Blockchain - Certified Cybersecurity Technician Exam 212-82 PDF
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Summary
This document discusses blockchain, distributed ledger technology, and its applications in cybersecurity. It explains how blockchains work, highlighting their security features and use cases. It also includes different types of blockchains.
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Cryptography Blockchain...
Certified Cybersecurity Technician Exam 212-82 Cryptography Blockchain O A blockchain, also referred to as distributed ledger technology (DLT), is used to record and store the history of transactions in the form of blocks Q For multiple transactions, multiple blocks are created, which are linked together to form a “blockchain” Process of Creating a Blockchain Types of Blockchain A block is created and The participant broadcasted to the - “ 0.9 " rovesswnacion requests a transaction o [IP]-... - n 9 members nthenetwork >B members in the network Public Blockchain - O: o: Private Blockchain Members validate : the transaction v QED \[[;D Federated Blockchain — —— ¥ PR ) |:] @ @ k: = ofof the k:cop;y the *’"d"‘d ;h:’redd @ @ The block The blockisis added added ger ger IsIs generated generated ani an hhe blockchain kehaln LY.2 avallable to all made available tothe—bloc MRS Hybrid Blockchain members Copyright © byby EC-{ |L. All Rights Reserved, ReproductionIs Strictly Prohibited. Blockchain A blockchain is a type of distributed ledger technology (DLT) that is used to record and store the history of transactions securely in the form of blocks. Data recorded in blockchains are resistant to unwanted modifications, and account transparency is maintained through cryptographic techniques. For multiple transactions, multiple blocks are created, which are cryptographically linked together to form a “blockchain.” This chain of records or blocks are known as ledgers, which are shared in the network to make other participants aware of all the transaction details and the number of bits owned by each member. The members in the network authenticate blocks using their hash values, and the hashes are further validated by crypto miners using complex cryptographic algorithms, following which the blocks are approved to join the blockchain mechanism. Blockchains are generally implemented using two mechanisms: hash functions (mostly SHA- 256) and asymmetric key algorithms. The process of validating blocks is known as “proof of work,” for which crypto miners are compensated, and the process of adding blocks to a blockchain after performing “proof of work” is referred to as “crypto mining.” Each block in a blockchain consists of three elements: data (transaction details), hash, and the hash of the previous block. Every time a new block is created using a new hash value, the hash value is shared with the next block. The first block in a blockchain referred to as the genesis and is represented by 0s. Once a block verifies its previous block’s hash, it is allowed to join the blockchain. Module 14 Page 1735 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Cryptography Data Data Data Hash: aO0b2*** a00b2***= Hash: a201b3*%* a201b3*** Hash Daia “ s "~.,A ""~.,‘ Previous Hash: ’ "~..A.""n.‘ Previous Hash: Genesis (first block) (a00b2***) (a00b2***) a201b3*** a201b3*** Figure 14.51: Blockchain If a block is tampered with, the next block in the chain invalidates it because it does not match the previous hash value in the current block. However, a blockchain is not completely protected by merely generating hashes and comparing them with other blocks. Attackers can generate valid hashes for each block using many cryptographic techniques. The “proof of work” mechanism is used, as described above, to mitigate such risks. The security of the blockchain is ensured by both the effective usage of hashes and the “proof of work” by miners (on public ledgers). Figure below illustrates the process of creating a blockchain. A block is created and The participant 9 broadcasted to the B c 0 requests a transaction = members in the network - -e -s LA R R R R AR R R R RR R R R R R R R AR R RR R R RR RR R R R RR RR R R R R R R) ) ) IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII llllllllllllllllllllllllllllllllll ) & Members validate the transaction A4 @ DI (..............................-. A copy of the shared o esssassans N =2 =N N ’N o‘NNNN| ! v: A4 " ‘ ‘i :5 :. NN) e QR el - ;;::n.wtnnare Steganography Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data. It replaces bits of unused data into ordinary files, such as graphics, sound, text, audio, and video with other surreptitious bits. The hidden data can be in the form of plaintext or ciphertext, and sometimes, an image. Utilizing a graphic image as a cover is the most popular method to conceal the data in files. Unlike encryption, the detection of steganography can be challenging. Thus, steganography techniques are widely used for malicious purposes. Cover Medium Cover Medium ERP XN (NN ERP Embedding = : Extracting function function EC-Council “Hackers EC-Council “Hackers are here. Whereare fsssssesaneas: i ssssssasaad ssssssssasd are here. Whereare you?” Message to be Stego Object Extracted you?” embedded message Figure 14.53: Hiding message using steganography Module 14 Page 1738 Certified Cybersecurity Technician Copyright © by EG-Gouncil EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Cryptography Steganography Tools Image Steganography Tools ! Document Steganography Tools OpenStego OpensStego (https://www.openstego.com) (https.//www.openstego.com) = StegoStick (https://sourceforge.net) QuickStego (http://quickcrypto.com) = Steg) (http://stegj.sourceforge.net) Stegl SSuite Picsel (https://www.ssuitesoft.com) = Office XML (https://www.irongeek.com) CryptaPix (https://www.briggsoft.com) (https.//www.briggsoft.com) = SNOW SNOW (https://github.com). Video Steganography Tools Audio Steganography Tools OmniHide Pro (http://omnihide.com) = DeepSound (http://jpinsoft.net) RT Steganography (https://sourceforge.net) = BitCrypt (http://bitcrypt.moshe-szweizer.com) StegoStick (https://sourceforge.net) = StegoStick (https://sourceforge.net) OpenPuff (https://embeddedsw.net) i = MP3Stego (https://www.petitcolas.net) Steganography Tools Listed below are various steganography tools: Image Steganography Tools OpenStego (https.//www.openstego.com) QuickStego (http://quickcrypto.com) (https://www.ssuitesoft.com) SSuite Picsel (https.//www.ssuitesoft.com) CryptaPix (https.//www.briggsoft.com) (https://www.briggsoft.com) Document Steganography Tools StegoStick (https://sourceforge.net) Steg) (http://stegj.sourceforge.net) Office XML (https://www.irongeek.com) SNOW (http://www.darkside.com.au) Video Steganography Tools OmniHide Pro (http://omnihide.com) RT Steganography (https://rtstegvideo.sourceforge.net) StegoStick (https://sourceforge.net) OpenPuff (https://embeddedsw.net) (https.//embeddedsw.net) Module 14 Page 1739 EC-Council Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Cryptography Audio Steganography Tools = DeepSound (http://jpinsoft.net) = BitCrypt (http://bitcrypt.moshe-szweizer.com) = StegoStick (https.//sourceforge.net) = MP3Stego (https.//www.petitcolas.net) Module 14 Page 1740 Certified Cybersecurity Cybersecurity Technician EG-Gouncll Technician Copyright © by EG-Gounell All Rights Reserved. Reproduction is Strictly Prohibited.
