Application of blockchain in security inspection
first, through the application in the field of digital currency, blockchain provides a solution for the flow of capital flow (or capital flow) information on the Internet
secondly, blockchain solves the problem of right confirmation in the transaction process through encryption and reference of distributed ledger
thirdly, blockchain determines the exchange of digital assets through the technology of consensus mechanism.
One of the characteristics of blockchain projects (especially public chains) is open source. Through open source code, to improve the credibility of the project, so that more people can participate. But the open source code also makes it easier for attackers to attack blockchain system. In the past two years, there have been a number of hacker attacks. Recently, the anonymous currency verge (xvg) was attacked again. The attacker locked a vulnerability in the xvg code, which allowed malicious miners to add false timestamps on the block, and then quickly dig out new blocks. In a few hours, the attacker obtained nearly $1.75 million worth of digital currency. Although the subsequent attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future
of course, blockchain developers can also take some measures
one is to use professional code audit services,
the other is to understand the security coding specifications and take preventive measures
the security of cryptographic algorithm
with the development of quantum computer, it will bring a major security threat to the current cryptosystem. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signature for secure transactions. Currently, the most commonly used ECDSA, RSA, DSA, etc. can not withstand quantum attacks in theory, and there will be greater risks. More and more researchers begin to pay attention to cryptographic algorithms that can resist quantum attacks
of course, in addition to changing the algorithm, there is another way to improve the security:
refer to bitcoin's treatment of public key address to rece the potential risk of public key disclosure. As users, especially bitcoin users, the balance after each transaction is stored in a new address to ensure that the public key of the address where bitcoin funds are stored is not leaked
security of consensus mechanism
the current consensus mechanisms include proof of work (POW), proof of stake (POS), delegated proof of stake (dpos), practical Byzantine fault tolerance (pbft), etc
POW faces 51% attack. Because POW depends on computing power, when the attacker has the advantage of computing power, the probability of finding a new block will be greater than that of other nodes. At this time, the attacker has the ability to cancel the existing transaction. It should be noted that even in this case, the attacker can only modify his own transaction, but not the transaction of other users (the attacker does not have the private key of other users)
in POS, attackers can attack successfully only when they hold more than 51% token, which is more difficult than 51% computing power in pow
in pbft, when the malicious nodes are less than 1 / 3 of the total nodes, the system is secure. Generally speaking, any consensus mechanism has its own conditions. As an attacker, we also need to consider that once the attack is successful, the value of the system will return to zero. At this time, the attacker does not get any other valuable return except destruction
for the designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to select an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scene
security of smart contract
smart contract has the advantages of low operation cost and low risk of human intervention, but if there are problems in the design of smart contract, it may bring greater losses. In June 2016, the Dao, the most popular funding project of Ethereum, was attacked. The hacker obtained more than 3.5 million Ethereum coins, which later led to the bifurcation of Ethereum into Eth and etc
there are two aspects of the proposed measures:
one is to audit the security of smart contract, and the other is to follow the principle of smart contract security development
the security development principles of smart contract are: to be prepared for possible errors, to ensure that the code can correctly handle the bugs and vulnerabilities; Release smart contracts carefully, do well in function test and security test, and fully consider the boundary; Keep smart contracts simple; Pay attention to the threat intelligence of blockchain and check and update in time; Be clear about the characteristics of blockchain, such as calling external contracts carefully
security of digital wallet
there are three main security risks in digital wallet: first, design defects. At the end of 2014, a user lost hundreds of digital assets e to a serious random number problem (repeated r value). Second, the digital wallet contains malicious code. Third, the loss of assets caused by the loss or damage of computers and mobile phones
there are four main countermeasures:
one is to ensure the randomness of the private key
The second is to check the hash value before installing the software to ensure that the digital wallet software has not been tampered with The third is to use cold wallet The fourth is to back up the private keyblockchain is a decentralized and distributed electronic classified accounting method based on the model of providing absolute security and trust. Using encryption technology, transactions are recorded chronologically and publicly, and each block has a timestamp and a link to the previous block. Importantly, these digital "blocks" can only be updated through the consensus of all participants, and data interception, modification and deletion are almost impossible.
