Position: Home page » Blockchain » Blockchain and Information Security Integration Laboratory
Blockchain and Information Security Integration Laboratory
Publish: 2021-05-08 14:31:13
1. Chongqing jinwowo analysis: the information security advantages of blockchain technology are as follows:
first, through the application in the field of digital currency, blockchain provides a solution for the flow of capital flow (or capital flow) information on the Internet
secondly, blockchain solves the problem of right confirmation in the transaction process through encryption and reference of distributed ledger
thirdly, blockchain determines the exchange of digital assets through the technology of consensus mechanism.
first, through the application in the field of digital currency, blockchain provides a solution for the flow of capital flow (or capital flow) information on the Internet
secondly, blockchain solves the problem of right confirmation in the transaction process through encryption and reference of distributed ledger
thirdly, blockchain determines the exchange of digital assets through the technology of consensus mechanism.
2. Private key~
3. The birth of jinwowo network technology blockchain + big data technology builds a lowest cost trust mode with code. Blockchain only needs to execute code to achieve real, whole process and tamperable data records
4. The analysis of Chongqing jinwowo network is as follows:
each node on the blockchain can verify the integrity and authenticity of the account book to ensure that all transaction information is not tampered with, true and effective
every node on the blockchain keeps copies of all transaction information. When the number of data and participants on the blockchain is very large, the cost of modifying information will be very high. At least 51% of the computing power of the whole network is needed to modify information, and the modification cost may far exceed the expected revenue
when the information of some nodes is maliciously tampered with, other nodes on the blockchain will find the information that has not formed a "consensus" in a short time and maintain and update it.
each node on the blockchain can verify the integrity and authenticity of the account book to ensure that all transaction information is not tampered with, true and effective
every node on the blockchain keeps copies of all transaction information. When the number of data and participants on the blockchain is very large, the cost of modifying information will be very high. At least 51% of the computing power of the whole network is needed to modify information, and the modification cost may far exceed the expected revenue
when the information of some nodes is maliciously tampered with, other nodes on the blockchain will find the information that has not formed a "consensus" in a short time and maintain and update it.
5. In the traditional Internet era, the architecture of trust system relies on long-term accumulation and a lot of cost. The birth of jinwowo network technology blockchain + big data technology builds a lowest cost trust mode with code. Blockchain only needs to execute code to achieve real, whole process and tamperable data records, and these big data are the most valuable assets of the Internet era.
6. In view of the security characteristics and shortcomings of the existing blockchain technology, we need to build a security system around the physical, data, application system, encryption, risk control and other aspects to improve the security performance of the blockchain system as a whole
1. Physical security
the network and host running the blockchain system should be in a protected environment. According to the regulatory requirements of specific business, the protection measures can be used to protect the physical network and host by means of VPN, firewall, physical isolation, etc
2. Data security
in principle, the data exchange between nodes of the blockchain should not be transmitted in clear text. For example, asymmetric encryption can be used to negotiate key, and symmetric encryption algorithm can be used to encrypt and decrypt data. The data provider should also strictly evaluate the sensitivity and security level of the data, decide whether to send the data to the blockchain, whether to desensitize the data, and adopt strict access control measures
3. Application system security
application system security needs to start from the aspects of identity authentication, authority system, transaction rules, anti fraud strategy, etc.
relevant personnel, transaction nodes and transaction data involved in application operation should be controlled in advance and auditable afterwards. Taking financial blockchain as an example, consensus algorithm with stronger fault tolerance, anti fraud and higher performance can be adopted to avoid joint fraud of some nodes
4. Key security
to encrypt the communication data between the blockchain nodes and the key to encrypt the data stored on the blockchain nodes, the plaintext should not exist on the same node, and the private key should be properly saved by the encryption machine. When the key is lost or leaked, the system can identify the relevant records of the original key, such as account control, communication encryption, data storage encryption, etc., and implement response measures to make the original key invalid. The key should also be managed strictly in the life cycle, and should not be permanently valid. It needs to be replaced after reaching a certain time cycle
5. Risk control mechanism
there should be careful detection measures for the network layer, host operation, data access of application system, transaction frequency and other dimensions of the system. For any suspicious operation, alarm, record and verification should be carried out. If illegal operation is found, loss assessment should be carried out, remedial measures should be taken at the technical and business levels, and security measures should be strengthened, And trace the source of illegal operation to prevent further attacks
Article source: white paper on blockchain technology and application development in China
1. Physical security
the network and host running the blockchain system should be in a protected environment. According to the regulatory requirements of specific business, the protection measures can be used to protect the physical network and host by means of VPN, firewall, physical isolation, etc
2. Data security
in principle, the data exchange between nodes of the blockchain should not be transmitted in clear text. For example, asymmetric encryption can be used to negotiate key, and symmetric encryption algorithm can be used to encrypt and decrypt data. The data provider should also strictly evaluate the sensitivity and security level of the data, decide whether to send the data to the blockchain, whether to desensitize the data, and adopt strict access control measures
3. Application system security
application system security needs to start from the aspects of identity authentication, authority system, transaction rules, anti fraud strategy, etc.
relevant personnel, transaction nodes and transaction data involved in application operation should be controlled in advance and auditable afterwards. Taking financial blockchain as an example, consensus algorithm with stronger fault tolerance, anti fraud and higher performance can be adopted to avoid joint fraud of some nodes
4. Key security
to encrypt the communication data between the blockchain nodes and the key to encrypt the data stored on the blockchain nodes, the plaintext should not exist on the same node, and the private key should be properly saved by the encryption machine. When the key is lost or leaked, the system can identify the relevant records of the original key, such as account control, communication encryption, data storage encryption, etc., and implement response measures to make the original key invalid. The key should also be managed strictly in the life cycle, and should not be permanently valid. It needs to be replaced after reaching a certain time cycle
5. Risk control mechanism
there should be careful detection measures for the network layer, host operation, data access of application system, transaction frequency and other dimensions of the system. For any suspicious operation, alarm, record and verification should be carried out. If illegal operation is found, loss assessment should be carried out, remedial measures should be taken at the technical and business levels, and security measures should be strengthened, And trace the source of illegal operation to prevent further attacks
Article source: white paper on blockchain technology and application development in China
7. According to its own development experience and technical characteristics, blockchain technology laboratory summarizes the following aspects: 1; 2. Use the relevant principles of cryptography to verify the data to ensure that it can not be tampered with; 3. Multiple private key rules are used to control access rights.
8. The advantages of blockchain in information security of jinwowo group are summarized in the following three aspects:
1. Using highly rendant database to ensure the data integrity of information
2. Using the relevant principles of cryptography to verify data and ensure that it can not be tampered with
3. In terms of authority management, using multiple private key rules to control access rights
1. Using highly rendant database to ensure the data integrity of information
2. Using the relevant principles of cryptography to verify data and ensure that it can not be tampered with
3. In terms of authority management, using multiple private key rules to control access rights
Hot content