原文标题:区块链之于信息安全,是铠甲还是软肋
原文链接:http://digitalpaper.stdaily.com/http_www.kjrb.com/kjrb/html/2019-11/14/content_434737.htm?div=-1
“区块链不是一项新技术,它采用了密码学的很多技术,如哈希算法、公钥密码等。”13日,2019未来科学大奖周在清华大学开幕,一场聚焦网络和信息安全的学术报告会同期举行。本年度未来科学大奖—数学与计算机科学奖获得者、中国科学院院士、国际密码协会会士王小云提及密码学与区块链的渊源。
“The block chain is not a new technology. It uses many cryptography techniques, such as Hashi algorithms, public key codes, etc..” On 13th, the 2019th Future Science Award Week was opened at the University of Qinghua, and an academic presentation focusing on network and information security was held in parallel. The current Year’s Future Science Award – the winner of the Mathematics and Computer Science Award, a member of the Chinese Academy of Sciences, and the International Society of Passwords, Wang Xiaoyun, referred to the origins of cryptography and block chains.
“区块链以密码学方式保证其不可篡改和不可伪造。”北京理工大学计算机网络安全对抗技术研究所所长闫怀志告诉科技日报记者,区块链融合了密码学、数学、计算机科学(点对点网络、分布式存储等)、网络科学等多门学科技术。“以安全视之,区块链自身实现采用了诸多安全技术。”
"The block chain is cryptographically assured that it is immutable and immutable." The Director of the Institute of Computer Network Security and Counter-Technology of Beijing Polytechnic University has told the Journalist of Science and Technology that the block chain combines many disciplines such as cryptology, mathematics, computer science (point-to-point network, distributed storage, etc.) and cyberscience. “In a safe view, the block chain itself has adopted a number of safety techniques.”
那么,自带安全基因的区块链会涉及哪些网络安全问题呢?
So, what are the cyber-security issues involved in the chain of blocks with their own safety genes?
匿名性特征是一把双刃剑
"Strong" is a double-edged sword.
专家表示,在区块链技术即将获得广泛应用的时代,网络空间的安全问题会出现新的特点。闫怀志解释道:“区块链一个重要特点是去中心化,其广泛应用必将会对需要实行中心化监管的领域产生不利影响。区块链技术的匿名性特征也是一把双刃剑,一方面能有效保护隐私,另一方面又为网络空间恶意行为甚至网络犯罪提供面具和保护伞,比如,很多黑市通过区块链技术洗钱来逃避打击。”
“再者,区块链技术本身要求各个节点共享区块信息,虽然这种方式增强了信息的不可篡改性,但区块中的交易信息易被各方所知晓。另外,很多公众甚至是技术专家对于区块链技术过于迷信,认为其可以包打网络安全的天下,这种误解可能会间接导致信息系统整体安全防御体系的不当构建,引入了新的风险。”闫怀志说。
此外,区块链还面临众多外部安全威胁——主要是针对算法、协议、实现、应用以及系统等层面的破坏、更改和泄露,具体体现在区块链数据的完整性、不可否认性、匿名性、隐私保护以及其他方面。 , in addition, the block chain also faces numerous external security threats - mainly to damage, modification and disclosure at the algorithmic, protocol, realization, application and system levels, as evidenced by the integrity, undeniable, anonymity, privacy protection and other aspects of the block chain data. 虽然区块链自身具有较完善的安全体系,但也存在着不少机制上的缺陷。闫怀志表示:“区块链的安全性高度依赖于共识机制,但当前的主流公有链平台(如比特币、以太坊等)的共识机制多是基于算力而实现的。区块链用户账号的安全风险主要来自去中心化机制带来的弊端。” Although the block chain itself has a well-developed security system, there are also a number of institutional flaws. “The security of the block chain is highly dependent on consensus mechanisms, but the consensus mechanisms of the current mainstream public chain platforms (e.g. Bitcoin, Etheria, etc.) are mostly based on arithmetic. The security risks of the block chain user account are mainly due to the disadvantages of decentralisation.” 因此,区块链系统需要多种安全技术来保障。“在安全性方面,如果攻击者能够控制全部数据节点的51%,就可以对网络数据进行修改,即所谓的‘51%攻击’。”闫怀志坦陈,“不过,若想控制全部数据节点的51%以上,是较难做到的。” ) 区块链可用于网络安全保障 随着区块链大规模应用,该如何做好信息保密工作? How can the confidentiality of information be achieved as the block chain is applied on a large scale? 区块链系统本身具有安全体系,可以用于网络安全领域。“区块链自身安全体系是指为了实现区块链基础架构和功能而采用的安全技术。在该技术体系中,采用的是加密、数字签名、时间戳等安全技术,实现数据区块保密、节点认证、存储安全、传播验证、安全容错、身份鉴别、授权访问、安全审计以及隐私保护等功能。”闫怀志告诉记者。
天津大学智能与计算学部副教授应翔告诉科技日报记者,区块链技术还不够成熟,在面对新的复杂的应用场景时更易出现安全风险。“由于区块链技术不可逆的特点,出现网络漏洞后的风险比常规互联网应用的风险更大。”针对技术方面的风险,他建议做好安全审计和测试工作。“在代码正式发行前,先试着运行一段时间,把技术漏洞扼杀在摇篮。” The Associate Professor of Intelligence and Computing at Tianjin University should tell the Journal of Science and Technology that the block chain technology is not yet mature and is more vulnerable to security risks in the face of new and complex applications. “In view of the unreversible nature of the block chain technology, the risk of a network gap is greater than that of a conventional Internet application.” In response to technical risks, he recommends that safety audits and testing be done. “Try to run a period of time before the code is officially released and to suffocate the technology gap in the cradle.” 在赛迪智库信软所软件研究室主任蒲松涛看来,区块链技术所涉及到的信息安全风险主要集中在应用层面。为此,他建议加强管理。“一是做好信息系统的管理;二是做好用户管理,提升用户技能;三是做好上链信息和数据的管理,区分哪些数据能上链哪些不能。” In the view of the Director of the Software Research Unit of Sady's CSSS, the information security risks involved in block chain technology are mainly at the application level. To that end, he proposes to strengthen management. “One is to manage information systems; the other is to manage users and upgrade their skills; the third is to manage information and data on the upper chain and to distinguish between data that can and cannot be chained.” 闫怀志称,区块链在网络空间安全保障方面具有广阔应用前景,尤其是在身份认证、访问控制、数据保护方面可发挥重要作用。“这是因为区块链具有高度安全性及时间维度,区块链数据具有很强的数据抗篡改能力,可有效保护数据的完整性,且开销不高、便于实施。” ) “随着应用场景增多,区块链技术涉及的具体安全问题会暴露出来,区块链行业将针对具体问题采取具体措施,使区块链技术的解决方案更成熟。”应翔说。 “As the application landscape increases, the specific security implications of block chain technology will be revealed, and the block chain industry will take specific issue-specific measures to mature resolution of block chain technology.” It should be mentioned. “当然,除了技术手段,还应加强配套的法律法规、标准、监督和管理体系构建,多管齐下构建完整的区块链应用安全生态环境。”闫怀志说。
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论