Blockchain technology can help us improve the security of encryption, authentication and other protection mechanisms, which is absolutely good news for the Internet of things security and DDoS Defense Community
blockchain has the potential to become an important solution for safe communities, as well as for the financial, energy and manufacturing instries. At present, verifying bitcoin transaction is one of its main uses, but this technology can also be extended to smart grid system, content delivery network and other application scenarios
how to apply blockchain to network security
whether it's protecting data integrity or using digital identification technology to prevent Internet of things devices from DDoS attacks, blockchain technology can play a key role, at least now it has shown this ability
Internet of things security and DDoS Defense Community
a blockchain startup claims that its decentralized "billing" system can help users resist DDoS attacks with traffic over 100gbps. Interestingly, the company said that this decentralized system allows users to rent their own extra bandwidth and submit their bandwidth access rights to the distributed nodes of the blockchain. When a website suffers from DDoS attacks, the website can use the leased bandwidth to mitigate DDoS attacks
improve confidentiality and data integrity
although the original design of blockchain did not consider the specific access control, now some blockchain technology implementation has solved the problems of data confidentiality and access control. In this era, any data may be tampered, which is obviously a serious problem, but the complete data encryption maliciously guarantees that the data will not be accessed or tampered by others through man in the middle attack in the transmission process
the whole IOT instry needs data integrity protection. For example, IBM's Watson IOT platform allows users to manage IOT data in a private blockchain network, which has been integrated into their big blue cloud service. In addition, Ericsson's blockchain data integrity service provides comprehensive audit, compatible and reliable data services to allow developers to use predix PAAS platform for technical implementation
one of the best applications is the transformation of our public sector and the creation of citizen centered infrastructure. This will enable the public to have their own identity and every transaction can be verified. We can use smart contracts and signed assertions to formulate elements of public services, such as benefits, etc
Internet of things & amp; Smart devices
now the attention of the whole IT community has begun to shift to the Internet of things & amp; Smart devices are on the rise, and security is absolutely one of the primary considerations. Although the Internet of things can improve our work and proction efficiency, it also means that we need to face more security risks. As a result, many companies seek to apply blockchain to protect IOT and instrial IOT (iiot) devices because blockchain technology can enhance authentication, improve data traceability and mobility, and assist record management
according to Alexey malanov, an anti-virus expert at Kaspersky laboratory, blockchain technology helps to track hacker attacks, adding:
"network intruders usually clear the permission log to hide traces of unauthorized access to devices. But if the logs are distributed in multiple devices (for example, through blockchain Technology), the risk can be reced as much as possible. "
German Klimenko, chairman of the digital economy development fund, said: "at present, the Ministry of defense is vigorously promoting it development and research, which is a good thing for the instry."
NATO and the Pentagon are also studying the "defensive" Application of blockchain. This technology is actively used to protect the system from network attacks. NATO will use blockchains to protect financial information, supply and logistics chains, while the Pentagon is developing a data transmission system to prevent hackers
in general, blockchain technology is not omnipotent, at least not yet. Whether from the perspective of technical integrity or system implementation, the current blockchain technology can not guarantee the security of the device 100%. Note: the above content comes from the Internet
China's blockchain instry ecology has initially taken shape, and the number of enterprises has increased rapidly. According to the white paper on China's blockchain instry in 2018 previously released by the information center of the Ministry of instry and information technology, as of the end of March 2018, the number of blockchain companies with blockchain business as the main business in China has exceeded 450, and the instry has initially taken shape
the Ministry of instry and information technology proposes that the blockchain instry is still in the initial stage, and the positive value of technology is graally emerging, but there are still risks that can not be ignored in the development process, such as challenges to the current system and norms, technical loopholes, etc. The Ministry of instry and information technology proposed that it will accelerate the innovation and application of blockchain technology, especially strengthen the improvement of computing capacity, storage capacity and integration penetration capacity, build a good instrial ecology, and promote the healthy development of blockchain instry