区块链存储层安全风险分析,区块链存储层安全风险评估

① What risks does the blockchain face that need to be addressed

Although the blockchain industry is experiencing rapid development driven by the influx of capital and talent, as an emerging industry, its frequent warnings about security vulnerabilities have triggered concerns about blockchain risks.

Yu Kequn, director of the National Information Technology Security Research Center, pointed out that the emergence of blockchain has brought a lot of expectations to people regarding issues such as privacy exposure, data leakage, information tampering, and online fraud. However, there are still many challenges in the security of blockchain.

Li Bin, assistant director of the China Information Security Evaluation Center, analyzed that the current blockchain is divided into three types: public chain, private chain, and alliance chain. No matter which type has different advantages in algorithms and protocols, There are security challenges in many aspects such as , usage, time limits and systems. What is particularly critical is that the current blockchain is still facing the 51% attack problem, which means that nodes have the ability to successfully tamper and forge blockchain data by mastering more than 51% of the calculation examples in the entire network.

It is worth noting that in addition to the risk of external malicious attacks, the blockchain also faces the threat of its endogenous risks. Yu Kequn reminded that how to build a complete secure application system around the equipment, data, applications, encryption, authentication and permissions of the entire blockchain application system is an important issue that all parties must face.

Wu Jiazhi also analyzed that as an emerging industry, practitioners in the blockchain industry lack security awareness, resulting in the current blockchain-related software and hardware having a low security factor and a large number of security loopholes. In addition, , there are many links in the entire blockchain ecosystem. In comparison, the relevant security practitioners are dispersed and it is difficult to form a joint force to solve the problem. Meeting the above challenges requires systematic solutions.

Content source China News Service

② How to solve blockchain security issues

One feature of blockchain projects (especially public chains) is open source . Open source code improves the credibility of the project and allows more people to participate. But the openness of source code also makes it easier for attackers to attack the blockchain system. There have been many hacker attacks in the past two years. Recently, the anonymous currency Verge (XVG) has been attacked again. The attacker has locked a vulnerability in the XVG code, which allows malicious miners to add false times to blocks. After stamping, new blocks were quickly mined, and nearly US$1.75 million worth of digital currency was obtained in just a few hours. Although the attack was successfully stopped, no one can guarantee whether the attacker will attack again in the future.
Of course, blockchain developers can also take some measures
The first is to use professional code audit services,
The second is to understand safe coding standards and nip problems in the bud.
Security of cryptographic algorithms
The development of quantum computers will bring major security threats to the cryptographic systems currently used. Blockchain mainly relies on elliptic curve public key encryption algorithm to generate digital signaturesTo securely trade, currently the most commonly used ECDSA, RSA, DSA, etc. cannot withstand quantum attacks in theory, and there will be greater risks. More and more researchers are beginning to pay attention to cryptographic algorithms that can resist quantum attacks.
Of course, in addition to changing the algorithm, there is another way to improve security:
Refer to Bitcoin's handling of public key addresses to reduce the potential risks caused by public key leaks. As a user, especially a Bitcoin user, the balance after each transaction is stored in a new address to ensure that the public key of the address where Bitcoin funds are stored is not leaked.
Security of consensus mechanism
The current consensus mechanisms include Proof of Work (PoW), Proof of Stake (PoS), and Delegated Proof of Stake (DPoS). , Practical Byzantine Fault Tolerance (PBFT), etc.
PoW faces 51% attack problem. Since PoW relies on computing power, when an attacker has a computing power advantage, the probability of finding a new block will be greater than that of other nodes. At this time, it has the ability to undo transactions that have already occurred. It should be noted that even in this case, the attacker can only modify his own transactions and not the transactions of other users (the attacker does not have the private keys of other users).
In PoS, an attacker can only successfully attack when he holds more than 51% of the token amount, which is more difficult than 51% of the computing power in PoW.
In PBFT, the system is safe when the malicious nodes are less than 1/3 of the total nodes. In general, any consensus mechanism has its conditions for establishment. As an attacker, you also need to consider that once the attack is successful, the value of the system will be reduced to zero. At this time, the attacker has nothing to do except destroy it. Get other valuable rewards.
For designers of blockchain projects, they should understand the advantages and disadvantages of each consensus mechanism, so as to choose an appropriate consensus mechanism or design a new consensus mechanism according to the needs of the scenario.
Security of smart contracts
Smart contracts have the advantages of low running costs and low risks of human intervention. However, if there are problems with the design of smart contracts, it may cause greater losses. In June 2016, The DAO, Ethereum's most crowdfunded project, was attacked. Hackers obtained more than 3.5 million Ethereum coins, which later caused Ethereum to fork into ETH and ETC.
The measures proposed in this regard have two aspects:
The first is to conduct security audits of smart contracts,
The second is to follow the principles of safe development of smart contracts.
The safe development principles of smart contracts include: be prepared for possible errors and ensure that the code can correctly handle bugs andVulnerabilities; publish smart contracts carefully, do functional and security tests, and fully consider boundaries; keep smart contracts simple; pay attention to blockchain threat intelligence, and check for updates in a timely manner; be clear about the characteristics of the blockchain, such as cautiously calling external contracts, etc. .
Security of digital wallets
Digital wallets mainly have three security risks: First, design flaws. At the end of 2014, a serious random number problem (duplication of R values) caused users to lose hundreds of digital assets in a certain lottery. Second, digital wallets contain malicious code. Third, lost assets caused by loss or damage of computers and mobile phones.
There are four main countermeasures:
The first is to ensure the randomness of the private key;
The second is to verify the hash value before installing the software to ensure that the digital wallet software has not been tampered with ;
The third is to use a cold wallet;
The fourth is to back up the private key.

