区块链技术 生成的数据结构本身具有安全质量。 它基于密码学、去中心化和共识原则,可确保对交易的信任。 在大多数区块链或分布式账本技术 (DLT) 中,数据被结构化为块,每个块都包含一笔交易或一组交易。 每个新块都以加密链的形式与之前的所有块相连,几乎不可能被篡改。 区块内的所有交易都通过共识机制进行验证和商定,确保每笔交易的真实性和正确性。
区块链技术通过成员参与分布式网络来实现去中心化。 没有单点故障,单个用户无法更改交易记录。 然而,区块链技术在一些关键的安全性方面有所不同。
Block chain technology is decentralised through the participation of members in distributed networks. There are no single troubles & #xff0c; individual users cannot change transaction records.
区块链网络在谁可以参与以及谁有权访问数据方面有所不同。 这些网络通常被标记为公有或私有网络,用于描述允许谁参与,同时还常被标记为许可或无许可网络,用于描述参与者如何访问网络。
Block chain networks vary in terms of who can participate and who has access to the data. These networks are usually marked as public or private & #xff0c; they are used to describe who is allowed to participate in xff0c; they are also often marked as licensed or unlicensed xff0c; and they are used to describe how participants access the network.
公有和私有区块链
公有区块链网络通常允许任何人加入并让参与者保持匿名。 公有区块链使用联网的计算机来验证交易并达成共识。 比特币可能是最广为人知的公共区块链示例,它通过“比特币挖矿”达成共识。比特币网络上的计算机或“矿工”试图解决复杂的加密问题,以创建工作证明,从而验证交易。 除了公钥之外,在这种类型的网络中几乎没有身份和访问控制。
公有区块链 是公共的,任何人都可以加入,也可以验证交易。 私有区块链 受到限制,通常仅限于商业网络。 单个实体或联盟控制着成员资格。 The private block chain is restricted xff0c; it is usually limited to commercial networks, and individual entities or coalitions control membership. 无许可区块链 对处理者无限制。 The non-licensed block chain has no restrictions on processors. 许可区块链 仅限于一组使用证书获得身份的选定用户。 Licence Block Chain is limited to a group of selected users who use the certificate to get an identity.
?
虽然区块链技术产生了一个防篡改的交易分类账,但区块链网络并不能免于网络攻击和欺诈。 那些心怀恶意的人可以操纵区块链基础架构中的已知漏洞,多年来,他们已成功实施了各种黑客和欺诈行为。 以下是一些示例:
Although block chain technology has generated a tamper-proof transaction ledger xff0c; however, block chain networks are not immune to cyberattacks and fraud. Those who are malicious can manipulate known loopholes in block chain infrastructure xff0c; xff0c; over the years; they have successfully committed various kinds of hacking and fraud.
去中心化自治组织 (DAO) 是一个在比特币的启发下,通过去中心化区块链运营的风险投资基金,由于代码遭到不当利用,它被盗走了价值超过 6000 万美元的以太数字货币 — 约占其价值的三分之一。
The Decentralized Autonomy (DAO), inspired by Bitcoin, is a venture capital fund operating through the decentralized block chain, which, owing to the misuse of codes, has stolen over $60 million worth of numeric currency – about one third of its value.
作为全球最大的加密货币交易所之一,总部位于中国香港特别行政区的 Bitfinex 价值近 7300 万美元的客户比特币不幸被盗,这表明该货币仍然存在巨大风险。 可能的原因是私钥被盗,这些私钥即个人数字签名。
The tragic theft of Bitfinex, one of the world’s largest encrypted currency exchanges, with its headquarters in Hong Kong Special Administrative Region of China, with a value of nearly $73 million, suggests that the currency remains at great risk. This may be due to the theft of private keys, which are personal digital signatures.
最大的以太坊和比特币加密货币交易所之一 Bithumb 最近遭到了黑客攻击,黑客泄露了 30,000 名用户的数据并窃取了价值 870,000 美元的比特币。 尽管被黑的是员工的计算机,而不是核心服务器,但这一事件引发了人们对整体安全性的质疑。
Bithumb, one of the largest encrypt currency exchanges in Ethio and Bitcoin, has recently been hit by hackers, who have leaked data on 30,000 users and stolen US$870,000 worth of bitcoins. Although it was the computers of employees that were hacked, rather than the core servers, the incident raised questions about overall security.
