptographic algorithms [
1], was first described by Satoshi Nakamoto [
2] in 2008 as a distributed peer-to-peer network for handling the first-ever decentralized digital currency “Bitcoin” that was later rated as the number one currency in terms of user adoption and widespread use [
3]. The adoption of blockchain-based networks was held back because of its complex architecture; nevertheless, with time it attracted the attention of numerous industries globally, for example the financial industry, healthcare, logistics, manufacturing, energy, agriculture, and other industries [
4]. The blockchain supports a complicated framework that amalgamates other prominent technologies such as peer-to-peer networking, distributed environment, decentralized architecture, cryptography, smart contracts, consensus mechanisms, and others [
5]. Fundamentally, the blockchain is used to store time-stamped information during the transactions in data blocks, which are chronologically connected to each other to form a chain. Each block of data has a unique hash value, which is generated using a cryptographic algorithm that assures the integrity of the data. These blocks are connected to each other with these hash values like a linked list. Each block consists of a hash of the previous block along with its own, which helps in connecting the blocks forming the blockchain [
6].
Blockchain technology has shown promising vision and has attracted various industries and researchers [
7,
8]. There are currently over 3000 blockchain-based cryptocurrencies available on the market, and this number continues to grow [
9]. Blockchain technology has been applied in several application domains apart from digital currencies including the Internet of Things [
10,
11], healthcare [
12,
13], economics [
14,
15], software [
16,
17], and education, etc. The sudden spread of the COVID-19 pandemic in the past few months uncovered the constraints in the technology being used and promoted the adoption of blockchain in several domains such as contact tracing [
18], patient information sharing [
19], supply chain management [
20], immigration processes, etc. The implementations of blockchain-based frameworks are now being utilized by almost every type of industry because of its ability to provide historical information of the transactions that is time stamped and immutable. Since the blockchain has no central controlling authority, all the participating nodes within the network have responsibility for maintaining it, for which purpose consensus mechanisms are applied to process and update the data over the blockchain. Furthermore, the smart contracts are used to allow complex rules and conditions within the transactions [
21]. Smart contracts were first described back in 1994 [
22], as protocol for digitally handling transactions by executing the terms and conditions of the contract, which eliminates the third-party requirement and minimizes the security issues. Basically, the contract acts as an agreement between the untrusted parties by enforcing the rules and regulations. In the blockchain network, these smart contracts are lines of code that run on the distributed network [
23].
With the increasing worldwide adoption of blockchain technology, it is expected that its impact is going to be long lasting and the mode of internet behavior is going to change entirely [
24,
25]. It is being adopted at commercial level by providing breakthroughs to the IT industries for the improved efficiency and streamlined operations of businesses. Furthermore, large market players such as IBM, Google, Amazon, Microsoft, etc. have developed frameworks for providing the blockchain-based architecture as a service to the users to help in developing businesses and perform research on blockchain by themselves [
26,
27,
28,
29]. The blockchain provides a lot of new opportunities for applications in a decentralized manner with no intermediary, hence serving as a basis for more robust, failure-resistant and often more secure infrastructures. The blockchain has also, on the one hand, reduced fraud and improved financial accountability, on the other hand, introduced new cyberattacks on finances and helped in spreading ransomware [
30,
31]. Henceforward, it is significant to identify the existing work in this field by systematically analyzing the research done so far. In the past few years, hundreds of papers have been published in the domain of blockchain security. The first systematic review on Bitcoin was presented in [
32], which elaborated the problems associated with the anonymity issues and analyzed the techniques for enhancing privacy and security. Subsequent work [
33] investigated the existing loopholes in the Bitcoin implementation. In the survey paper [
34] the risks associated with popular systems based on blockchain networks are reviewed and the vulnerabilities and attack cases happened so far are analyzed.
The main goal of this article is to emphasizee blockchain technology as a backbone for various applications, its innerworkings, components, security and future adoption aspects. The rest of the paper is organized as follows: a brief overview of blockchain technology and concepts is presented in
Section 2.
Section 3 outlines the traits related to the security in blockchain-based system.
Section 4 reviews the techniques that can be applied to ensure security and privacy on blockchain. The deployment of blockchain-based applications is discussed in
Section 5 followed by concluding remarks in
Section 6.
2. Blockchain Technology
Nakamoto [
2] documented the concepts and details of blockchain technology in 2008, which was then deployed in 2009 as the backbone for the first decentralized cryptocurrency named Bitcoin. Bitcoin allows the exchange of the digital currency over the internet in a decentralized peer-to-peer fashion. In Bitcoin, the blockchain is implemented as a distributed ledger that is publicly available and hosted by a large number of volunteering hosts, called nodes. The ledger stores and verifies the transactional data over the network. The noteworthy feature provided by the blockchain in Bitcoin is its ability of the prevention of double spending in trades, as the entire network is responsible for the verification of the transactions instead of a central authority like traditional financial frameworks.
