In blockchain technology, cryptography is primarily used for two purposes:
- To secure the identity of the sender for any transactions.
- To ensure the past/historical records cannot be tampered with.
Blockchain technology widely uses cryptography as a means of protecting the identities of users, ensuring transactions are done safely and securing all information and storages of value. This gives anyone using blockchain the complete confidence that once something is recorded on a blockchain, it is done so legitimately and in a manner that preserves its security.
Despite being founded upon a similar framework, the type of cryptography used in blockchain, namely public-key cryptography, is considerably better suited to the functions associated with the technology than symmetric-key cryptography.
PKC – ( public key cryptography) Rather than using a single key for encryption and decryption, as is the case with symmetric key cryptography, separate keys (a public key and a private key) are used.
Although in public-key cryptography a digital signature is produced, this secures the integrity of the data shown. Via a mathematical algorithm, it combines a user’s’ private key with the data that they wish to sign.
Since the actual data is a part of the digital signature, the network doesn’t recognize it as valid if any part of it is tampered. Editing even the slightest aspect of the data reshapes the whole signature, thus making it false and obsolete. This makes blockchain technology capable of guaranteeing that any data being recorded onto it is true, accurate and untampered with.
Digital signatures are the key feature in Blockchain where the data recorded its immutability.
How to test:
The basic question that arises is how we test cryptography within blockchain. There are various techniques and methodologies used by our team:
SHA-256: To test the digest, SHA-256 generates unique 256 bits i.e 32 bytes signature for a text. 1st it can be verified that it’s creating 32 bytes output. Secondly link the hash message to the original, the receipt can be re-hash and compared to the original hash. If they match, it indicates that the message is unchanged and there is no data loss in transmission.
Similarly there are SHA-512, SHA-1, and SHA-3 etc.
Merkle tree testing in ethereum platform can be accomplished by verifying the hashes of a block and state root for each level. One need to be careful to see that child level is actually making its 1 level up parent. Other factor that needs to be taken care is the Orphan child level should be a valid one. Traversing to and fro the hash tree should be feasible and not broken
Penetration testing in ethereum platform: There are lots of tools available in market both open source and customized versions. One such tool which needs a mention is “SlowHTTPTest” that simulates application layer denial of service attacks. One needs to test both Header and Body of the HTTP requests through exposed API endpoints. Based on the response time, it can be verified that the concurrent requests are being processed or there is a denial of service. This way we can confirm how vulnerable the app to slow http attacks in their default configurations.
There are lots many features and ways to ensure that security is not jeopardized for any applications and is hacker free almost. We at MagicBlockchainQA, with thorough knowledge and vast industry experience ensure testing satisfies the following areas
- Confidentiality − It protects any disclosure of information to unintended recipients.
- Integrity − It allows accurate and correct desired information get transferred from senders to its intended receivers.
- Authentication − the identity of the user is verified and confirmed.
- Authorization − It specifies access rights and permissions to the users and resources.
- Availability − It enables the readiness of the information on requirement.
- Non-repudiation − It ensures that there is no denial from the sender or the receiver for having sent or received any particular message.
To know more about BlockChain testing and our services please contact us at www.magicblockchainqa.com.
Drop in your comments or queries, at https://www.magicblockchainqa.com/call-us/
Thanks for reading.
Refrences: https://www.garykessler.net/library/crypto.html
https://www.tutorialspoint.com/security_testing/index.htm