区块链是这样成为提升网络安全的利器

区块链可以在以下三个方面提高安全性：防范窃取身份信息，防止数据篡改，防范拒绝服务攻击（Dos）。

Block chains can enhance security in three areas: protection against identity theft, prevention of data manipulation and protection against denial-of-service attacks (Dos).

1、保护身份

Protection of identity

公钥基础设施（PKI）作为一种流行的公钥加密技术，它用于保护电子邮件，即时通讯软件，网站和其他的通信方式。然而，由于大多数PKI是中心化部署的，需要依赖第三方证书机构（CA）为参与者发布，撤销和存储证书，所以黑客们可以伪造成CA欺骗用户身份并破解加密后的通信信息。

Public Key Infrastructure (PKI) is a popular public key encryption technology that protects e-mails, instant messaging software, websites and other means of communication. However, as most PKIs are deployed centrally, relying on third-party certification agencies (CAs) to issue certificates for participants, cancel and store them, hackers can fake the CA's deception of user identities and decipher encrypted communication messages.

例如，近期关于破产和谈判争议不断的及时通讯类工具WhatsApp，被指责有可能被黑客利用冒充中间人漏洞来攻击这款被称为全球最流行和最安全的即时通讯工具。而通过区块链发布公钥信息可减少中间人攻击的风险，并且能准确验证与您通讯好友的身份。

For example, the recent timely communication-type tool WhatsApp, on insolvency and negotiations, has been accused of being used by hackers to use a pseudonym to attack what has been described as the most popular and safe instant communication tool in the world. The release of public-key information through block chains reduces the risk of an intermediary’s attack and can accurately verify the identity of your friends.

CertCoin是首个实现基于区块链的公钥基础设施（PKI）的应用之一。该项目由麻省理工(MIT)开发，实现了完全去中心化的认证方式，并利用区块链及公钥来搭建分布式的域名账本。CertCoin提供了一个公开可信的公钥基础设施，同时也能够防范单点故障的发生。

CertCoin is one of the first applications to achieve a PKI based on the block chain. This project was developed by MIT, which achieved a fully decentralised certification, and used block chains and public keys to set up distributed domain accounts. CertCoin provides an open and credible PKI infrastructure that also protects against single-point malfunctions.

就在不久，科研公司Pomcor也发布了他们基于区块链的PKI蓝皮书，它不会采用完全废除中心化的认证方式，但仍会使用区块链去存储已发布或撤销的证书hash值。这种方法给用户提供一个分布式，可溯源的验证方式来查验证书的真伪性。它还利用区块链技术对本地证书副本进行加密和签名验证的方式来优化网络节点的性能。

Shortly after, Pomcor, a scientific research company, also published their PKI blue book based on block chains, which does not use a completely decentralised authentication method, but still uses block chains to store published or revoked certificate hash values. This method provides users with a distributed, traceable means of authentication to verify the authenticity of certificates. It also optimizes the performance of network nodes by using block chain technology to encrypt and sign copies of local certificates.

另外一个基于分布式分类帐认证的项目IOTA也同样受到关注，它利用Tangle（一种轻量级和可扩展的分布式账本）技术为数百万物联网设备提供骨干网支撑，并且不需要第三方机构进行授权。

Another project, IOTA, based on the certification of distributed ledgers, is also of concern, using Tangle (a lightweight and scalable distributed book) technology to provide backbone support for millions of items networked equipment without the need for authorization from third-party agencies.

IOTA联合创始人David S?nsteb?表示

IOTA co-founder David S?nstab?

“IOTA使用分布式账本去关联和匹配的个人的身份信息的hash值，通过这种方式建立整个身份认证系统。事实上，通过将个人的身份信息与无法伪造的hash值进行绑定关联后，使你的身份信息无法被伪造。”

"IOTA uses a distributed account to connect and match the personal identification hash values to create an entire identification system in this way. In fact, by tying the identity information of a person to a non-forgerable hash value, your identity information cannot be forged."

2、保护数据的真实完整性
我们使用私钥对文档和文件进行签名后，可以使接收者验证文件来源的真实性。所以我们要竭尽全力去保证加密密钥没有被篡改，因此对于加密信息来说密钥永远是最重要的。

Protecting the true integrity of the data
allows the recipient to verify the true origin of the document by signing the document and file using a private key. So we do everything we can to ensure that the encryption key is not tampered with, so that the key is always the most important to encrypted information.

区块链使用分布式账本技术对文件进行签名，来代替传统传统的文件签名方式，使得黑客们几乎不可能伪造和窃取数据。打个比方，你如何证明圣安东尼奥马刺队是2014年NBA季后赛的冠军呢？这不需要证明，因为它就是个常识。这也同样适用于区块链分布式分类帐上的数据。

Block chains use distributed booking techniques to sign documents instead of traditional document signing methods, making it almost impossible for hackers to falsify and steal data. For example, how do you prove that the St. Antonio Marques were the champions of the 2014 NCA after season? This does not require proof, because it is common sense. The same applies to data in the block chain distribution ledger.

