Blockchain and Its Security: Ignore or Insert into Academic Training?

. At present, the blockchain technologies (BCT) cause a serious burst of interest of young people in the first place. Not to meet the rising demand and not to pay attention to the BCT during the training means not to be modern. Any educational institution, which doesn’t offer courses in the BCT, is going to be left behind as a non-competitive. The paper analyzes a state of the current training in the BCT worldwide, paying special attention to security issues. It also lists standards and books, which can support this training. On these bases, the desired competencies after mastering a full-time BCT course and an exem-plary structure of this course are proposed.


INTRODUCTION
Starting from 2009 with Bitcoin, there are countless publications advertising the "magic" of blockchain (BC) technologies (BCT) and supporting a high level of "hype" around their usage [1].The BCT for creating verifiable digital records have shown notable success not only in digital currencies but also in financial application domains (like online payments, currency exchanges, money services and transfers, soft and hard wallets, trade finance, markets, microtransactions, investments, brokerage, insurance, etc.), as well in non-financial domains (like digital identity management, authentication and authorization, digital content storage and delivery systems, smart contracts, certification validation systems, application development, real estate, election voting, patient medical records management, distributing the workload for communication system, computer systems that must comply with legal agreements without human intervention, etc.).If someone will use the "blockchain" word as a search criterion in the IEEE digital library as well as in Scopus and WebofKnowledge databases, many titles will be returned in the reply.For example, the search for 2018 returned 1427 from Scopus, 418 items from WebofKnowledge and 605 from the IEEE digital library (access date 06.11.2018)!But in 10 years the BCT is not well understood as yet, and no single agreed definition of this technology has appeared.Some of the most known BC definitions are quoted below:  UK Government, 2016: "A distributed ledger technology" [2];  PriceWaterhouseCoopers, 2016: "A decentralized ledger of all transactions across a peer-to-peer network, where participants can confirm transactions without the need for a certifying authority" [3];  OpenBlockchain, 2017: "A technology that enables the secure and resilient management of distributed data in combination with data analytics techniques that add scale and flexibility" [4];  Wilson, 2017: "It is not a "trust machine".By the blockchain protocol, it only reaches consensus about one specific technicality -the order of entries in the ledger, free of bias" [5];  Nielson, 2017: "A distributed file system that keeps files copies of the participants who agree on the changes by mutual consensus, where the file consists of blocks and every block has a cryptographic signature of the last block, making an immutable record" [6];  Primechaintech, 2018: "A peer-to-peer network which timestamps records by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work" [7].
We define a BC as a secure distributed data structure (database, DB) that maintains without centralized administration and data storage a constantly expanding list of noneditable time-stamped blocks (records) and sets rules about transactions which are tied to these blocks [8].
So far as the BCT cause such a serious burst of interest to them of young people in the first place, not to meet the rising demand and not to pay attention to the BC during the training means not to be modern.Speaking easier, any educational institution, which doesn't offer courses in the BC, is going to be left behind as a non-competitive.That is why the goal of the paper is to analyze a state of the current training in the BCT and to work out on this basis some recommendations for conducting it for security professionals, paying special attention to security issues.To achieve this goal the paper is organized as follows.Survey of the BCT training worldwide is given in Section 2. Standards as the basis for the BCT training are discussed in Section 3. Section 4 is devoted to books, which can support the BCT training.The desired competencies after mastering a full-time BC course are formulated in Section 5.An exemplary structure of the course in the BCT is proposed in Section 6.

Survey of the BCT training worldwide
The efforts to develop individual disciplines (courses) in the BC started a few years ago.The Coinbase Company reviewed BC course catalogs at the top 50 universities [9].Their study was focused on classes available to undergraduate-level students in the fall 2018 semester or the most recent semester, for which information was available online.We used it to begin our search on the BCT courses worldwide. Linux Foundation: the "Blockchain for Business -An Introduction to Hyperledger Technologies" course covers key features of the BCT and the differentiators between various types of Hyperledger projects (10w-3-4hpw);  Linux Foundation: the "Blockchain: Understanding Its Uses and Implications" course analyzes the concept of transparent ledgers, both public and permissioned, and focuses on using cryptography to achieve consensus, immutability, and governance of transactions (5w-3-4hpw);  University of Hong Kong: the "Blockchain and FinTech: Basics, Applications, and Limitations" course discusses the BCT, the differences of the various existing BC platforms, applications best fit the BCT, as well as limitations and the downside of the BC with respect to the protection of criminal activities (6w- This list can be continued more and more, but from our perspective, it is enough information to define main competencies for those who will master a course in the BCT.

