The concept of cryptocurrency and blockchain gained wider public attention in the second half of 2017 and the first three weeks of 2018. Perhaps from the perspective of technological development itself, blockchain technology has not developed particularly significantly in the past year, but the interest of the capital circle and the public remains a driving force for the continued growth of the technology.
The current cybercrime is increasingly complex, and financial transaction data, health care records, personally identifiable information, and information assets are all important sources of assets that hackers can profit from through attacks (DDoS, extortion, etc.). And will this new blockchain technology become a barrier or a barrier to cybersecurity? Decentralized, digital public accounts, which may help enhance the cyber defense capabilities of the platform? Is the application consensus mechanism enough to stop fraudulent activity? This paper will explain the security protection issues that should be considered when applying blockchain technology from the perspective of enterprise blockchain application.
First, the basic concept
Blockchain technology can be understood as a distributed data store, or a publicly available book of transactions/digital events. Every transaction that you want to record and store on a public ledger needs to be confirmed by a consensus mechanism that is passed by most of the participants in the system. After the transaction information is included in the blockchain, no one can delete this information. So, the blockchain contains all the identified verified transaction records. In a simple analogy, in a market environment that is supervised by thousands of people, you can't "make a crime" like an unscrupulous wind.
The most typical example of a blockchain application is Bitcoin, a cryptocurrency and bitcoin that are firmly tied together, and the value of an anonymous currency that does not require government regulation exceeds $100 million. This will touch on the issues of regulation by some governments and financial institutions. The underlying technology of Bitcoin should be designed without problems. It has performed well for many years and has many solutions for financial applications and non-financial applications. Although blockchain technology has not experienced errors in the practice of 2008 to the present, with the development of technology, this does not guarantee that problems will not be discovered in the future.
Second, data confidentiality
In the classic CIA security three-principle model, we know that confidentiality, integrity, and availability are the three goals of information security.
From the perspective of information security confidentiality, how to protect the access and use of data has always been a difficult task. No matter how much money a company or organization puts into the security system, all of these efforts can be wasted if the employee or user's password is stolen by hackers.
The blockchain can provide a strong verification mechanism. When applying blockchain technology to develop applications, considering the access rights of the network is still the most basic line of defense in data security protection. If an attacker can gain access to the blockchain node, authentication and authorization control may still be affected, and eventually may be broken by hackers like other technologies, affecting the data protection strategy.
Of course, in the design of the blockchain technology itself, permission control has been taken into account, but there are also some blockchain applications that add other confidentiality and access control mechanisms to the native settings (eg, block encryption and AAA). Features). The complete encryption of block data ensures that unauthorized parties cannot steal data while it is still in transit (especially on untrusted networks).
Network permission
In the case of public-chain applications, we usually do not need to restrict network permissions because the public-chain protocol has allowed everyone/nodes to participate in the blockchain network. The private chain, on the other hand, requires a more appropriate security control strategy to protect the access rights of the network. In order to protect the private attributes of the private chain, local networks and systems also need to apply multiple layers of security protection (firewall, VPN, VLAN, intrusion detection and intrusion protection systems, etc.) to perform so-called defense-in-depth strategies. But the reality is that these security control strategies still can't guarantee security. A better suggestion is to add security control functions directly to the blockchain application, becoming the first and most important defense line in the private chain.
In addition, enterprises need to consider how to properly handle nodes in the blockchain network architecture that cannot be connected and staged. Blockchain applications also need to guarantee performance if these nodes are not working. And when these nodes can work, how can they be used to increase the speed? Companies also need to consider the overall security risk profile and differentiate risk levels, with a focus on protecting core assets.
In order to meet the above requirements, the blockchain application needs to include advanced security control functions such as application PKI (Public Key Infrastructure) to authenticate and authorize users. Enterprises can leverage distributed public key systems to authenticate devices and users, providing each device with a specific SSL certificate instead of a password. If the management of the certificate data is done on the blockchain, the attacker can no longer use the fake certificate.
2. Data permissions and disclosure
If the blockchain data transmission of the enterprise is performed by full encryption, it is generally guaranteed that the data will not be stolen and read by the three parties. But if the application continues to combine PKI and encryption keys, it can provide a higher level of security for the enterprise. If a company increases the secure communication protocol, even if an attacker attempts to implement a man-in-the-middle attack, the attacker will not be able to falsify the other party's identity or leak data during the transmission.