Basically, blockchain is a ledger that maintains a list of transactions in an immutable, append-only fashion that is growing with time and expanding the chain in a secure manner; the blocks within the blockchain are protected using cryptographic algorithms that impose the integrity of the transactional details [
35]. The blockchain consists of permanent records that cannot be altered or tampered with, thus ensuring the integrity of the data. The data within the blockchain run through the distributed nodes within the network. The feature that makes the blockchain different from other technologies is that it timestamps the data records, providing a total order of blocks. A block consists of the hash value of the data stored in that block, along with the hash value of the previous block, which helps in connecting the chain of blocks. A new block can only be added to the existing blockchain after the successful completion of the consensus mechanism. This consensus mechanism has to control the permissions for entering into the chain, following the protocols for securely verifying the blocks and maintaining the consistency of the records at every node of the network. Hence, in conclusion it can be said that the blockchain is a distributed ledger that stores all the transactional data over a decentralized network in a secure and verifiable fashion. A blockchain-based framework can handle security issues such as unauthorized access of data/transactions, dependency on a third party or central authority and the unreliability of other participants.
2.1. Evolution of Blockchain
Bblockchain technology has developed and drastically evolved, and its evolution can be divided into stages as depicted in
Figure 1 below. The first stage of the development is called as Blockchain 1.0, which consists of the public ledger for holding the cryptocurrencies over the distributed network. The next stage is Blockchain 2.0, which includes the trust management feature using smart contracts that manages itself with no involvement of any third parties. The third stage is Blockchain 3.0, which is the present and future of the technology and includes various application areas such as DeFe (decentralised finance), IoT, education, identity management, big data, Artificial Intelligence and healthcare, etc. [
36].
Blockchain 1.0 began with the first digital currency, Bitcoin, which gave rise to the popularity of blockchain technology. The blockchain framework proposed for handling Bitcoin became famous as it solved various issues related to the data, such as authenticity, security and integrity, using the concepts of cryptography and hash functions [
37]. The script used in the original first generation blockchain can be considered limited and purpose-built. It is only possible to express certain contractual agreements using that script. The innovation brought to the blockchain in the second generation is the generalization of the scripting concept. Instead of offering only limited computational capability, the new generation smart contracts bring the power of a universal computation—that is, the smart contracts can express any algorithm that a universal computer can express. The concept of smart contracts allows the expression of complex contractual agreements, algorithms and workflows. Smart contracts allow the users to digitize any physical asset and map the real world logics to it using an expressive (universal) programming language. This improvement in the blockchain network made the technology more robust and flexible as the users can trace the real-world entities on the network that are secure and traceable. The third stage, Blockchain 3.0, is the current stage of blockchain that is still under development and has good scope for growth. This current generation is going to transform the way of internet based transactions facilitating Blockchain as a service [
38,
39,
40].
2.2. Classification of Blockchain
While blockchain technology is continuously evolving in terms of its construction, access and verification, several application domains are adopting them. The blockchain can be classified in following three types that users can select from as per the requirements and scenario. These types of blockchain are different from each other but have similar basic characteristics like distributed and decentralized structure, peer-to-peer communication, consensus mechanisms, digital signatures and time stamping.