黑客和欺诈者主要以四种方式威胁区块链:网络钓鱼、路由、女巫 (Sybil) 攻击和 51% 攻击。
Hackers and fraudsters mainly threatened block chains xff1a in four ways; cyberfishing, routers, witches (Sybil) attacks and 51 per cent attacks.
网络钓鱼是一种企图获取用户凭证的欺诈行为。 欺诈者向钱包密钥所有者发送精心设计的电子邮件,让它们看起来好像来自于合法来源。 这些电子邮件使用虚假的超链接要求用户提供他们的凭证。 一旦获得用户凭证和其他敏感信息的访问权,就可能会导致用户和区块链网络遭受损失。
The fraudster sends carefully designed e-mails & #xff0c to wallet key owners; making them appear to be from legitimate sources. These e-mails use false hyperlinks to require users to provide their documents.
区块链依赖于实时大数据传输。 在将数据传输到互联网服务提供商的过程中,黑客可以拦截数据。 在路由攻击中,区块链参与者通常看不到威胁,所以一切看起来都很正常。 然而在幕后,诈骗者已经提取了保密数据或货币。
Block chains rely on real-time large data transfers. xff0c; hackers can intercept data during transmission to Internet service providers. xff0c; block chain participants usually do not see the threat xff0c; so everything looks normal.
在女巫攻击中,黑客会创建并使用许多虚假网络身份来淹没网络并使系统崩溃。 Sybil?是一本著作中的人物,她被诊断患有多重身份障碍。
In a witch attack xff0c; hackers create and use many false web identities to flood the network and collapse the system. Sybil? is a writer xff0c; she was diagnosed with multiple identity disorders.
挖矿需要大量的计算能力,对于大规模的公有区块链尤为如此。 但是,如果一个矿工或一组矿工能够集结足够的资源,他们就可以获得区块链网络 50% 以上的挖矿算力。 拥有超过 50% 的算力意味着可以控制账本并有能力操纵它。
Mining requires a great deal of computing capacity xff0c; this is particularly true for large-scale public block chains. But xff0c; if a miner or a group of miners can gather enough resources xff0c; they can acquire more than 50% of the mining power of the block chain network.
注:私有区块链不易受到 51% 攻击。
note & #xff1a; private block chains are not vulnerable to 51% of attacks.
在当今的数字世界中,必须采取措施确保区块链设计和环境的安全性。 X-Force Red 区块链测试服务可以帮助您做到这一点。
In today’s digital world xff0c; measures must be taken to ensure the security of block chain design and environment. The X-Force Red block chain testing service can help you to do this.
在构建企业区块链应用时,重要的是要考虑技术堆栈各层的安全性,以及如何管理网络的治理和权限。 企业区块链解决方案的综合安全策略包括使用传统的安全控制措施和技术独特的控制措施。 特定于企业区块链解决方案的部分安全控制措施包括:
The integrated security strategy for the enterprise block chain solution includes the use of traditional security controls and technologically unique controls. Some security controls specific to the enterprise block chain solution include xff1a;
- 身份和访问管理
- 密钥管理
- 数据隐私
- 安全通信
- 智能合约安全
- 交易背书
聘请专家帮助您设计合规且安全的解决方案,从而实现您的业务目标。 寻找生产级平台来构建可在您选择的技术环境中部署的区块链解决方案,无论是在本地还是您首选的云供应商。
Recruit a specialist to help you design a compliant and secure solution & #xff0c; thereby achieving your business objectives. Find a production-level platform to build a block chain solution & #xff0c that can be deployed in the technological environment of your choice; be it locally or as your preferred cloud supplier.
在设计区块链解决方案时,请考虑以下关键问题:
When designing block chain solutions & #xff0c; consider the following key issues & #xff1a;
- 参与组织或成员的治理模式是什么?
- 每个区块中将会捕获哪些数据?
- 相关的监管需求是什么,如何满足这些需求?
- 如何管理身份详细信息? 区块有效负载是否加密? 如何管理和撤销密钥?
- 区块链参与者的灾难恢复计划是什么?
- 区块链客户参与的最低安全态势是什么?
- 解决区块链区块冲突的逻辑是什么?
