Research on blockchain evaluation methods under the classified protection of cybersecurity
-
Graphical Abstract
-
Abstract
A blockchain is a cryptographic distributed database and network transaction accounting system. In the current era of major technological changes, blockchain technology, with its cryptographic structure, peer-to-peer (P2P) network, consensus mechanism, smart contract and other mechanisms, is decentralized, tamper-proof, and traceable and has become a hot spot in the development of informatization. Classified protection is one of the basic policies of information security in China. The implementation of the information security level protection system can not only guide various industries in performing security management in accordance with the equivalent security standards, but also ensure that supervision and evaluation institutions follow the laws and regulations, which is of significance to network security. As the application of blockchain technology in various industries is becoming more extensive, it is necessary to simultaneously promote the national classified protection of blockchain security assessment, which contributes to the sustainable and healthy development of blockchains in China. According to the revised assessment methods of grade protection, in addition to the status of universality requirements, evaluation specifications should be formulated for specific technologies and fields (such as cloud computing, mobile Internet, Internet of Things, industrial control, and big data). In view of the particularity of blockchain technology, China has initiated the formulation of blockchain evaluation specifications, but has not applied the level protection standards to the formulation of blockchain evaluation specifications. Therefore, the assessment requirements and enforcement proposals are specified for the blockchain’s core technologies, such as P2P network, distributed ledger, consensus mechanism, and smart contracts, according to the application and data security layer requirements at Level 3. Moreover, the current running data of blockchains and their security audit mechanism based on the log workflow were summarized and analyzed respectively in compliance with the control points specified in classified protection 2.0. Our investigation indicates that blockchains can satisfy the requirements of evaluation items in three aspects, namely, software fault tolerance, resource control, and backup and recovery. However, further improvements are needed for other aspects, including security audit, access control, identification and authentication, and data integrity.
-
-