Position: Home page » Blockchain » Blockchain security assessment
Blockchain security assessment
Publish: 2021-05-26 07:42:24
1. There are two kinds of blockchain analysis reports, one is the rating report, the other is the tracking report. The basic sections include four parts: basic project information, team situation, social media situation, technology progress and market trend. The only difference is that the evaluation report will give the project score, such as cannon rating, and the tracking report will take the long-term tracking method for continuous attention. For example, the first-class position will be analyzed by two shifts a week.
2. In view of the security characteristics and shortcomings of the existing blockchain technology, we need to build a security system around the physical, data, application system, encryption, risk control and other aspects to improve the security performance of the blockchain system as a whole
1. Physical security
the network and host running the blockchain system should be in a protected environment. According to the regulatory requirements of specific business, the protection measures can be used to protect the physical network and host by means of VPN, firewall, physical isolation, etc
2. Data security
in principle, the data exchange between nodes of the blockchain should not be transmitted in clear text. For example, asymmetric encryption can be used to negotiate key, and symmetric encryption algorithm can be used to encrypt and decrypt data. The data provider should also strictly evaluate the sensitivity and security level of the data, decide whether to send the data to the blockchain, whether to desensitize the data, and adopt strict access control measures
3. Application system security
application system security needs to start from the aspects of identity authentication, authority system, transaction rules, anti fraud strategy, etc.
relevant personnel, transaction nodes and transaction data involved in application operation should be controlled in advance and auditable afterwards. Taking financial blockchain as an example, consensus algorithm with stronger fault tolerance, anti fraud and higher performance can be adopted to avoid joint fraud of some nodes
4. Key security
to encrypt the communication data between the blockchain nodes and the key to encrypt the data stored on the blockchain nodes, the plaintext should not exist on the same node, and the private key should be properly saved by the encryption machine. When the key is lost or leaked, the system can identify the relevant records of the original key, such as account control, communication encryption, data storage encryption, etc., and implement response measures to make the original key invalid. The key should also be managed strictly in the life cycle, and should not be permanently valid. It needs to be replaced after reaching a certain time cycle
5. Risk control mechanism
there should be careful detection measures for the network layer, host operation, data access of application system, transaction frequency and other dimensions of the system. For any suspicious operation, alarm, record and verification should be carried out. If illegal operation is found, loss assessment should be carried out, remedial measures should be taken at the technical and business levels, and security measures should be strengthened, And trace the source of illegal operation to prevent further attacks
Article source: white paper on blockchain technology and application development in China
1. Physical security
the network and host running the blockchain system should be in a protected environment. According to the regulatory requirements of specific business, the protection measures can be used to protect the physical network and host by means of VPN, firewall, physical isolation, etc
2. Data security
in principle, the data exchange between nodes of the blockchain should not be transmitted in clear text. For example, asymmetric encryption can be used to negotiate key, and symmetric encryption algorithm can be used to encrypt and decrypt data. The data provider should also strictly evaluate the sensitivity and security level of the data, decide whether to send the data to the blockchain, whether to desensitize the data, and adopt strict access control measures
3. Application system security
application system security needs to start from the aspects of identity authentication, authority system, transaction rules, anti fraud strategy, etc.
relevant personnel, transaction nodes and transaction data involved in application operation should be controlled in advance and auditable afterwards. Taking financial blockchain as an example, consensus algorithm with stronger fault tolerance, anti fraud and higher performance can be adopted to avoid joint fraud of some nodes
4. Key security
to encrypt the communication data between the blockchain nodes and the key to encrypt the data stored on the blockchain nodes, the plaintext should not exist on the same node, and the private key should be properly saved by the encryption machine. When the key is lost or leaked, the system can identify the relevant records of the original key, such as account control, communication encryption, data storage encryption, etc., and implement response measures to make the original key invalid. The key should also be managed strictly in the life cycle, and should not be permanently valid. It needs to be replaced after reaching a certain time cycle
5. Risk control mechanism
there should be careful detection measures for the network layer, host operation, data access of application system, transaction frequency and other dimensions of the system. For any suspicious operation, alarm, record and verification should be carried out. If illegal operation is found, loss assessment should be carried out, remedial measures should be taken at the technical and business levels, and security measures should be strengthened, And trace the source of illegal operation to prevent further attacks
Article source: white paper on blockchain technology and application development in China
3. Ideally, securities trading does not need transaction intermediary, and it is highly efficient to directly go from indivial to indivial, or from institution to institution, or from institution to indivial.
