This article is from:InfoQ(ID:infoqchina), Author: Pan Shaohua, forwarded with authorization.
image description
Current status of blockchain market development
At present, the main application of blockchain is in the field of encrypted digital currency, such as Bitcoin and Ethereum. Because of the decentralized, transparent and non-tamperable features of the blockchain, there is also a lot of room for imagination in terms of digital identity and legal evidence. Some domestic companies have begun to experiment in digital copyright and digital insurance. In addition, in the game, entertainment industry, as well as in the fields of digital transportation and Internet of Things devices, blockchain has some room for technical applications.
secondary title
Blockchain Policy Orientation
In October 2016, the Ministry of Industry and Information Technology issued the "White Paper on China's Blockchain Technology and Application Development (2016)", summarizing the development status and typical application scenarios of domestic and foreign blockchains, and introducing the country's blockchain technology development roadmap And the direction and process of standardization of blockchain technology in the future.
In January 2017, the Ministry of Industry and Information Technology issued the "Software and Information Technology Service Industry Development Plan (2016-2020)", which proposed requirements for innovation in fields such as blockchain to reach the international advanced level. In August 2017, the State Council issued the "Guiding Opinions on Further Expanding and Upgrading Information Consumption and Continuously Unleashing the Potential of Domestic Demand" and proposed to carry out pilot applications based on new technologies such as blockchain and artificial intelligence.
In October 2017, the State Council issued the "Guiding Opinions on Actively Promoting Supply Chain Innovation and Application" and proposed to study and utilize emerging technologies such as blockchain and artificial intelligence to establish a supply chain-based credit evaluation mechanism.
In October 2017, the State Council issued the "Guiding Opinions on Actively Promoting Supply Chain Innovation and Application" and proposed to study and utilize emerging technologies such as blockchain and artificial intelligence to establish a supply chain-based credit evaluation mechanism.
In September 2017, the People's Bank of China and other seven ministries and commissions jointly issued the "Announcement on Preventing Financing Risks of Token Issuance", stipulating that in China, trading platforms are not allowed to engage in the exchange business between legal tender and "virtual currency".
secondary title
Security Threats Facing Blockchain
On May 29, 2018, according to the data released by coinmarketcap.com, the current market value of Bitcoin is 120 billion US dollars, followed by Ethereum, which is about 50 billion US dollars. In 2013, Bitcoin was about 600 yuan, and now it has risen to 8,000 yuan. This is what everyone can feel intuitively.
The sudden increase in money will definitely be targeted by bad guys. We have counted the trend of global blockchain security incidents. The first Bitcoin security incident occurred in 2011, when $1.02 million was lost, and the global blockchain capital loss in 2014 was about $460 million. In the first half of 2018, this figure reached US$1.9 billion.
In the past, hackers needed upstream and downstream cooperation to turn hacked websites into cash income, but now it is very simple, just hack some websites and steal some coins, and the income from these coins is enough for him to wash his hands. And the most important thing is that after the hacker attack, it is difficult to trace the source.
According to the combing of previous blockchain security incidents, we found that the security issues caused by blockchain tokens mainly come from the security threats caused by the blockchain's own mechanism, the security threats caused by the blockchain ecology, and the security threats caused by blockchain users. There are three aspects of security threats.
secondary title
Blockchain's own mechanismdata layer.
Blockchain data may be a chain structure, or it may be a DAG. The timestamps and hash functions it uses, including some asymmetric encryption algorithms, may have many mechanism problems. Discovering these vulnerabilities requires very high technical requirements for hackers, and requires hackers to have a good understanding of the underlying implementation of the blockchain and contracts.Network layer.
We have encountered some well-known Raiders, which lack automatic node discovery function. For example, it may have more than 20 nodes, several of which were offline by DoS, and its nodes did not have the function of automatically returning online. The entire network The robustness of the system is destroyed by hackers in one fell swoop.consensus layer.
The consensus mechanism is also very important. Bitcoin’s consensus algorithm PoW determines whoever calculates the highest profit will get the mine first. If you want to attack it, you need to invest in computing power to fight. At present, there are more and more PoS and DPoS. PoS involves a very strict problem. Each node needs to put a large amount of assets as collateral, so as to generate corresponding mining income. Then the analysis of this node will be continuously enlarged. When enough money is deposited in this node, hackers can use more technical attack methods, and even use military-grade technical capabilities.Contract layer and business layer.
The loopholes involved in this incident were exposed on the Internet more than a year ago. They are loopholes in Ethereum’s own protocol, and it is difficult to recover. Well, after this vulnerability is made public, many script hackers will know how to exploit this vulnerability, and they don't need too deep a technical level.
secondary title
Security Threats Caused by Blockchain Ecology
From the current point of view, the blockchain ecology is a series of supporting systems or applications that support the operation of the blockchain and connect with the real world. The blockchain ecology includes mines and pools under the PoW mechanism, equity nodes under the PoS mechanism, token exchanges, soft and hard wallets, data tracking browsers, dApp applications, and blockchain gateways for future dApp applications system etc.
The case of the exchange being attacked by DDoS
In May 2017, a blockchain currency trading platform suddenly encountered a violent UDP FLOOD attack, and the attack traffic and data packet peak value soared to 84517Mbps and 30953746pps in an instant. The attackers turned to sparrow tactics after the blitz raid was frustrated, and various intermittent small-scale attacks continued for 10 days.
After 10 days, the attacker gathered 60,000 bots, and the CC attack traffic rose sharply to 51023.30GB.
Three hours later, the attacker used 51890 bots again to create CC traffic up to 12238.33GB.
Risks to digital wallets
A digital wallet is a container for generating and storing private keys. It is used to manage keys and addresses, track the balance of addresses, and create and sign transactions. In terms of carriers, digital token wallets are mainly divided into hot wallets and cold wallets.
Cold wallets are more secure than hot wallets in terms of overall security, but the products currently on the market also have certain security risks.
The entity of a certain brand of cold wallet is transformed from a smartphone, which results in the overall security of the cold wallet being limited by the bottom line of the smartphone system. At the same time, the performance of the cold wallet based on the smartphone system is often unreliable.
- Security Threats Faced by Users
Fraud Case - Phishing Attack
On March 7, 2018, Binance, an overseas digital currency trading platform, was attacked by hackers. This attack caused the price of global digital currency to plummet.
According to the exchange’s announcement, 31 accounts were hacked by hackers. After mastering the user’s account authority, the hacker used machines to place orders and conduct programmatic high-frequency transactions, causing huge losses to users.
- On April 14, 2017, xudong zheng, a student studying mathematics at Johns Hopkins University, published a paper titled "Phishing with Unicode Domains", which in Chinese is "Using unicode URLs to fish".
Fraud example - not knowing the characteristics of the private key
On July 1, 2017, 188.31 bitcoins were stolen from a community in Zhongyuan Oilfield. Oil field police captured Dai, a Shanghai-based thief, a few months later, worth $2.8 million.
In October 2017, an imToken user in Dongguan discovered that more than 100 ETH (Ethereum currency) had been stolen, and it was finally confirmed that a friend around him stole his digital cryptocurrency.Live video playbacklearn.
