Chapter 14 - 05 - Discuss Other Applications of Cryptography - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82 Cryptography Blockchain O A blockchain, also referred to as distributed ledger technology (DLT), is used to record and store the history of transactions in the form of blocks Q For multiple transactions, multiple blocks are created, which are linked together to form a “blockchain” Process of Creating a Blockchain Types of Blockchain A block is created and broadcasted to the The participant - requests a transaction 9 members in the network 0." rovesswnacion o [IP]-... members nthenetwork B “ - Public Blockchain O: Private Blockchain Members validate : the transaction @ — k:cop;y of the ;h:’redd ger Is generated ¥ @ an PR The blockis added he made avallable to all tothe members v ) QED blockchain Y bloc Copyright © by EC-{ Federated Blockchain 2 Hybrid Blockchain L. All Rights Reserved, ReproductionIs Strictly Prohibited. Blockchain A blockchain is a type of distributed ledger technology (DLT) that is used to record and store the history of transactions securely in the form of blocks. Data recorded in blockchains are resistant to unwanted modifications, and account transparency is maintained through cryptographic techniques. For multiple transactions, multiple blocks are created, which are cryptographically linked together to form a “blockchain.” This chain of records or blocks are known as ledgers, which are shared in the network to make other participants aware of all the transaction details and the number of bits owned by each member. The members in the network authenticate blocks using their hash values, and the hashes are further validated by crypto miners using complex cryptographic blockchain mechanism. algorithms, following which the blocks are approved to join the Blockchains are generally implemented using two mechanisms: hash functions (mostly SHA256) and asymmetric key algorithms. The process of validating blocks is known as “proof of work,” for which crypto miners are compensated, and the process of adding blocks to a blockchain after performing “proof of work” is referred to as “crypto mining.” Each block in a blockchain consists of three elements: data (transaction details), hash, and the hash of the previous block. Every time a new block is created using a new hash value, the hash value is shared with the next block. The first block in a blockchain referred to as the genesis and is represented blockchain. Module 14 Page 1735 by 0s. Once a block verifies its previous block’s hash, it is allowed to join the Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Cryptography Data Data Hash: a00b2*** Data Hash: a201b3*%* ""~.,‘ Genesis (first block) Hash Previous Hash:.""n.‘ (a00b2***) Previous Hash: a201b3*** Figure 14.51: Blockchain If a block is tampered with, the next block in the chain invalidates it because it does not match the previous hash value in the current block. However, a blockchain is not completely protected by merely generating hashes and comparing them with other blocks. Attackers can generate valid hashes for each block using many cryptographic techniques. The “proof of work” mechanism is used, as described above, to mitigate such risks. The security of the blockchain is ensured by both the effective usage of hashes and the “proof of work” by miners (on public ledgers). Figure below illustrates the process of creating a blockchain. B The participant 0 -e LA requests a transaction R R R R R R R R R R R R R R R R R R R R R R R R R = R R ) ) 9 A block is created and broadcasted to the members in the network IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII ) & Members validate the transaction A4 @ (..............................-. A copy of the shared 00 ledger is generated and made available to all members ‘ (.....................- The block is added to the blockchain Figure 14.52: Creation of a blockchain In figure, a block is created by a person involved in a transaction. This block is shared with all the members in the network. Each member validates the block using its hashes, following which the block is added to the blockchain. Thus, each member has the details of the new transaction. Blockchains can be created in four variants, each of which serves a different purpose. Module 14 Page 1736 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Cryptography Public ledger or public blockchain: This type of blockchain has no central authority or administration to manage the blocks or ledgers. It is a decentralized and permission-less network in which anyone can join, create, and share blocks. Once the data on the blockchain have been validated, it is secure from modifications or alterations. Some examples of public blockchains include Bitcoin and Ethereum. Each member in this blockchain can access a copy of other ledgers without any permissions. The following are the key aspects of public ledgers. o Everyone in the network can participate in validation. o Once a block is created, it cannot be modified or tampered with. o Public ledgers can be employed in different sectors such as education and healthcare. o Public ledgers are suitable for B2C services. Private ledger or private blockchain: In this type of blockchain, a supervisor or central authority decides who can join and participate in the blockchain network. In a private ledger, only the members involved in a transaction will have knowledge about the corresponding ledgers. Some examples of private blockchains are Hyperledger and Ripple (XRP). The following are the key aspects of private ledgers. o An administrator provides a certain level of access to participants. o Organizations can add and delete participants on demand. o Private ledgers can be employed in sectors such as defense and banking. o Private ledgers are suitable for B2B services. Federated blockchain or consortium blockchain: It is a partially decentralized blockchain in which a group of individuals or organizations, rather than a single entity as in private blockchains, create and manage separate blockchain networks. Control over the blockchain is provided to a group of predetermined or trusted nodes. Participants in a consortium blockchain are mostly from government organizations or central banks. This type of blockchain is extremely fast and scalable. EWF (Energy) and R3 (banks) are instances of federated blockchains. Hybrid blockchain: It is a combination of both private and public blockchain. In blockchain, only a selected set of records or data from the blockchain can be accessed; the remaining data are kept confidential in a private network. This blockchain enables organizations to select which data they wish to make public a hybrid publicly type of private. One important example of a hybrid blockchain is the IBM Food Trust. Module 14 Page 1737 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Cryptography Steganography o e © Steganography is a technique of hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of data Utilizing a graphic image as a cover is the most popular method to conceal the data in files Cover Medium Cover Medium N N N NN ’N o‘ Jessscsecsee ! EC-Council “Hackers ::‘l;re.mteare : v ----- :-‘-‘;}. ,E N =N N. NN ) sessessensse > " ‘ -