Abstract
In today's world, the storage of data needs a huge amount of space. Meanwhile, cloud and distributed environments provide sufficient storage space for the data. One of the challenging tasks is the privacy prevention of storage data. To overcome the problem of privacy, the blockchain-based database is used to store the data. There are various attacks like denial of service attacks (DoS) and insider attacks that are performed by the adversary to compromise the security of the system. In this chapter, the authors discussed a blockchain-based database, where data are encrypted and stored. The Web API is used as an interface for the storage and sharing of data. Here, they are mainly focused on the SQL injection attack, which is performed by the adversary on Web API. To cope with this problem, they present the case study based on the Snort and Moloch for automated detection of SQL attack, network analysis, and testing of the system.
TopIntroduction
Blockchain has become one of the significant technologies in the field of the IT industry. From the last few decades, blockchain came to the headlines, for the success of crypto-currency and smart contracts technology. After that many companies adopt blockchain technology for their products. Blockchain technology is started in the year 1991, where the trusted time-stamping protocol is used for data privacy (Haber, 1991). Later on in the year 1992, the Merkle tree is proposed for storing the multiple data in a single block (Bayer, 1992). After that researchers are not given much focused to evolve the technology because of the emergence of a centralized system. There is various research that has been done in the field of blockchain in the different time frames which are shown in Figure 1.
Figure 1. The Various Development in the Field of Blockchain at Different Time Frame
Blockchain Safety and Security
The blockchain technology is based on the public ledger, where the data are stored at several nodes for transmission. There are various security principles and features of the blockchain system such as.
- 1.
Decentralization: There is no single point failure present in the blockchain system because the nodes are distributed across the internet and all transactions over the network can be seen by all the nodes.
- 2.
Confidentiality: Public-key cryptography is used to identify authentic users, and provide the secure transmission of the data over the internet.
- 3.
Integrity: Blockchain technology is based on the concept of time-stamped, where every data is signed with a unique time, and any nodes can easily trace and validate the transaction.
- 4.
Transparency: In the blockchain system the unique agreement is signed by the nodes and the network before the transmission of data.
- 5.
Immutability: The blockchain is the concept of the block, where the data added to the network will not be destroyed or modified.
The blockchain systems are operated by a public ledger, where every node has access to the network data. Any transaction that has occurred on the network is reviewed and validated by the different node members. This creates data transparency and it is not possible to alter the ledger without seeing by any actor within the system network. This concluded that the blockchain systems are resisted against any type of attack. Based on the theory there are no virtual attacks that are possible to the blockchain system. But in the year 2017, there is 10 percent of attacks are executed on the blockchain system (Passeri, 2017). This incident caused a huge loss for the IT industry. Many researchers point that blockchain technology is mainly focused on Cryptocurrency, where the adversaries get huge rewards once the attack is succeeded.
Key Terms in this Chapter
SQL Injection: It is a kind of attack which is performed by the adversary by inserting the SQL query in the input data section of the client application.
Intrusion Detection System (IDS): It is a software application to monitor unwanted and malicious activity on the network.
Hash Functions: In this, the arbitrary size of data is mapped with fixed-size values, where the hash table is used for storage and retrieval.
Data Security: Protection of digital content in online/offline mode by any kind of attack which is performed by the adversary.
Blockchain: It is created by a data block that is connected like a chain, where the data in the chain is consists of a list of records that are inter-linked by using a cryptography algorithm.
Structure Query Language (SQL): It is a domain-specific language that is used for managing the data relational database management system.
Timestamp: It is used to create the time for each data that is stored in the database.
Domain Name System (DNS): It is a collection of computers in the form of hierarchical or decentralized, where the resources are connected with the Internet or a private network.
User Interface: It is web-based user interfaces, where applications accept the data at runtime environment.
Symmetric Key Cryptography: In this, the sender and receiver use a single key for encryption and decryption.
Public-Key Cryptography: In this, the sender and receiver use a different key for encryption and decryption.