4. 1、 Decentralization:
blockchain technology does not rely on additional third-party management institutions or hardware facilities, and there is no central control. In addition to the self-contained blockchain itself, each node realizes information self verification, transmission and management through distributed accounting and storage. Decentralization is the most prominent and essential feature of blockchain< Second, openness:
the foundation of blockchain technology is open source. In addition to the private information of all parties to the transaction is encrypted, the data of blockchain is open to all. Anyone can query blockchain data and develop related applications through the open interface, so the information of the whole system is highly transparent< Third, independence:
based on consensus specifications and Protocols (similar to various mathematical algorithms such as hash algorithm used by bitcoin), the whole blockchain system does not rely on other third parties, and all nodes can automatically and safely verify and exchange data in the system without any human intervention< Fourth, security:
as long as 51% of all data nodes cannot be controlled, the network data cannot be arbitrarily controlled and modified, which makes the blockchain itself relatively safe and avoids subjective and artificial data changes
5. Anonymity:
unless there are legal requirements, technically speaking, the identity information of each block node does not need to be disclosed or verified, and information transmission can be carried out anonymously
Digital China is the first major development strategy explicitly put forward in the report of the 19th National Congress of the Communist Party of China. The application of digital technology represented by cloud computing, big data and mobile Internet is no longer limited to the economic field, but widely penetrated into all aspects of public services, social development and people's life, which requires macro coordination, overall control and integrated development
with the deepening of a new round of scientific and technological revolution and instrial change, the tide of digital economy in the world is unstoppable. The development of digital economy has become a global consensus, known as the key to the fourth instrial revolution
adhering to the connotation of the University of nice's world inclusive humanistic spirit, always embracing change, standing up to the tide, conforming to the development trend of the digital economy era, and integrating the essence of Chinese and Western cultural thinking, the University of nice's doctor of blockchain and digital economy management (DDE) came into being
based on this, we can enable the managers of digital economy instry to have global vision and global integration thinking, integrate knowledge, operate digital economy intelligently, promote the sustainable development of the instry, and contribute to the community of human destiny. Therefore, DDE project will cooperate with colleagues in the field of digital economy
if you have MBA related questions, you are welcome to contact me personally&# 180;&# 65381;&# 7447;&# 65381;` ) Bixin~~~~
blockchain technology does not rely on additional third-party management institutions or hardware facilities, and there is no central control. In addition to the self-contained blockchain itself, each node realizes information self verification, transmission and management through distributed accounting and storage. Decentralization is the most prominent and essential feature of blockchain< Second, openness:
the foundation of blockchain technology is open source. In addition to the private information of all parties to the transaction is encrypted, the data of blockchain is open to all. Anyone can query blockchain data and develop related applications through the open interface, so the information of the whole system is highly transparent< Third, independence:
based on consensus specifications and Protocols (similar to various mathematical algorithms such as hash algorithm used by bitcoin), the whole blockchain system does not rely on other third parties, and all nodes can automatically and safely verify and exchange data in the system without any human intervention< Fourth, security:
as long as 51% of all data nodes cannot be controlled, the network data cannot be arbitrarily controlled and modified, which makes the blockchain itself relatively safe and avoids subjective and artificial data changes
5. Anonymity:
unless there are legal requirements, technically speaking, the identity information of each block node does not need to be disclosed or verified, and information transmission can be carried out anonymously
Digital China is the first major development strategy explicitly put forward in the report of the 19th National Congress of the Communist Party of China. The application of digital technology represented by cloud computing, big data and mobile Internet is no longer limited to the economic field, but widely penetrated into all aspects of public services, social development and people's life, which requires macro coordination, overall control and integrated development
with the deepening of a new round of scientific and technological revolution and instrial change, the tide of digital economy in the world is unstoppable. The development of digital economy has become a global consensus, known as the key to the fourth instrial revolution
adhering to the connotation of the University of nice's world inclusive humanistic spirit, always embracing change, standing up to the tide, conforming to the development trend of the digital economy era, and integrating the essence of Chinese and Western cultural thinking, the University of nice's doctor of blockchain and digital economy management (DDE) came into being
based on this, we can enable the managers of digital economy instry to have global vision and global integration thinking, integrate knowledge, operate digital economy intelligently, promote the sustainable development of the instry, and contribute to the community of human destiny. Therefore, DDE project will cooperate with colleagues in the field of digital economy
if you have MBA related questions, you are welcome to contact me personally&# 180;&# 65381;&# 7447;&# 65381;` ) Bixin~~~~
5. At present, blockchain technology has become a national strategy. As the blockchain has become the focus of social attention, the popularity of blockchain in the field of investment and financing is rising, which also leads to the speculation of social capital. As long as the stock is involved in the concept of blockchain, the stock price can gain several trading limits
while the listed companies are hyping the concept of blockchain, some signs of cheating and illegal currency issuance are also emerging. With the help of the high attention of the society to blockchain, some companies that illegally issue and speculate in currency begin to advocate token trading to lure some investors to buy and recharge
the most common way to promote sales is to promote ultra-high returns, such as under the banner of a hundred times or a thousand times, and to lure investors to buy by pulling the offer. As a result, all the investors suffered losses because of the project side's running away with money
it should be noted that China's blockchain technology is still in its infancy, its application is not yet mature, and its security needs to be strengthened. If you really want to invest in blockchain, the most important thing is to learn the relevant knowledge of blockchain, improve your cognitive level and discrimination ability, enhance your risk awareness, and avoid financial losses caused by being cheated. At the same time, do not do this aspect of marketing promotion, so as not to fall into the pyramid scheme.
while the listed companies are hyping the concept of blockchain, some signs of cheating and illegal currency issuance are also emerging. With the help of the high attention of the society to blockchain, some companies that illegally issue and speculate in currency begin to advocate token trading to lure some investors to buy and recharge
the most common way to promote sales is to promote ultra-high returns, such as under the banner of a hundred times or a thousand times, and to lure investors to buy by pulling the offer. As a result, all the investors suffered losses because of the project side's running away with money
it should be noted that China's blockchain technology is still in its infancy, its application is not yet mature, and its security needs to be strengthened. If you really want to invest in blockchain, the most important thing is to learn the relevant knowledge of blockchain, improve your cognitive level and discrimination ability, enhance your risk awareness, and avoid financial losses caused by being cheated. At the same time, do not do this aspect of marketing promotion, so as not to fall into the pyramid scheme.
6. Yunnan metallurgy used to be called Gejiu Yunxi company, Dongchuan Mining Bureau, Yimen copper mine and Huize Lead zinc mine.
7. The principle of strategic positioning, market awareness, activity, stakeholders and advanced technology are selected in 5 dimensions.
8. Yes, it will be updated later
Hot content