The Auditor's Guide to Blockchain Technology: Architecture, Use Cases, Security and Assurance

Cover
Half Title
Series Information
Title Page
Copyright Page
Table of Contents
Foreword
Preface
1 Blockchain Technology: Creating Trust in a Trustless Environment
	Blockchain Defined
	Blockchain History
	Blockchain Technology Versus Traditional Database Solutions
	The Byzantine Generals Dilemma
	Blockchain Types
	Blockchain Components: A Primer
		Centralized Networks
		Decentralized Networks
		Distributed Networks
		The Block
		Shared Ledger
		Chaining Blocks
	Blockchain Attributes and Benefits
	Blockchain as a ZTA Tool
	Conclusions and Recommendations
	Core Concepts
	Activity for Better Understanding
	References
2 Blockchain Architecture, Components and Considerations
	Blockchain Participants and Roles
		Blockchain Types
			Public Blockchains
			Private Blockchains
		Open Versus Closed Blockchains
	Consensus
		Consensus Algorithms
	A Cryptography Primer
		Symmetric Cryptography Algorithms
		Asymmetric Cryptography Algorithms
		Hybrid Cryptography
		Homomorphic Cryptography
		Elliptic Curve Cryptography
		Zero-Knowledge Proof
	Hash Functions
		How Does a Hash Work?
		Where Are Hash Functions Used?
		Security Properties of Hash Functions
		Real-World Hash Applications
		Common Cryptographic Hash Functions
	Merkle Trees
		The Working of Merkle Trees
		Benefits of Merkle Trees
	Digital Signatures
		Digital Signature Generation
		Digital Signature Verification and Validation
	Access Control, Identity Management and Membership Service Providers
		Identity Management
		Membership Service Providers
	Crypto Wallets
		Types of Wallets
			Cold Wallet Or Cold Storage
		How Are Keys Stored in a Wallet?
	Inter-Planetary File Systems
	Smart Contracts
		Smart Contract Lifetimes
		How Developers Ensure Users Cannot Exploit Bugs Or Unintended Functionality
		Turing Completeness
		Untrusted Code
	Conclusions and Recommendations
	Core Concepts
	Activity for Better Understanding
	References
3 Blockchain Tokens and Cryptocurrencies
	Blockchain Governance
		Popular Blockchain Governance Strategies
	Blockchain Forks
		Why Forks Happen
		Types of Forks
			The DAO Hack
	Tokens in Blockchains
		Types of Tokens
		Token Standards
	Ethereum Gas and EIP 1559
	Blockchain Token Use Cases
	Cryptocurrencies
		Popular Cryptocurrency Types
	Cryptocurrency Exchanges
	Summary and Conclusions
	Core Concepts
	Activity for Better Understanding
	References
4 The Advent of the Triple Entry Accounting: Implications for Accountants and Auditors
	The History of Accounting Entries
		Single Entry
		Double Entry
		Triple-Entry Accounting
		Double-Entry Versus Triple-Entry Accounting
	The Effect of Triple-Entry Accounting for Accountants
	The Implications of Blockchain for Auditors
	Financial Fraud Mitigation Using Blockchain Technology
		Financial Statement Fraud
		Skimming
		Cash Larceny
		Register Disbursement Schemes
		Check Tampering
		Billing Schemes
		Payroll Schemes
		Expense Reimbursement Schemes
		Misuse of Inventory
	Other Non-ACFE-Related Blockchain Threats
		Double-Spending Attacks
		Exchange Hacks
		Social Engineering
		Malware
	A Proposed Purchase Cycle Blockchain Audit Checklist
	Fraud Schemes Associated With Purchase Cycle
	Public and Private Sector Triple-Entry Accounting Challenges
	Summary and Conclusions
	Core Concepts
	Activity for Better Understanding
	References
5 Blockchain Use in the Financial Services Sectors
	Blockchain Use in Financial Services
	Blockchain in the Banking Sector
		Banking Payments Systems
		The Embedded Supervision Principles in Blockchains
	Use of Blockchain On Exchanges
		Blockchain-Based Transaction Clearance and Settlements
		The Investment Management Sector (Mutual Funds)
		Investment Management Use Cases
	Know Your Customer Considerations
		Streamline Compliance and Process Duplication Avoidance
		Blockchain as a Money Laundering Prevention Tool
	Blockchain and Consumer Credit
		Cardholder Identity and Verification Processes
		Microloans Management for Users in Developing Countries
		A Corda Platform Use Case
	Blockchain and Trade Financing
		International Trade Use Cases
	Blockchain in the Insurance Sector
		Blockchain Solutions for Various Insurance Use Cases
			Blockchain and Group Insurance Benefits
	Summary and Conclusions
	Core Concepts
	Activity for Better Understanding
	References
6 Blockchain and Supply Chain Management
	Supply Chain Defined
		Different Types of Supply Chain
		Supply Chain Components
	Supply Chain Fraud Risks
		Counterfeit Goods
		Fraudulent Billing
		Misappropriation of Assets
	Food Fraud
		Mislabeling – Some Major Food Fraud Cases