在建立私有区块链时,确保将它部署在安全永续的基础架构中。 为业务需求和流程选择糟糕的底层技术,可能会通过其漏洞引发数据安全风险。
When building a private block chain & #xff0c; ensuring that it is deployed in a secure and sustainable infrastructure. Selecting poor bottom technologies for business needs and processes & #xff0c; may create data security risks through its loopholes.
考虑业务和治理风险。 业务风险包括财务影响、声誉因素和合规风险。 治理风险主要来自区块链解决方案的去中心化性质,它们需要加强对决策标准、治理政策、身份和访问管理的控制。
Business risks include financial implications, reputational factors and compliance risks. Governance risks arise mainly from the decentralized nature of block chain solutions xff0c; they need to strengthen control over decision-making standards, governance policies, identity and access management.
区块链安全涉及了解区块链网络风险并对这些风险进行管理。 对这些控制实施安全措施的计划构成了区块链安全模型。 创建区块链安全模型,以确保所有措施都已到位,以充分保护您的区块链解决方案。
Block chain security involves understanding and managing block chain network risks. The plan to implement security measures for these controls forms a block chain security model. Create block chain security models xff0c; ensure that all measures are in place xff0c; and fully protect your block chain solutions.
为了实施区块链解决方案安全模型,管理员必须开发一个可以解决所有业务、治理、技术和流程风险的风险模型。 接下来,他们必须评估区块链解决方案面临的威胁,并创建一个威胁模型。 然后,管理员必须根据以下三个类别定义减轻风险和威胁的安全控制措施:
In order to implement the block chain solution security model xff0c; managers must develop a risk model that addresses all business, governance, technology, and process risks. Next xff0c; they must assess the threat to block chain solutions xff0c; and create a threat model. xff0c; managers must define security controls to mitigate risks and threats in accordance with the following three categories xff1a;
- 实施区块链特有的安全控制措施
- 应用常规安全控制措施
- 对区块链实施业务控制
IBM Blockchain 服务和咨询团队可以帮助您设计并激活一个区块链网络,该网络可以满足治理、业务价值和技术需求,同时确保隐私、信任和安全。
The IBM Blockchai service and consulting team can help you design and activate a block chain network & #xff0c; the network can meet governance, business values and technical needs & #xff0c; and ensure privacy, trust and security.
深入了解领先的开源商业区块链平台:开发人员工具、定价、产品导览、客户评论和文档。
与专家取得联系,阅读一些客户成功案例,并了解如何加入 IBM 网络。
我们拥有超过 1600 名业务和技术专家,他们都是从头开始构建企业级区块链的领军人物,将帮助您解决使企业级区块链网络变为现实的三个最关键的设计要点。
学习区块链基础知识,从关键元素到区块链网络类型,再到各行各业如何使用区块链。
The basics of the learning block chain range from the key elements to the type of block chain network and how to use the block chain across all walks of life.
了解 IBM 客户和业务合作伙伴如何使用区块链来转变消费者信心、食品安全、可持续性等方面。 然后看看当代艺术家如何在网络研讨会系列 Blockpy 中诠释他们的创新。
To understand how IBM clients and business partners use block chains to transform consumer confidence, food security, and sustainability. And to see how contemporary artists interpret their innovations in the Blockpy series of webinars.
区块链是否生来平等? 区块链网络都有哪些类型?您应该设置哪种类型?
Are block chains born equal? What are the types of block chain networks? Which type should you set?
比特币和区块链是一回事吗? 不是,但由于比特币是区块链的第一个应用,人们经常不经意地使用“比特币”来表示区块链。
Is Bitcoin and block chains the same thing? No, but since bitcoin is the first application of block chains, “bitcoin” is often inadvertently used to denote block chains.
这篇深入的文章重点介绍了区块链安全参考架构,对于各种行业用例和部署,都可以在区块链项目和解决方案中应用该架构。
This in-depth article highlights the block chain security reference structure, which can be applied to block chain projects and solutions for a variety of industry examples and deployments.
本手册可以帮助您确定区块链用例,了解如何调动您的生态系统,并浏览一个治理模型。 它还包括在多方系统中定义和管理智能合约、数字化资产、法律考虑事项和实际示例的相关信息。 (7.8 MB)
This manual helps you to identify examples of block chains, understand how to mobilize your ecosystem, and look at a governance model. It also includes information on the definition and management of smart contracts, digital assets, legal considerations and practical examples in multiple systems. (7.8 MB)
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
发表评论