免密钥签名系统（KSI）是一个由数据安全创业公司GuardTime开发的区块链项目，旨在取代基于密钥的数据认证方式。KSI系统将原始数据和文件的hash值存储在区块链网络上，并通过散列加密算法校验和比对存储在区块链上其他节点上的的副本。因为原始文件的散列值分布于成千上万的节点智商，因此对数据的任何操作都会很快得到响应。

The key-free signature system (KSI) is a block chain project developed by the data security start-up firm GuardTime to replace key-based data authentication. The KSI system stores the original data and files'hash values on the block chain network and, through the hash encryption algorithm, verifies and compares copies stored on other nodes of the block chain. Because the hash values of the original documents are distributed among thousands of node intelligence agents, any operation of the data will quickly be responded to.

正如GuardTime的CTO Matthew Johnson谈到，

As GuardTime's CTO Matthew Johnson said,

区块链技术为数据验证提供了一种可信的“数据来源和完整性”数学范式。

Block chain technology provides a credible “data source and integrity” mathematical paradigm for data validation.

美国国防部的DARPA部门正在考虑将KSI系统应用于保护敏感军事数据。

The DARPA department of the United States Department of Defense is considering the application of KSI systems to protect sensitive military data.

在医疗保健方面，区块链公司Gem使用区块链技术提升了患者病历数据的透明度，可审计性，细化对数据的访问权限。这是特别重要的，由于医疗机构存储了处理大量的健康敏感数据，因此其经常成为数据泄露的受害者，所以使用区块链技术来保护数据就很重要。Gem的副总工程师Siva Kannan谈到，

In the area of health care, Gem, a block chain company, uses block chain technology to enhance the transparency, auditability and fine-tuning of access to patient medical records. This is particularly important, as medical institutions store a large amount of health-sensitive data and thus often become victims of data leaks, it is important to use block chain technology to protect data.

“数据控制关键业务流程，患者健康数据和临床试验数据都是医疗保健行业的易受攻击的地方，区块链技术将有助于验证来自不同医疗机构患者数据信息的完整性，对医疗机构业务流程中产生的数据进行审计跟踪，使其无法被篡改；同时也能保证临床试验中收集到的实验数据的完整性。”

“Data control key business processes, patient health data and clinical trial data are all vulnerable places in the health-care industry, and block chain technology will help validate the integrity of patient data from different health-care institutions, audit and track data generated from the business processes of health-care institutions so that they cannot be tampered with, while also ensuring the integrity of experimental data collected in clinical trials.”

3、保护关键基础设施
10月份大规模的分布式拒绝服务攻击(DDos)给了我们所有人一个惨痛的教训。我们可以意识到黑客获取目标关键服务是多么容易。只需要对域名供应商(DNS)进行攻击，就可以切断攻击者几小时的访问Twitter,Netflix,paypal,和其他网站服务,这也是另一种对集中基础设施管理失败的表现。

3. Protecting critical infrastructure
the massive distributed denial-of-service attack (DDos) in October is a painful lesson for all of us. We can recognize how easy hackers can be to access critical services.

Coin Center的Peter Van Valkenburgh提出,使用区块链技术来存储DNS域名可以提升安全网络安全防护水平，减少单点故障的风险，使黑客无法对整个网络进行攻击。

Peter Van Valkenburg of Coin Center suggested that the use of block chain technology to store DNS domain names could raise the security level of the safety net, reduce the risk of single-point malfunctions and prevent hackers from attacking the entire network.

Nebulis是一个探索如何构建分布式DNS的概念项目。Nebulis使用以太坊区块链和分布式文件系统(ipfs)替代中心化的http协议，来登记和解决域名问题。Nebulis创始人PhilipSaunders提出。

Nebulis is a conceptual project that explores how to construct distributed DNSs. Nebulis uses a web protocol that replaces a centralised version of the Taiku block chain and distributed file system (ipfs) to register and resolve domain names.

“当前DNS系统的被攻击的致命弱点是因为它过于依赖缓存，缓存可以让分布式拒绝服务攻击DNS服务器变得易于攻击,并使得社交网络和域名供应商被单一机构控制。”

“The lethal weakness of the current attack on the DNS system is that it is too dependent on the cache, which makes distributed denials of services against DNS servers easier to attack and makes social networks and domain name providers controlled by a single agency.”

区块链技术将会节省网络与DNS解析的有关费，而成本费用仅用于更新和控制新的域名。桑德斯表示，

The block chain technology will save the costs associated with the network and DNS resolution, and the cost will only be used to update and control the new domain name.

“这对于目前压力过大的物理骨干网络很是一个巨大的机遇，同时也意味着我们可以废除许多冗余的传统的DNS机构并创造出更为美好的东西。”

“This is a great opportunity for an overstretched physical backbone network, and it means that we can abolish many redundant traditional DNS institutions and create better things.”

透明的、分布式的DNS域名解析系统是不可能由单一节点进行控制的，包括任何政府机构、中心机构也都无法控制。

A transparent and distributed DNS domain name resolution system cannot be controlled by a single node, including any government agency or central agency.

网络安全还会出现很多新式的、意想不到的威胁，而且还会一直存在。区块链不是解决所有互联网安全问题的良方,但他将成为工程师和专家们的强大工具，利用区块链来强化系统，减少我们周围的众多网络安全威胁,特别是对中心机构或存在单点故障隐患的系统。

There are many new and unexpected threats to cybersecurity that will persist. Block chains are not a good solution for all Internet security, but they will be powerful tools for engineers and experts to use block chains to strengthen systems and reduce the many cyber security threats around us, especially for central institutions or systems with single-point failures.