	Blockchain Benefits in Supply Chain Management
	Walmart’s Supply Chain Blockchain
		Maersk
		DeBeers Jewelers
	Summary and Conclusions
	Core Concepts
	Activity for Better Understanding
	References
7 Ethereum, Hyperledger and Corda A Side-By-Side Comparison of Capabilities and Constraints for Developing Various Business Case Uses
	Ethereum
		Components of Ethereum
		Smart Contracts
			The Ethereum Virtual Machine
			Characteristics of Smart Contracts
			Limitations of Smart Contracts
			Consensus Mechanism
		Limitations of Ethereum
		Ethereum Use Cases
	Hyperledger
		Hyperledger Frameworks
		Benefits of Using Hyperledger
		The Design Philosophy of Hyperledger
		Tools of Hyperledger
		Hyperledger Smart Contracts
		The Architecture of Hyperledger
		Consensus in Hyperledger
		Limitations of Hyperledger
		Hyperledger Use Cases
	Corda
		Components of the Corda Platform
		Corda Smart Contracts
		Corda’s Consensus Mechanism
		Corda Use Cases
		User Privacy in Corda
		Limitations of Corda
	A Side-By-Side Comparison of Ethereum, Hyperledger and Corda
	Decision Tree to Choose the Right Framework for a Business Use Case
	Summary and Conclusions
	Core Concepts
	Activity for Better Understanding
	Reflective Questions (Supplementary)
	References
8 Designing a Blockchain Application
	Blockchain Design Guiding Principles and Considerations
		Do We Need a Blockchain Solution in the First Place?
		Does the Application Need to Be Feature-Heavy Or Feature-Light?
		What’s More Important – Collaboration Or Security?
			Design for Security and Privacy
		Will the App Have Consistency Or Specialization?
		Will Support Be Centralized Or Decentralized?
			The Mechanics of Decentralization in DApp
		Monolithic Or Modular?
		Personas
			Persona Example 1
			Persona Example 2
		User Stories
			Prof. Shaun’s User Story
			Dr. Anika’s User Story
		Functional Requirements
		Technical Requirements and Tasks
	Popular Application Design Approaches
		Ancile
		Ontology-Driven Approach
		Software Engineering Strategies for DApps
			The Model-Driven Approach
			The User Design Approach
			The Design Process
	Blockchain Application Design: Good Practices and Considerations
	Summary and Conclusions
	Core Concepts
	Activity for Better Understanding
	References
9 Blockchain Application Development
	Fundamental Differences Between Software and Firmware
	Popular Application Development Frameworks
		Ethereum
		Hyperledger
		Corda
		Ripple
		Quorum
	Layers of Blockchain Application
	Tools for Blockchain Applications
	Integrated Development Environment
	Good Practices for Blockchain Development
	Summary and Conclusions
	Core Concepts
	Activity for Better Understanding
	References
10 Testing and Auditing Blockchain Applications
	Why It Is Critical to Test a Blockchain Application
	Popular Testing Tools for Blockchain
		Challenges in Testing Blockchain Implementation
	Phases of Blockchain Testing
	Testing Models: Functional Testing
	Blockchain Bug Management Considerations
		A Four-Step Bug Management Strategy
		Blockchain Bug Categories
		Tools for Testing
	Test Plan Strategy for Blockchain Applications
		Opportunities to Enhance Testing Strategies
		Regression Testing
		Automation Testing
		Test Management Considerations
		User Acceptance Testing
	Blockchain Application Auditing Considerations
		A Framework for Auditing Blockchain Solutions
		A Proposed Audit Checklist for Blockchain Audits
	Summary and Conclusions
	Core Concepts
	Activity for Better Understanding
	Reflective Questions
	References
11 Blockchain System Implementation
	Introduction
	Disaster Recovery
		Elements of an Effective Disaster Recovery Plan
		The Use of Blockchain Technology in Disaster Recovery
			Verification of Data Integrity
			Availability
			Memory Correction
			Cloud Storage
	Contract Management
		Fraud in Contract Management
		Blockchain as a Tool in Contract Management
	Product Distribution/Monetization
	Supply Chain Management
		Blockchain’s Value in Today’s Supply Chains
	Asset Management Using Blockchain
		Blockchain as a Solution in Asset Management
	Use of Blockchain for Data Control, Security, Legal Compliance and Assurance
		Data Control
		Security
		Legal Compliance
		Assurance
	Blockchain Implementation Challenges
	Using a COBIT 2019 Approach for Blockchain Implementation
		A Three-Layer Implementation Approach
		The COBIT 2019 Implementation Approach
		Phase 1: What Are the Drivers?
		Phase 2: Where Are We Now?
		Phase 3: Where Do We Want to Be?
		Phase 4: What Needs to Get Done?
		Phase 5: How Do We Get There?
		Phase 6: Did We Get There?
		Phase 7: How Do We Keep the Momentum Going?
