区块链公链应用的典型安全问题综述

区块链作为互联网金融的颠覆性创新技术,吸引学术研究和工程应用领域广泛关注,并被持续推广应用到各种行业领域中.以公有链为代表的区块链系统具有弱中心化、信任共识、平台开放、系统自治、用户匿名、数据完整等特点,在缺乏集中可信的分布式场景中实现可信数据管理和价值交易.但区块链作为新兴信息技术,由于自身机制和周边设施不够完善、用户安全观念不够成熟等原因,也面临安全威胁和挑战.本文首先介绍了区块链技术,回顾其面临的安全风险;其次以比特币和以太坊两个典型系统为例,剖析了针对面向代币交易和应用的区块链系统的各类安全威胁以及应对方法;接着分析了钱包交易所等区块链周边设施和区块链用户的安全隐患;最后对文中安全问题进行了分类总结,提出可行技术线路和防御方法,展望当前区块链安全的研究热点和发展趋势.

Overview on Typical Security Problems in Public Blockchain Applications

Originated as Internet financial technology, blockchain is prevailing in many application scenarios and attracting attentions from both academia and industry. Typical blockchain systems are characterized with decentralization, trustworthiness, openness, autonomy, anonymity and immutability, which brings trustworthiness for data management and value exchange in distributed computation environment without centralized trust authority. However, blockchain is still developing as a continuously evolving new technique. Its mechanisms, peripheral facilities and user maturity in security are yet to be optimized, resulting in various security threats and frequent security incidents. This paper first overviews the blockchain technology and its potential security vulnerabilities when being used for token transaction and exchange. Then the mostly-seen security problems are enumerated and analyzed with Bitcoin and Ethereum as two sample systems. We present the security problems encountered by blockchain peripheral facilities and users, and probe their root causes. Finally, we categorize the surveyed problems and propose the possible countermeasures or defenses to address them. Promising research areas and technology evolving directions are briefly covered for the future.