Loading...

Blockchain - Part 1

Course video 25 of 41

This module introduces several advanced topics in cyber security ranging from blockchain usage, user anonymity, and critical infrastructure protection.

Enterprise and Infrastructure Security

纽约大学坦登工程学院

课程 4（共 4 门，Introduction to Cyber Security 专项课程）

This course introduces a series of advanced and current topics in cyber security, many of which are especially relevant in modern enterprise and infrastructure settings. The basics of enterprise compliance frameworks are provided with introduction to NIST and PCI. Hybrid cloud architectures are shown to provide an opportunity to fix many of the security weaknesses in modern perimeter local area networks. Emerging security issues in blockchain, blinding algorithms, Internet of Things (IoT), and critical infrastructure protection are also described for learners in the context of cyber risk. Mobile security and cloud security hyper-resilience approaches are also introduced. The course completes with some practical advice for learners on how to plan careers in cyber security.

查看授课大纲

教学方

Dr. Edward G. Amoroso
Research Professor, NYU and CEO, TAG Cyber LLC

脚本

Hi, folks, Ed Amoroso here.

And in this video, I want to introduce, in sort of a part one video,

the concept of blockchain in the context of cyber security.

Blockchain has a lot of different applications.

But for us, as we learn cyber security, we'll see that one of it usages

involve detection if something has been changed.

And detection in very clever way that makes it almost impossible to sort

of erase the footprint of whether something really has been changed.

So let's start with the idea that when we're hashing,

we generally hash on something abstractly we call a message.

But in practice, it's not going to be a message, it's going to be something.

And say we work at a bank or in a financial services organization,

then the kinds of things we would want to be producing authenticity on by hashing,

would be like a financial record or data that describes some financial transaction.

And it could be one person giving a dollar to another, and

we sort of have a record of that.

And we'd like to hash that.

Now, we could hash it directly, meaning, we take that message and

we could sort of run a function on it and produce use whatever comes out.

We generally refer abstractly to that as lambda.

It would be whatever it is.

It would be a string of ones and whatever, ones and zeros.

But if we did it in hex,

then it'd be a long hexadecimal number with ones, and twos, and nines,

and able, baker, Charlies, and foxes, and sixes and so on, big long number.

Now, if we decided that we wanted the output to be something that was fixed,

was a fixed pattern, and in the context of the BitCoin community,

there's been some agreement that a typical pattern that we would use for

blockchain output, as we hash, would be a hash value that starts with four zeros.

Now, you say, why that?

Well, it's just a convention.

Could it have been four ones?

Yes. Could it have been four sixes?

Yes, it could be whatever.

But the convention is four zeros.

So now what we do, is we introduce, along with that record,

something that we refer to in cryptography as a nonce.

So put the nonce and we put the data together.

I'm going to encrypt the two of them using a hash function, produce a lambda.

And it would be some number.

And I look at it, and it doesn't have four zeros, and I go boy,

I wish it had four zeros.

So, I try it again, and I try it again, and I try it again.

And eventually I get a number with the nonce selection that gives me four zeros.

And we refer to that as kind of being mined.

Now, if everything stays the way it does, then we're in good shape.

We got a record that has a nonce value that,

combined with the data record, produces a hash value that has four zeros.

Now, if somebody comes along and wants to change a record, like maybe change $1

to $4 million, for whatever reason, the whole thing goes all out of whack.

You've changed the record, you've changed the data.

And now, the nonce that you'd selected with the data record,

produced a hash value that doesn't have four zeros anymore.

So that's not going to stand.

That's a clear indicator that you haven't, in some sense, mined or

validated the record.

So what would you have to do now?

Well, you start spinning the nonce again.

You try a bunch of different nonce values.

Try, try, try and you're getting all these outputs.

And then, finally, you get a hash value that has four zeros but,

probably, in fact, not probably, definitely a different set of

numbers as the hash value than you had before.

Now, it's valid in the sense that there's four zeros followed by some pattern.

But it's different than it was before.

So while we can acknowledge that we've gone back,

and we've changed the nonce to make things, in some sense, valid.

We have a very clear record, if we kept track of what was there before.

And the way you might keep track is through multiple distributed copies

of this blockchain.

So, if I have ten of them, and I'm watching all these things together.

And somebody changes one of them, then the others guys are going to

know something is funny, even if go in and clean things up by remining.

The likelihood of you getting exactly the same hash value

on changed record, is a property of the hash function.

The hash function is designed specifically for

that not to be the case or for the likelihood of that to be so

unlikely that you just don't have to worry about it.

In your study of cryptography, you know how that sort of thing is achieved

through proper modern cryptographic algorithmic design.

So it's kind of a cool concept for those of us in cyber,

we look at this and say, this is incredible.

It really gives us an opportunity to really provide a footprint

of whether somebody's tampered with data,

which is one of the primary threats we see in things like financial services.

Somebody coming in, wanting to change account balances,

wanting to change transaction records, kind of whatever.

You wouldn't want that to be the case in this idea of producing a hash with a nonce

to a fixed value where the value has a pattern that we predetermine.

And make sure that we're preserving through the validity check is really,

really kind of cool.

It's one of the reasons why people get so excited about blockchain as a base.

Now I said at the beginning of this video, this is a part one.

What we'll do in a subsequent video is we'll look a little bit at how

the second part of that word blockchain kind of comes into it.

And how you put things together in a way that's going to

provide an even greater set of evidence.

Greater confidence that when records are changed it's

very unlikely that perpetrator is going to get away with it.

So let's see in the subsequent video.

关于 Coursera

课程、专项课程和在线学位均由全世界一流大学和教育机构的顶尖授课教师教授。

Join a community of 40 million learners from around the world

Earn a skill-based course certificate to apply your knowledge

Gain confidence in your skills and further your career

Coursera 致力于普及全世界最好的教育，它与全球一流大学和机构合作提供在线课程。

© 2019 Coursera Inc. 保留所有权利。

通过 App Store 下载

通过 Google Play 获取