③ Is blockchain safe?

Hi, everyone, I am your Q&A assistant—Zi Xiaochen. Recently, blockchain resistance has been widely concerned and discussed. But there are many people who don’t know much about its safety. So today we will talk about the security issues of blockchain.
First of all, would you like to hear an easy-to-understand metaphor? A friend of mine joked: "The blockchain is like a password lock. Without the password, no one can open it." Although this is simple and interesting, it makes a lot of sense. Since the blockchain uses distributed ledger technology, data is stored in a huge network, and the transmission between each node uses asymmetric encryption, the blockchain has extremely high security, and third-party attacks are very vulnerable. difficult.
Secondly, of course there are some security issues that need attention. For example, hacker attack methods such as "51% attack" can pose a threat to the blockchain. In addition, there are also security risks in virtual currency trading venues, such as Bitcoin exchanges, and you need to pay attention to precautions. Therefore, when choosing a blockchain platform or participating in virtual currency transactions, you need to know more and consider carefully to avoid losses.
In short, blockchain is an open technology, which has huge advantages in ensuring data security and preventing tampering. But we also need to be alert to potential security risks and choose reliable platforms and exchanges to participate in cryptocurrency investments.
I hope my answer can help you better understand the blockchain and its security issues. If you have any questions or want to share your experience, please feel free to message me privately! Finally, don’t forget to like, comment and forward, follow my articles, more content is waiting for you!

④ What are the main data security measures of the supply chain blockchain?

The main data security measures include identity authentication, access control, data encryption, data backup, etc.

⑤ Is blockchain safe?