	Summary and Conclusions
	Core Concepts
	Activity for Better Understanding
	References
12 Blockchain Risk, Governance Compliance, Assessment and Mitigation
	Blockchain Technology Risks
	Ledger Transparency Risks
	Blockchain Security Risks
		Operational Risks
	Blockchain Application Development Risks
	Cryptocurrency and Payment Considerations
	Blockchain Regulatory Compliance Risks
	Regulatory Compliance Considerations
		Payment Card Industry Data Security Standards
			Blockchain Considerations Related to Payment Card Processing
		Health Insurance Portability and Accountability Act
			Blockchain Considerations Related to HIPAA
		General Data Protection Regulation
		The Personal Information Protection and Electronic Documents Act
	The COSO Framework
	A Proposed List of Blockchain Good Practices Based On COSO
	Conclusions and Recommendations
	Exercise for Better Understanding
	References
13 Blockchain User, Network and System-Level Attacks and Mitigation
	Introduction
	Blockchain User, Network and System-Level Attacks and Mitigation
		User-Level Attacks
		Stolen Private Key
		Mitigation
		Malware
			ElectroRAT
			PCASTLE
			Lemon Duck
			Ransomware
			Mitigation
			Implementing System Updates
	Node-Level Attacks
		Mitigation
	Blockchain Network Attacks
		Flawed Network Design
		Poor Overall Network Security
		51% and Double Spending Attacks
		DoS Attacks
		Eclipse Attacks
		Replay Attacks
		Routing Attacks
		Sybil Attack
	Blockchain System-Level Attacks
		Integer/Buffer Overflow Attacks
			Mitigation
		Time Stamp Attacks
			Mitigation
		Buffer Out of Bounds Attacks
			Mitigation
		Race Condition Attacks
			Mitigation
	Blockchain Security Best Practices
		Inherent Security Measures
	Ethereum
		Ethereum Smart Contracts
		Ethereum Security Measures
	Hyperledger Fabric
		Hyperledger Smart Contracts
		Hyperledger Security Measures
	Corda
		Corda Smart Contracts
		Corda Security Measures
	Summary and Conclusions
	Core Concepts
	Activity for Better Understanding
	References
14 Smart Contract Vulnerabilities, Attacks and Auditing Considerations
	Smart Contracts Security Considerations
		Reentrancy Attack
			Real-Life Case Scenario
		Access Control
			Real-Life Case Scenario
		Arithmetic Over/Underflows
			Real-Life Case Scenario
		Unchecked Return Values
			Real-Life Case Scenario
		DoS Attacks
			Real-Life Case Scenario
		Bad Randomness
			Real-Life Case Scenario
		Race Condition
			Real-Life Case Scenario
		Short-Address Attack
		Timestamp Dependency
			Real-Life Case Scenario
	Smart Contract Auditing Considerations
		Smart Contract Auditing
		Control Flow Analysis Tools
			McCabe IQ
			Ethereum Virtual Machine
		Taint Analysis Tools
			TAJ
			DYTAN
		Dynamic Code Analysis Tools
			MAIAN
			ContractLarva
		Vulnerability-Based Scanning Tools
			Mythril
			Securify
			SmartCheck
		Symbolic Execution Tools
			DART
			Manticore
			Oyente
	Summary and Conclusions
	Core Concepts
	Activity for Better Understanding
	References
15 Blockchain-As-A-Service
	Introduction
		A History of Cloud Computing
	Cloud Computing at a Glance
		Cloud Computing Attributes
		Cloud Deployment Types
		Cloud Computing Service Models
	Cloud Computing Roles and Responsibilities
	Benefits of Cloud Computing
	What Is BaaS?
		How Does the BaaS Model Work?
		Advantages of BaaS
		BaaS Challenges
		Current and Anticipated Future Interest in BaaS
	How Is BaaS Different From Serverless Computing?
	BaaS Server-Side Capabilities
	How Is BaaS Different From PaaS?
	How Do BaaS Applications Run?
		Consensus Mechanism
	Criteria for Selecting a Blockchain as a Service Partner
	BaaS Platforms
		IBM BaaS
		Oracle
		Microsoft Azure BaaS
		Amazon AWS BaaS
		Alibaba
		Accenture
		Baidu
		Huawei
		SAP BaaS
	BaaS Business Use Case
		Food Traceability With Amazon Managed Blockchain: Nestlé
		Royalties Information for Publishers With Azure Blockchain Service
		Global Shipping Business Network Oracle Blockchain-As-A-Service: CargoSmart
	Proposed BaaS Platforms
		Functional Blockchain-As-A-Service
		NutBaaS
		Full-Spectrum Blockchain-As-A-Service
		Novel Blockchain-As-A-Service
		Unified Blockchain-As-A-Service
		Public Blockchain-As-A-Service
	BaaS Governance
		Permissioned Chains
		Off-Chain Control
	Summary and Conclusions
	Core Concepts
	Activity for Better Understanding
	References
Index