Standards as the basis for the BCT training
In 2016, the ISO/TC 307 "Blockchain and distributed ledger technologies" has been created for standardization of the BCT and distributed ledger technologies (DLT).This technical committee combines several specialized and working groups, namely "Blockchain and distributed ledger technologies and IT Security techniques", "Foundations", "Use cases", "Security, privacy and identity", "Smart contracts and their applications", "Governance of blockchain and distributed ledger technology system" and "Interoperability of blockchain and distributed ledger technology systems".The IEEE P2418.1 standard for the framework of BC use, implementation, and interaction in one particular application -IoT -has started in June 2017 with June 2019 as an expected date of draft submission to the IEEE-SA.This framework will include BC tokens, smart contracts, transaction, credentialed network, permissioned and permissionless IoT BC enable decentralized, autonomous peer-to-peer, consumer-tomachine and machine-to-machine communications without the need for a trusted intermediary and address scalability, interoperability, security and privacy challenges with regard to BC in IoT.
The Draft NISTIR 8202 "Blockchain Technology Overview" [1] discusses how the BC works, especially when applying to electronic currency.It shows the BCT's broader applications (banking, supply chain, insurance, healthcare, trusted timestamping, energy industry) and highlights some of their limitations, concerning the BC control, malicious users, no trust, resource usage, transfer of burden of credential storage to users, and Private/Public Key Infrastructure and identity.This draft defines the high-level components of BC system architecture like transactions, blocks, hashes, forks, etc.It describes how new blocks are added to the BC and how consensus models resolve conflicts among miners.Different BC permission models and their use case examples are introduced.The draft also covers smart contracts and BC platforms in use today.Here we rely on this document as the only one is currently publicly available.
We hope that for the beginning of the next educational year some of these standards will be adopted and published, so they could be used as a basis for the training.

Books support for the BCT training
As our search has shown, there are a lot of books, which can be taken as the basis for conducting training in the BCT.Here is a list of books published in 2016-2018 and available on the book markets in alphabetic order (with their volumes in pages):

Desired competencies after mastering a full-time BCT course
Based on a detailed analysis of all the previously mentioned courses, the content of standards and some of the books listed above, we are ready to formulate what students who have completed full-time semester training on a BCT-related course will know and be able to do.Upon successful completion of this training, students should:  Know and understand what the BC is and the terminology used;  Know where, how and why the BCT can be used in the modern world;  Know and get a deep understanding of international standards on the BC;  Know key BC's theoretical principles and practices and understand how they can be applied within an individual business environment;  Have a deep understanding of how to build a BC (meaning building a blockchain system from scratch);  Understand BC's security and know its vulnerabilities and security risks.Besides this, students should master basic BC handling skills and be able to:  Identify and analyze the challenges and prospects of the BCT and propose or develop systems and services that address them;  Develop or participate in developing the BCT itself and the things that interact with the BC (like developing a new BC protocol or improving existing one, understanding and being able to apply cryptography used in BC systems, designing a distributed system architecture, innovative systems, and services that complement and extend the existing BC concept);  Implement requirements of international standards on the BCT;  Carry out the synthesis and analysis of design projects on distributed ledgers, smart contracts, and applications for the BCT;  Analyze and compare different BC platforms, as well as select the right BC platform to be applied within an individual business environment;  Analyze best practices of the BCT applications, specify business opportunities, and apply the BCT-based innovative solutions to address business problems;  Conduct a security risk assessment for the BCT and propose a set of measures (rules, procedures, practical methods, guidelines, and tools) to mitigate them.Of course, the given list of knowledge and skills can be taken only a basis.It does not pretend to completeness as every educational institution training on the BCT can broaden it according to the country and its business specific, for example.

6
Exemplary structure of the course in the BCT Based on the above-formulated knowledge and skills, it is possible to determine the structure of a typical full-time 1-semester university course in the BCT for a Master's degree programme as it requires some prerequisites as knowledge in cryptography, networks, information security and so on.

