Security Assessment of Blockchain in Chinese Classified Protection of Cybersecurity

• Main Authors: Di Wang, Yan Zhu, Yi Zhang, Guowei Liu
• Format: Article
• Language: English
• Published: IEEE 2020-01-01
• Series: IEEE Access
• Subjects: Blockchain; classified protection of cybersecurity; peer-to-peer network; consensus mechanism; assessment and analysis
• Online Access: https://ieeexplore.ieee.org/document/9249006/

Classified protection is one of primary security policies of information system in many countries. With the increasing popularity of blockchain in various fields of applications, it is extremely necessary to promote classified protection for blockchain's risk assessment in order to push forward the sustainable development of blockchain. Taking the Level 3 in Chinese classified protection 2.0 as an example, this paper proposes the common evaluation rules on blockchain to ensure that blockchain can meet the needs of countries to build it as critical infrastructure. Both assessment requirements and enforcement proposals are presented and analyzed from the standpoint of blockchain's core technologies, e.g., peer-to-peer network, distributed ledger, contract's scripting system, and consensus mechanism. Moreover, the assessment results on three main platforms, Bitcoin, Ethereum, and Hyperledger, are summarized and analyzed in compliance with the control points specified in the level 3. Our investigation indicates that the current blockchain is able to satisfy the requirements of evaluation items in many aspects, such as software fault tolerance, resource control, backup and recovery, but further improvements are still needed for some aspects, including security audit, access control, identification and authentication, data integrity, etc., in order to satisfy the requirements of important fields on national security, economic development and human life.