Third, data integrity
Protecting the integrity of data is a particularly important part of the information system's life cycle. Data encryption, hash comparison, or the use of digital signatures are all ways in which system users can guarantee data integrity in different states (transmission, idle, in use).
The built-in nature of the blockchain, the data that the consensus mechanism and the public ledger bring, cannot be tampered/trackable, and is another way to ensure data integrity for the enterprise. Based on the above, some existing views believe that blockchain technology can completely replace the status of traditional databases.
Unmodifiable
Blockchain technology can be considered to be a security technology to a certain extent because it allows technical users to believe that the transaction content stored on the tamper-proof distributed ledger is valid. Its distributed architecture, sequential hashing, and cryptography mechanisms are able to withstand hackers who are eager to attack—the attack blockchain is obviously quite different from attacking a normal database. The application of enterprise application blockchain construction can be guaranteed in two dimensions of data integrity and trustworthiness.
The consensus mechanism of the blockchain can ensure that the node will have a confirmation of the validity of the transaction before it is added to the chain. Enterprises can also add further restrictions to avoid 51% attacks when most nodes fall into the same party.
2. The right to forget the data
The data in the blockchain can't be modified, which makes us think about the relevant provisions of the EU GDPR (Data Privacy Protection Agreement) that will be implemented in May this year. Technology companies need to realize the forgetting of user data, that is, under certain circumstances. Businesses need to provide conditions for users to permanently delete certain data. If the data in the blockchain node cannot be modified or deleted, wouldn't it be a great challenge in terms of network security information compliance?
Obviously, companies still have plans to implement data forgotten functions in blockchain applications. One of the solutions is that the enterprise can encrypt the user's personal data and store it on the block, and delete the key when the forgetting is needed to ensure that the sensitive data is permanently inaccessible.
3. Can track
Every transaction added to the public or private chain is digitally signed and time stamped. Therefore, the company can trace the specific time of each transaction and identify both sides of the transaction (via the public address) on the blockchain.
This traceable feature means that the parties to the transaction are undeniable, which ensures that the hacker cannot copy the signature for forgery, avoiding the tampering of transaction content and fraudulent transactions in the blockchain application. Any new transaction will be included in the global ledger. During each iteration, the previous state is stored, forming a traceable log. This auditable capability provides additional security to the enterprise.
4. Data quality
Since the private chain and the public chain are only guaranteeing the accuracy of the data after it is placed in the block, the blockchain technology cannot guarantee the quality of the data.
Fourth, data availability
Since the information is dynamic and the moments are changing, the user who granted the access rights needs to maintain access to the data during the change. When NIST describes data availability, it is defined as "the right to ensure timely and reliable use of information."
Against DDoS
In 2017, we often see cyber attacks that affect usability. Frequent DDoS attacks can also cause great damage to network services.
The distributed nature of the blockchain is characterized by the fact that it has no "entry" or single point of error for intrusion, and is more secure than the current database-driven transaction storage architecture.
On a distributed platform, if a hacker wants to implement a DDoS attack, it will cost a lot more, and use a large number of transactions to break the upper limit of the blockchain network. The decentralized architecture and P2P mechanism will reduce the pressure on the server side of the previous centralized C/S architecture.
Of course, enterprises should also add some necessary anti-D protection measures in the network layer and application layer of the blockchain application.
V. Summary
In 2016 and 2017, blockchain technology has attracted a large number of financial and technology companies to invest, and many investors believe that this technology has the ability to change multiple industries (such as medical, public affairs, energy, industry, direct financial industry), But the status quo is that major companies still don't understand the technology and its maturity, and the knowledge of the blockchain is an unrealistic illusion - they want to deploy blockchains to gain benefits, but for blockchains. Core competencies are not fully understood.
Usually, fantasy can easily lead to the accumulation of “bubblesâ€. When some people are rebuking this “blockchain revolution†is a replica of the Internet bubble decades ago, what we can do is look at the technology itself to the world. What to bring, because there are always people who can stand on the beach when the bubble fades.
9V Power Adapter,Dc 9V Power Adapter,Adapter Dc 9V,9V 8A Adapter
ShenZhen Yinghuiyuan Electronics Co.,Ltd , https://www.yhypoweradapter.com