CONCLUSION
After a detailed study of the issue put at the beginning, for us it is obvious that teaching the BCT and their security is the urgent need of today.The next steps in preparing a course with the proposed structure for teaching in the MEPhI in the framework of the "Business Continuity and Information Security Maintenance" Master's degree programme since the Autumn 2019 semester will include the development of all educational and methodical materials required for its support, a set of laboratory works to acquire the necessary skills and a web site as a tool for coordinating the educational process and providing a teacher-student interaction during it.
It was found that 42 % of the top 50 universities offer at least one class on BC or cryptocurrency, and 22 % offer more than one.These courses are most prominent in the U.S.Only 5 of the 18 international universities on the list (27 %) offer at least one class.And only two -Swiss Federal Institute of Technology Zurich and National University of Singapore -offer more than one.Our analysis shows that at present the training proposed can be divided into two groups: the first one is designed for distance learning only and the second one for face-to-face full-time (not online) training.The first group is represented by the following universities and companies, providing training in the BCT by means of online, usually paid open courses (on successful completion of these courses, students earn certificates) and even master's degree programmes (like the last item in the list): Blockchain and a Cryptocurrency from Scratch" course by D.J.Katz (6.5h-71l-5a) discusses the implementation of the BC, gives understanding of the main concepts like Proof-of-Work, mining, peer-to-peer connections, etc. and how to build your own BC, create a NodeJS application with real-time websocket connections and build an API with NodeJS and Express; B9Lab ACADEMY [https://academy.b9lab.com],an independent firm in London and Hamburg working in collaboration with private industry and higher education, provides several online courses in the BCT, consults with businesses who want to make use of it, and performs crucial research on the BCT developments and applications.Students have access to experienced tutors via a dedicated slack channel.Students who complete their studies successfully receive a certificate in the BC, backed up by the Ethereum network;  University of Nicosia (Cyprus): the first full, 3-semester long Master's degree programme in digital currency offered through distance learning [https://digitalcurrency.unic.ac.cy/about-the-program].The majority of the courses consist of lectures delivered by the faculty, but in some cases by guest lecturers with academic and business background related to topics covered in courses.Practical exercises, individual and group projects, simulations and case study analyses form an integral part of the programme.One additional note: the UNIC is the first university to accept Bitcoin as payment for tuition.The second group of face-to-face full-time (not online) courses in represented mostly by American universities having specialized research centers in their structures supporting training in the BCT.They are appeared in the list in alphabetical order, not in any scientific or statistical ranking:  Cornell University with the support from Cornell's IC3 (Initiative for Cryptocurrencies and Contracts) research organization has created in 2017 the Cornell Blockchain project [https://cornellblockchain.org] to provide education, certification, and application of the BCT for students and corporate clients.Unfortunately, the content of this web site is available only to its members;  Duke University's Blockchain Lab [http://www.dukeblockchainlab.com] is a specialized, student-led research center designed to bring students and faculty alike up to speed on the newest developments in the BCT through lectures, interest groups, and workshops.On the web site, there are some links to the selected resources for further learning, research, news, etc.;  Center for Financial Markets and Policy of the Georgetown University' McDonough School of Business [https://finpolicy.georgetown.edu/about] is one of the most notable academic studies in the BC, sponsoring an annual international BC Summit and seminars and publishing white papers and analysis of BC's impact on finance and investment;  Massachusetts Institute of Technology is one of the world's authorities on the BCT through the Media Lab's Digital Currency Initiative [https://dci.mit.edu], which is working to push the BC development with research projects, papers, and groups while raising awareness of its risks and potential;  New York University's Stern School of Business has the BCT as an integral part in the FinTech MBA program [http://www.stern.nyu.edu/programs-admissions/full-time-mba/academics/areas-interest/fintech]focused on technology's impact on finance, including analytics, artificial intelligence, and the BC.They offer the "Digital Currencies, Blockchains, and the Financial Services Industry" course in the BC.The first course was offered in 2014;  Blockchain at Berkeley at the University of California at Berkeley [https://blockchain.berkeley.edu] is a student-led organization, uniting students, alumni, and community members to offer education, research, and consulting in the BCT and their future uses via workshops, lectures, seminars, and meetings.They offer the 1-semester "Blockchain Fundamentals" course with 1 hour of lecture per week and 1 hour of interactive discussion.Among their workshops are the following: "What is Blockchain (Introduction to the BC)", PwC Academy conducts the "First touch to Blockchain.Features and application of blockchain technology" 4-hours face-to-face master class [https://training.pwc.ru/seminars/workshop-blockchain],introducing the use of the BCT in the financial sector, its purpose, open and closed types, and distinctive advantages.Cryptoacademy [https://cryptocademy.ru]offers several 6-hours intensive courses in the BCT.Blockchain Academy [https://block.academy/ru/edu/]has several 1-2-days face-to-face programmes for banks, developers, and investors.The "Blockchain Basics" online course from the Skillbox Company consisting of 10 seminars and 5 assignments is available at [https://skillbox.ru/blockchain].Luxoft Training [https://www.luxoft-training.ru/kurs/blokcheyn_i_kriptovalyuty.html]teaches the "Blockchain and Cryptocurrencies" 6-hours course.
3-4hpw); On Udemy [https://www.udemy.com](only the first 7 courses with the best scores are represented here):  The "Blockchain and Bitcoin Fundamentals" course by G.Levy (2.5 hours of video, 37 lectures (l), 2 articles(a)) learns all about the fundamentals, including how miners and block hashes work;  The "The Basics of Blockchain: Ethereum, Bitcoin, & More" course by T.Serres, B.Warburg, Dr.Bull (3.5h-51l-4a) gives fundamentals of the BCT;  The "Blockchain for Business 2018: The New Industrial Revolution" course (6h-60l-3a) develops solid fundamental understanding of the inner workings of BC with detailed explanations of mining, decentralized consensus, cryptography, smart contracts and many other important concepts;  The "Blockchain A-Z™: Learn How To Build Your First Blockchain" course by H. de Ponteves (14.5h-94l-9a) learns how to build a BC, create a cryptocurrency and smart contracts;  The "Ethereum & Solidity: The Complete Developer's Guide" course by S.Grider (24h-246l-13a) teaches how to use Ergereum, Solidity and secure Smart Contracts to build applications based on the BC and to use the latest version of Ethereum development tools;  The "Become a Blockchain Developer with Ethereum & Solidity" course by S.Agrobast (15h-86l-4a) learns from the very basics to advanced levels how to develop a distributed application, to unit test them and create a user interface for them, and to use the Truffle build/testing framework;  The "Build a "Bitcoin (How a Bitcoin transaction works)", "Ethereum (Introduction to Ethereum)", "Consensus Algorithms (Algorithms, data structures and scripting)", "Smart Contract Security (Programming smart contracts with Ethereum)", "How to Consult (Lessons learnt from the BC)", "Blockchain vs Database (What makes the BC unique)", "Smart Contracts and Business (What makes the BC unique)", and "EVM (Ethereum Virtual Machine)";  Decentralized Systems Lab of the University of Illinois at Urbana-Champaign [http://decentralize.ece.illinois.edu] is a multidisciplinary research center for educating and extending the academic conversation with research projects and papers, as well as creating the BCT.In 2018, they offered the half-semester "Smart Contracts and Blockchain Security" course (2 credits, slides are available at http://soc1024.ece.illinois.edu/teaching/ece398sc/spring2018/);