When it comes to the essence of blockchain, I believe several keywords are already familiar. For example, decentralization, trustlessness, consensus mechanism, asymmetric encryption, distributed accounting,Tamperable, absolutely transparent, public, etc. At the same time, some teaching posts also list the structure of the blockchain, such as data layer, network layer, consensus layer, incentive layer, contract layer, and application layer.
However, anyone with a discerning eye can tell at a glance, why is there no security layer? In fact, several key features of blockchain have already solved security issues. First, blockchain uses asymmetric encryption technology. In fact, encryption and decryption are different keys, namely the public key and the private key. To put it simply, the public key is made public, while the private key is absolutely confidential.
Secondly, distributed accounting is the way blockchain stores data. It can also be understood as distributed storage, which is consistent with the concept of decentralization. From the perspective of the form of the ledger, it means that there is no central ledger in the network, and the ledger is stored in each node. Each node can work independently or act as a central node. Therefore, there will be no situation where the central node is attacked, resulting in the loss of core ledgers or data, and the entire network being paralyzed.
Furthermore, non-tamperability is a basic feature of the blockchain. As long as it is on the chain, it cannot be modified, and it cannot be deleted. If changes are needed, based on the principles of transparency and openness, the entire network and all nodes need to be notified. Therefore, under a democratic mechanism, the possibility of arbitrarily tampering with data is very low. Therefore, blockchain technology is applied in various industries, such as finance, payment, traceability, games, etc., such as the online "Universe", Tencent's "Let's Catch Monsters", and Zhongan Huanyu Blockchain's "DR Dragon Hunt" are examples of this area. Safe and high-quality products under blockchain technology.

⑥ Security rules of blockchain

Security rules of blockchain, the first rule:
Storage is everything
A person’s property ownership and security , fundamentally depends on how the property is stored and how it is defined. In the Internet world, massive user data is stored on the platform's servers. Therefore, the ownership of this data is still a mystery. Just like who owns your and my social IDs, it is difficult to determine, but user data assets have pushed up The market value of the platform, but as a user, does not enjoy the market value dividend. The blockchain world has led to changes in storage media and methods, allowing the ownership of assets to be delivered to individuals.
Extended information
The risks faced by the blockchain system are not only attacks from external entities, but also attacks from internal participants, as well as component failures, such as software failures. Therefore, before implementation, it is necessary to develop a risk model and identify special security requirements to ensure an accurate grasp of risks and response plans.
1. Security features unique to blockchain technology
● (1) Security of written data
Under the action of the consensus mechanism, only when most nodes (or multiple key nodes) in the entire network When everyone agrees that the record is correct at the same time, the authenticity of the record can be recognized by the entire network, and the record data is allowed to be written into the block.
● (2) Security of reading data
Blockchain does not have inherent security restrictions on information reading, but it can control information reading to a certain extent, such as encrypting certain elements on the blockchain, OfFinally, the key is handed over to the relevant participants. At the same time, the complex consensus protocol ensures that everyone in the system sees the same ledger, which is an important means to prevent double payments.
● (3) Distributed Denial of Service (DDOS)
Attack Resistance Blockchain’s distributed architecture gives it point-to-point, multi-redundant characteristics, and there is no single point of failure, so it is more resistant to denial of service attacks. The method is much more flexible than a centralized system. Even if one node fails, other nodes are not affected, and users connected to the failed node cannot connect to the system unless there is a mechanism to support them to connect to other nodes.
2. Security challenges and response strategies faced by blockchain technology
● (1) The network is open and undefended
For public chain networks, all data is transmitted on the public network, and all nodes joining the network You can connect to other nodes and accept connections from other nodes without any obstacles. There is no authentication or other protection at the network layer. The response to this type of risk is to require greater privacy and carefully control network connections. For industries with higher security, such as the financial industry, it is advisable to use dedicated lines to access the blockchain network, authenticate the accessed connections, exclude unauthorized node access to avoid data leakage, and pass the protocol stack level firewall Security protection to prevent network attacks.
● (2) Privacy
Transaction data on the public chain are visible to the entire network, and the public can track these transactions. Anyone can draw conclusions about something by observing the blockchain, which is not conducive to the legal privacy of individuals or institutions. Protect. The response strategies for this type of risk are:
First, the certification agency acts as an agent for users to conduct transactions on the blockchain, and user information and personal behaviors do not enter the blockchain.
Second, instead of using a network-wide broadcast method, the transmission of transaction data is limited to nodes that are conducting relevant transactions.
Third, access to user data is controlled by permissions, so only visitors holding the key can decrypt and access the data.
Fourth, use privacy protection algorithms such as "zero-knowledge proof" to avoid privacy exposure.
● (3) Computing power
Blockchain solutions using proof-of-work are faced with the problem of 51% computing power attack. With the gradual concentration of computing power, it is objectively possible that organizations that control more than 50% of the computing power will emerge. Without improvement, it cannot be ruled out that it will gradually evolve into the law of the jungle where the jungle is the law of the jungle. The response strategy for this type of risk is to use a combination of algorithms and realistic constraints, such as joint management and control using asset mortgages, legal and regulatory means, etc.