2.2.1. Public Blockchain
The network in such blockchain is distributed and publically available with no restrictions on reading the data from the network. However, in the context of writing, a public blockchain could be permissioned or permissionless. If it is permissionless then anyone can write into the network but if it is permissioned then only some specific nodes are authorized to have privileges to carry out new transactions (writing into the blockchain), verify the transactions by other nodes along with accessing the existing transactions (reading the blockchain). The proof-of-work consensus makes the public blockchain trustworthy. Such blockchain is considered to be safe because the number of nodes joining the network is usually high (as it is publicly available), and more nodes means a more distributed network. Furthermore, the records ledger is available to all the nodes that make the blockchain transparent. However, there are some flaws in such a blockchain, such as low processing speed because of the larger number of nodes within the network. Scalability and efficiency are also problem areas in such block chains, as proof-of-work consumes large amounts of time and energy in verifying requests. Bitcoin [
2], Litecoin [
41] and Ethereum [
42] are the most common public blockchains available on the market today; a diagrammatic representation of such blockchains is shown in
Figure 2 below, in which various types of nodes are connected with one another and share a common distributed network:
2.2.2. Private Blockchain
The network of such a blockchain has some restrictions and works in a closed manner. Such networks are favored when an organization wants a blockchain with access and participation of some members. Additionally, no person can have the right to access the data or participate in transactions within the blockchain [
43]. Such a blockchain is controlled by the organizations themselves and can be used for protecting the assets of customers; managing digital identities supply chains, etc. These blockchain networks could be permissioned or permissionless within the private group of people. Private blockchains are better than public blockchains in terms of computation speed because of the limited number of participating nodes—the consensus works fast—and scalability that allows the adjustment of the number of nodes on the basis of requirement. The shortcoming of such a blockchain is its maintenance, as the organization has to maintain the trust among the participating nodes because confidential information is at stake; also, it is easy to hack a chain with a smaller number of nodes. Therefore, organizations need to be incredibly careful while deciding upon the participating nodes. Some of the examples are Sawtooth [
44], Corda [
45], Fabric [
46], etc. in which only the representative nodes have the right to make changes in the blockchain; a diagrammatic representation of such network is shown in
Figure 3 below:
2.2.3. Consortium Blockchain
Some nodes within the network are responsible for management in such a blockchain. Those nodes are the selected representatives of the participating organizations that are responsible for making the decisions within the network. These authoritative nodes control the consensus mechanisms and a few of them are also allowed to participate in the transactions. This blockchain is also called federated blockchain, and can be seen as a permissioned public blockchain in which anyone can read the data from the network but only the representative nodes have the authority to write into the network. The number of nodes in this blockchain is high, like public blockchain, while some restrictions are imposed on the nodes, like the private one. This type of blockchain is usually preferred in government and banking sectors, for example R3, Energy web foundation, etc. A diagrammatic representation of such blockchain is shown in
Figure 4 below in which the representatives are depicted using blue nodes:
2.3. Components and Working of Blockchain
A blockchain is a distributed network that is used to store the transactional data logs in a secure manner. The data within the blockchain is stored in the form of blocks that are chained together as shown in
Figure 5 below. A block is generated after a fixed amount of time containing the information regarding the transactions that happened during that interval, which means the greater the number of transactions the larger the size of the blockchain. Whenever a transaction is requested, the mining process starts by broadcasting the request to all the nodes of the network for validation via consensus protocols. The block is added to the chain only after validation by all other nodes.
A blockchain can have several other components, but following are the necessary and basic ones that are required to be understood for getting better insight into the technology.
2.3.1. Block
A blockchain is a chain made of blocks, i.e., a block is the basic data structure of the network. A block can be divided into two parts as shown in
Figure 6 below. The first part is the header, which consists of the index number, time stamp, nonce, data, hash values, etc. The blocks are generated by any of the nodes within the network, which is then verified by the entire network to be added to the chain. The first block of the blockchain does not have any value in the previous hash section, because it does not have any previous block, is called ‘genesis block’. There are three types of blocks; ‘main branch blocks’ are the blocks that are added to the longest available blockchain within the network, ‘side branch blocks’ are the blocks that are not the part of longest chain or have the previous hash in some other chain and ‘orphan blocks’ whose previous blocks are not known to the present node.
2.3.2. Hash Pointer
Hash pointer consists of the hash of the data that is stored in the block. This hash is achieved using cryptographic hashing function (e.g., SHA256) and points towards the actual storage location of the data. It can be used to find out the integrity of the data. The hash pointers are responsible for the connectivity of the blocks in the blockchain, as a block is connected to the previous block using this hash value. Each block consists of the hash pointer to its data and data of previous block. The users verify these hashes publicly to assure that the data are tamper-proof. If a data are tampered with, the hash value will change not for that particular block, but for all the previous blocks up to the genesis block, which is not quite practically possible. Therefore, the hash pointer plays a vital role here in blockchain, in assuring the tamper resistance of the network.
2.3.3. Merkle Tree
It is a type of binary search tree with nodes connected to each other via hash pointers of the blocks, used to generate the blockchain. Whenever, more than one node is merged into single node, the Merkle tree creates a parent node for them that contains the hash of the nodes (those are merged) using a tree construction algorithm. The Merkle tree provides the capability of managing the data in a tamper-proof way, as it traverses down from the parent node towards the current node. For instance, if someone tries to alter the data of a node, the hash at the parent level are disturbed and the level above that, etc. up to the root, which makes it impossible for the attacker to change all the hashes at the time, and the tampering can be easily detected within the network.
2.3.4. Digital Signature
It uses cryptographic algorithms (public-private key cryptography, such as RSA or DSA) that can be used to establish the validity of the data within the network. It can also be used to verify the integrity of the data. In order to generate a digital signature, two keys are required a private key that is used by the generator to sign the document which is kept secret and the public key that is announced publicly, that can be used to verify that a certain private key has generated the digital signature. Then, a signing algorithm is required for actually putting a signature on the data using the available private key. Moreover, the signatures are verified using the verification algorithm. The digital signatures algorithms need to make sure that the signatures can be verified and cannot be forged.
