Vulnerablity analysis of Azure Blockchain Workbench key management system

TL;DR

This paper analyzes vulnerabilities in Azure Blockchain Workbench's key management system, identifying potential threats and assessing their likelihood to improve understanding of security risks in blockchain key management.

Contribution

It provides a detailed threat assessment of Azure Blockchain Workbench's key management, highlighting vulnerabilities and protection levels based on public reports and technical documentation.

Findings

Threats identified at each key management stage

Assessment of threat likelihood within Azure environment

Protection levels categorized as fully, partially, or not protected

Abstract

With rise of blockchain popularity, more and more people seek to implement blockchain technology into their projects. Most common way is to take existing blockchain stack, such as Azure Blockchain Workbench or Oracle Blockchain Platform. While the blockchain technology is well-protected by its algorithms it is still vulnerable because its privacy relies on regular cryptography. And mistakes or vulnerabilities in key management protocols can affect even the most secure blockchain projects. This article considers question of vulnerabilities within Azure Blockchain Workbench key management system. We describe potential threats for each stage of key management lifecycle based on public reports and then assess how likely are those threats to realize within Azure Blockchain Workbench environment based on the technical documentation for Azure Blockchain Workbench and Azure Key Vault. Finally, we compile results of our assessment into the key management threat table with three distinct degrees of protection: fully protected, partially protected and not protected.