⑦ What are the security weaknesses of blockchain

What are the security weaknesses of blockchain

Blockchain is the core technology of Bitcoin. On the Internet where trust cannot be established, blockchain technology relies on cryptography and clever distributed algorithms without the intervention of any third-party central organization. It uses mathematical methods to enable participants to reach consensus and ensure the existence of transaction records. The validity of the contract and thenon-repudiation of identity.

The often mentioned characteristics of blockchain technology are decentralization, consensus mechanism, etc. The virtual digital currency derived from blockchain is currently the most popular in the world. One of the projects is creating a new batch of billionaires. For example, the Binance trading platform, just a few months after its establishment, has been rated by internationally renowned institutions as having a market value of US$40 billion, making it one of the richest digital currency entrepreneurial pioneers. However, since the establishment of digital currency exchanges, there have been endless incidents of exchanges being attacked and funds being stolen, and some digital currency exchanges have suffered heavy losses due to hacker attacks or even gone bankrupt.

1. The shocking attack on digital currency exchanges

From the earliest Bitcoin to the later Litecoin and Ethereum, there are currently hundreds of digital currencies. . As prices rise, attacks on various digital currency systems and digital currency thefts continue to increase, and the amount stolen is also soaring. Let’s review the shocking incidents of digital currencies being attacked and stolen.

On February 24, 2014, Mt. Gox, the world’s largest Bitcoin exchange operator at the time, announced that all 850,000 Bitcoins on its trading platform had been stolen, accounting for more than 80% of all Bitcoins. Exchange Mt.Gox filed for bankruptcy protection due to its inability to cover customer losses.

After analysis, the reason is roughly that Mt. Gox has a serious error such as a single point of failure structure, which was used by hackers to launch DDoS attacks:

The signature of the Bitcoin withdrawal link was hacked Tampering and entering the Bitcoin network before the normal request. As a result, the forged request can be successfully withdrawn, but the normal withdrawal request is abnormal and displayed as failed in the trading platform. At this time, the hacker has actually obtained the withdrawn Bitcoin. However, he continued to request repeated withdrawals on the Mt.Gox platform. Mt.Gox repeatedly paid equal amounts of Bitcoins without conducting transaction consistency verification (reconciliation), resulting in the Bitcoins on the trading platform being stolen.

On August 4, 2016, Bitfinex, the largest U.S. dollar Bitcoin trading platform, announced that a security vulnerability was discovered on the website, resulting in the theft of nearly 120,000 Bitcoins, with a total value of approximately US$75 million.

On January 26, 2018, the Coincheck system of a large digital currency trading platform in Japan suffered a hacker attack, resulting in the digital currency "New Economic Coin" with a current price of 58 billion yen, approximately US$530 million. This is the largest digital currency theft in history.

On March 7, 2018, the news that Binance, the world’s second largest digital currency exchange, was hacked kept the currency circle awake at night. The hackers actually started playing economics, buying and selling short and “speculating”. "Coins" to cut leeks. According to Binance’s announcement, the hacker’s attack process includes:

1) Using third-party phishing websites to steal users’ account login information over a long period of time. Hackers impersonate legitimate Binanc by using Unicode charactersSome letters in the e-website domain name carry out web phishing attacks on users.

