"Blockchain Principles and Technology" Study Notes (6) - Blockchain Security

Enterprise 2023-08-12 22:24:10 views: null

"Blockchain Principles and Technology" Study Notes Part Six

4. Blockchain network layer

1. Network layer security

Common attacks against the blockchain network layer include:

1.1 Distributed denial of service attack (DDos)

By actively sending a large amount of false information to network nodes, the subsequent access to these information points to the victim to achieve the attack effect.

1.2 Extensive Attacks

Network scalability attack: The attacker maliciously pays high fees to increase the verification priority through external false transactions, thereby blocking the transaction queue and wasting time and bandwidth resources for honest nodes to compete with the attacker.

Transaction malleability attack: The attacker listens to asynchronous unconfirmed transactions, changes the original transaction ID by modifying the transaction signature, and generates a new transaction for broadcast and confirmation. The original ID cannot be confirmed.

Solution: Segregated witness (Segwit)
removes the signature from the transaction and generates a hash value of the block header, so that the signature change does not affect the transaction hash.

1.3 Eclipse attack

By occupying the routing table of the node, the attacker controls the external communication of the node and keeps it in an isolated network. In this way, attacks such as routing spoofing, denial of service, and ID hijacking are carried out.

1.4 Segmentation attack

The attacker assigns honest nodes to different subtrees to contribute computing power and breaks them separately.

1.5 Delay attack

Intercept requests from honest nodes and return outdated blocks.

5. Blockchain Security and Attacks

1. Why is the blockchain insecure?

1.1 Blockchain Hierarchical Architecture Perspective

insert image description here

1.2 Six types of hidden dangers of blockchain

Common six types of safety hazards :
Cryptography Blockchain Trust Foundation Hash algorithm, digital signature, random number
user private key User Participation Credentials Defense Against Rainbow Attacks
Node system security traditional security Buffer overflow, distributed node reliability, API interface, etc.
Underlying Consensus Protocol blockchain consistency Difficult-to-prove protocol security, impossible triangular relationship
smart contract Blockchain business logic Contract loopholes, contract credibility, and standardization of contracts
Incentives Good Blockchain Ecology Prevent Ponzi Schemes

Examples of safety hazards

  • Data layer: Rainbow attack
    Rainbow table: A table prepared for the encrypted hash func inverse operation, composed of a combination of public key and private key.
    Then let the public key on the rainbow table and the public key on the blockchain collide and pair
    . If the public key is successfully paired, the private key will also be exposed to hackers.

  • Ponzi schemes
    use the money of new investors to pay interest and short-term returns to old investors to create the illusion of making money and defraud more investment.

1.3 Network Connectivity and Blockchain Security

  • The lower the connectivity of the network, the more likely the system will be bifurcated, and the less computing power miners will need to carry out a 51% attack
  • The greater the difference in network connectivity, the lower the computing power required for a miner with better connectivity to launch a 51% attack.

2 How to make the blockchain insecure

  • Attacks on basic components and facilities:
    Hash collisions, security threats to P2P networks
  • Attack the core design of the system: security threats at the consensus layer, security threats at the contract layer, and security threats at the data layer
  • Attacks on application ecology: attacks on trading websites, attacks on digital currency/wallet apps
  • Attacking the blockchain: security of private keys during operation and storage (asset security after loss), code reliability and protocol security of smart contracts, privacy and security of transactions

3 How to make blockchain more secure

  • Human-subjective enhancement:
    Holders increase security awareness, developers develop cautiously, and entrepreneurs pay attention to risks
  • Blockchain system vulnerability optimization
  • Combining with other technologies to improve blockchain security

Guess you like

Origin blog.csdn.net/weixin_60482947/article/details/129326407
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com