2.3.5. Transactions
A block within the blockchain consists of the details of the transactions that happened in a particular time span. A transaction is one of the prominent parts of the block. It consists of the data that is being transmitted over the blockchain network along with the addresses of the sender and receiver. The sender applies the digital signature before sending it. The digital signature is applied on the hash value of the previous block. Next, the requested transaction is announced on the entire network, and the nodes calculate the current status of the node based on the data that they have so as to verify the transaction. The data of these transactions is time stamped—that means any change could be traced. Moreover, nothing can be changed in a blockchain; if a change is required a new transaction is requested instead of altering the existing one.
2.3.6. Consensus Mechanism
A blockchain network is distributed, and peer-to-peer connected, in which the transactional data are available to each and every node. The consensus mechanisms are imposed to ensure the security of the blockchain. Since each and every node owns a copy of the data, it is necessary to update it from time to time, and make sure that the data are consistent. The consensus mechanism is supposed to ensure that every node has an equal right and a new block can only be added to the network after these nodes agree to a consensus with proper participation and co-operation.
2.3.7. Inner Working of a Blockchain-Based System
A blockchain is a chain of blocks containing transactional data, connected using cryptographically generated hash pointers. Each of the blocks within the blockchain consists of data, timestamp of the data, generated hash value of data, hash value of previous block, etc. The blocks consist of information related to the transactions that happened in the given time-period. These transactions are made publicly available and are only carried out when the nodes of the network agree to via consensus mechanism that acts as a trust machine among the unknown parties. The transactions are also permanent, i.e., nobody can alter the data once entered the chain. The blockchain verifies itself on its own that makes it unique and trustworthy. A simple blockchain transaction can be carried out in following manner as shown in
Figure 7 below:
Blockchain technology supports distributed and decentralized networks, where all the nodes are equally important and have equal rights, and the data are stored in a secure fashion. Whenever a node requests a transaction, it is represented in the form of a block containing all the details regarding the transaction such as data, hash values, time stamp, etc. Then, this transaction is presented to every node of the network, which verifies the genuineness of the transaction by using the consensus mechanism. When the block is verified, it is added to the chain and the node that requested the transaction is notified that the transaction is complete. A blockchain is a huge chain that stores the transactions happening within the network so far in a distributed manner, which is what makes it better than other available platforms at ensuring security and fault tolerance.
6. Concluding Remarks
Blockchain technology that was first proposed as a backbone for implementation of the first digital currency and is now being deployed in various application domains because of its unique properties that assure the secure, transparent and confidential transactions of data in a peer-to-peer manner within a distributed network. The features such as time-stamped data, digital signatures, consensus mechanism, cryptographic hashing, etc. provided by the blockchain make it an extremely secure framework for handling data transactions without any intermediaries. Apart from this, the blockchain offers certain properties such as pseudoidentity, tamper-resistance, data consistency and confidentiality, etc. that assure the security and privacy of the data on the network, thus making the blockchain system more secure. A thorough analysis of blockchain and its contribution is presented in this paper.
This study highlighted the blockchain-based applications in several industrial domains, such as supply chains, where it can efficiently handle the marketing of counterfeit products by keeping track of the entire supply chain mechanism in a time-stamped and tamper-proof manner in real time. We have also discussed how blockchain can also be leveraged in the healthcare domain for securely sharing and confidentially storing Electronic Health Records (EHRs). The blockchain could also provide solutions for the challenges faced by the IoT industry by maintaining large numbers of devices in a distributed and peer-to-peer manner. The governance sector can also benefit from blockchain technology by providing secure mechanisms for the tracking and management of assets and identities. Manufacturing is a domain which consists of several steps such as planning, managing operations and assets, interacting with resources (human and mechanical), monitoring of performances, etc. making data security a big concern. The study suggests that blockchain technology can provide secure solutions to every aspect of the manufacturing process, from the management of supply chains, to verifying online payments, to commercial marketing. However, the sector in which blockchain technology has the most potential includes banking and finance. It is capable of facilitating several applications such as handling payments, managing loans, digitizing currencies, transmitting assets, etc. The smart contract can be employed in future for various processes such as documents’ provenance, ownership rights, digital or physical assets or to stop fraud. Likewise, in other industries like the diamond industry, the digital ledger for diamond identification and transaction verification could enable more transparency to be brought into the very opaque diamond market. For the reasons that are discussed in this paper, it is clear that blockchain technology has huge potential to transform almost all industrial sectors. As such, making use of this reliable, trusted technology could contribute to the development of a safer, more secure, and more transparent working environment in all the industrial sectors.