2) After the hacker obtains the account, he automatically creates a trading API and then lurks quietly.

3) On March 7, hackers used the stolen API Key to directly increase the value of VIA currency by more than 100 times by using short selling methods. Bitcoin plummeted by 10%, with a total of 17 million bits in the world. According to currency calculations, Bitcoin lost US$17 billion overnight.

2. Why hacker attacks are so successful

The hot market of digital currency based on blockchain has made hackers salivate. The amount stolen continues to set new records, and the occurrence of theft incidents also increases. This has raised concerns about the security of digital currencies, and people can’t help but ask: Is blockchain technology safe?

With the research and application of blockchain technology, in addition to the information system to which it belongs, the blockchain system will face threats from viruses, Trojans and other malicious programs and large-scale DDoS attacks. And face unique security challenges.

1. Algorithm implementation security

Since the blockchain uses a large number of various cryptographic technologies, it is a highly algorithm-intensive project and is prone to problems in implementation. There have been precedents of this kind in history. For example, the NSA embedded flaws in the implementation of the RSA algorithm, allowing it to easily crack other people's encrypted information. Once a vulnerability of this level breaks out, it can be said that the foundation of the entire blockchain building will no longer be safe, and the consequences will be extremely dire. Bitcoins have been stolen before due to problems with the Bitcoin random number generator. In theory, the private key can be deduced by using the same random number twice during the signing process.

2. Consensus mechanism security

A variety of consensus algorithm mechanisms have appeared in current blockchain technology, the most common ones are PoW, PoS, and DPos. However, whether these consensus mechanisms can achieve and ensure true security requires more rigorous proof and the test of time.

3. The use of blockchain is safe

A major feature of blockchain technology is that it is irreversible and unforgeable, but the premise is that the private key is safe. The private key is generated and kept by the user, and theoretically no third party is involved. Once the private key is lost, no operations can be performed on the account's assets. Once obtained by hackers, digital currencies can be transferred.

4. System design security

Since platforms such as Mt.Gox have single points of failure in business design, their systems are vulnerable to DoS attacks. Currently blockchain is decentralized while exchanges are centralized. In addition to preventing technology theft, centralized exchanges must also manage people well to prevent human theft.

In general, from the perspective of security analysis, blockchain faces challenges in algorithm implementation, consensus mechanism, use and design. At the same time, hackers can also achieve attacks by exploiting system security vulnerabilities and business design flaws. Purpose. Currently, hacker attacks are having an increasing impact on the security of blockchain systems.

3.How to ensure the security of the blockchain

In order to ensure the security of the blockchain system, it is recommended to refer to the NIST cybersecurity framework and start from the strategic level and the entire life cycle of an enterprise or organization's cybersecurity risk management. Build five core components of identification, protection, detection, response and recovery to perceive and block blockchain risks and threats.

In addition, according to the characteristics of blockchain technology, we focus on the security of algorithms, consensus mechanisms, usage and design.

Achieving security for algorithms: On the one hand, choose to adopt new cryptographic technologies that can stand the test, such as the national secret public key algorithm SM2. On the other hand, strict and complete testing of the core algorithm code and source code obfuscation will increase the difficulty and cost of reverse attacks by hackers.

For consensus algorithm security: PoW uses anti-ASIC hash functions and uses more effective consensus algorithms and strategies.

For usage security: protect the generation and storage of private keys, and encrypt and store sensitive data.

For design security: On the one hand, we must ensure that the design functions are as complete as possible, such as using private key white-box signature technology to prevent viruses and Trojans from extracting private keys during system operation; designing a private key leak tracking function , to minimize the loss after the private key is leaked. On the other hand, some key businesses should be designed to be decentralized to prevent single point failure attacks.

⑧ Is blockchain wallet safe?

It can be said that it is very unsafe. The technology related to blockchain wallet has lost its original technical meaning in China. Now it has become a means of making money. So you must be very vigilant about this aspect. Anyway, I personally don’t believe it.