Blockchain is for information security, is armor or weakness
Science and Technology Daily Intern Reporter Dai Xiaopei
Source: Technology Daily
"The blockchain is not a new technology. It uses many techniques of cryptography, such as hashing algorithms, public key cryptography, etc."
On the 13th, the 2019 Future Science Awards Week was held at Tsinghua University, and an academic report focusing on networking and information security was held concurrently. This year's Future Science Awards – Mathematics and Computer Science Award winner, Chinese Academy of Sciences, and International Cryptography Association Fellow Wang Xiaoyun mentioned the origins of cryptography and blockchain.
“The blockchain is cryptographically guaranteed to be non-tamperable and unforgeable.” Yan Huaizhi, director of the Institute of Computer Network Security Countermeasure Technology at Beijing Institute of Technology, told the Science and Technology Daily reporter that the blockchain combines cryptography, mathematics, and computer science (peer-to-peer network). , distributed storage, etc., network science and many other disciplines. “In terms of security, the blockchain itself implements many security technologies.”
So, what are the network security issues involved in the blockchain that comes with the safety gene?
Anonymity is a double-edged sword
Experts say that in the era when blockchain technology is about to be widely used, the security of cyberspace will have new features. Yan Huaizhi explained:
“An important feature of the blockchain is decentralization. Its wide application will definitely have an adverse impact on the areas that need to be centrally regulated. The anonymity of blockchain technology is also a double-edged sword, which can effectively protect it. Privacy, on the other hand, provides masks and umbrellas for cyberspace malicious acts and even cybercrime. For example, many black markets use blockchain technology to launder money to escape the blow."
"Furthermore, the blockchain technology itself requires each node to share block information. Although this approach enhances the inextricable modification of information, the transaction information in the block is easily known by all parties. In addition, many people even have technology. Experts are too superstitious about blockchain technology, and believe that it can cover the world of network security. This misunderstanding may indirectly lead to improper construction of the overall security defense system of information systems and introduce new risks." Yan Huaizhi said.
In addition, the blockchain faces many external security threats—mainly for the destruction, modification, and disclosure of algorithms, protocols, implementations, applications, and systems. This is reflected in the integrity, non-repudiation, and anonymity of blockchain data. Sex, privacy protection and more.
Although the blockchain itself has a relatively complete security system, there are also many technical defects. Yan Huaizhi said: "The security of the blockchain is highly dependent on the consensus mechanism, but the consensus mechanisms of the current mainstream public-chain platforms (such as Bitcoin, Ethereum, etc.) are mostly based on computing power. Blockchain user accounts Security risks mainly come from the drawbacks of the decentralization mechanism."
Therefore, the blockchain system requires a variety of security technologies to protect. "In terms of security, if the attacker can control 51% of all data nodes, the network data can be modified, the so-called '51% attack'." Yan Huaizhi said, "However, if you want to control all data nodes 51 More than % is hard to do."
Blockchain can be used for network security
With the large-scale application of blockchain, how to do information confidentiality?
The blockchain system itself has a security system that can be used in the field of network security. “The blockchain self-security system refers to the security technology adopted to realize the blockchain infrastructure and functions. In this technology system, security technologies such as encryption, digital signature, and time stamp are adopted to realize data block confidentiality. Node authentication, storage security, propagation verification, security fault tolerance, identity authentication, authorized access, security auditing, and privacy protection." Yan Huaizhi told reporters.
Ying Xiang, an associate professor of the Department of Intelligence and Computing at Tianjin University, told the Science and Technology Daily reporter that the blockchain technology is not mature enough to be more vulnerable to security risks in the face of new and complex application scenarios. "Because of the irreversible nature of blockchain technology, the risk of a network vulnerability is greater than that of a conventional Internet application.
"For technical risks, he recommends doing a good job in security auditing and testing. "Before the code is officially released, try running for a while and kill the technical holes in the cradle. ”
In the view of Pu Songtao, director of the software research department of CCIDSoft, the information security risks involved in blockchain technology are mainly concentrated at the application level. To this end, he suggested strengthening management.
"The first is to do a good job in the management of information systems; the second is to do a good job in user management and improve user skills; the third is to do a good job of managing the information and data on the chain, and distinguish which data can be chained and which cannot."
Yan Huaizhi said that blockchain has broad application prospects in network space security, especially in identity authentication, access control, and data protection.
“This is because the blockchain has a high degree of security and time dimension. The blockchain data has strong data tamper resistance and can effectively protect the integrity of the data, and the cost is not high and easy to implement.”
“As the number of application scenarios increases, the specific security issues involved in blockchain technology will be exposed. The blockchain industry will take specific measures to address specific issues, making the solution to blockchain technology more mature.” Ying Xiang said.
"Of course, in addition to technical means, we should strengthen the construction of supporting laws, regulations, standards, supervision and management systems, and build a complete blockchain to apply a safe ecological environment in a multi-pronged manner." Yan Huaizhi said.