Section 4. BC vulnerabilities and limitations and how to overcome them Module
The following exemplary detailed structure is proposed for a classical course in the BCT.Providing hash values for data in the BC; Detecting changes in data; Asymmetric cryptography in the BC for identifying accounts and authorizing transactions; Merkle tree; Cryptographic Changes and Forks Module 9. Transactions and data storage in the BC o Creating a new block for inclusion into the BC; Chaining blocks; Verifying and adding transactions; Distributing the data store among peers 10.BC vulnerabilities and limitations o BC control and hidden centrality; The security model utilizing asymmetric cryptography; No trust; Lack of privacy; Resource usage; Limited scalability; High cost; Critical size; Malicious users; Double spending as a problem of distributed peer-to-peer systems of ledgers and how to solve it; Transfer of burden of credential storage to users; Conflicting BC goals: transparency vs. privacy, security vs. speed; Lack of legal acceptance; Module 11.How to overcome some BC limitations o Redactable BC by Accenture Section 5. Using the BC Module 12. Specific BC use cases o Finance, digital identity, notary services, voting, manufacturing, IoT, supply chain, security, etc. BC use cases; Detour to the emergence of cryptographic currencies; introduction to BC platforms: Bitcoin, Ethereum, Ripple, etc.; Hyperledger project; Multichain platform; Economical, social, cultural and political implications of the BC; Module 13.BC research and further development o Research and development in the BCT; o Further BC development Section 6. BC Project Option 1 -Choose a BC topic from the given content for its detailed discussion Option 2 -Create a BC business plan for the application area selected Option 3 -Create a BC for the application area selected