Research & Reports

Enterprise Blockchain Security 2020-6

February 5, 2021 | Mina Hao

Regulatory Policies With years of development, the blockchain industry has taken shape, but enterprise blockchain applications are still at an exploratory stage. The blockchain ecosystem contains SPs, application vendors, and users. SPs in this context provide blockchain information services, whose compliancerequirements are surely different from those for other information services (such as cloud services) due […]

Enterprise Blockchain Security 2020-5

February 3, 2021 | Mina Hao

The enterprise-related blockchain security landscape has two layers of meanings: enterprise blockchain security situation and blockchain-related enterprise security situation. The former refers to the security posture of enterprises that have deployed blockchain applications. In the latter case, although an enterprise does not deploy any blockchain applications, security threats facing it point to blockchains. In terms […]

Enterprise Blockchain Security 2020-4

February 1, 2021 | Mina Hao

This chapter analyzes security threats facing enterprise blockchains.

Annual IoT Security Report 2019-18

January 29, 2021 | Mina Hao

Introduction IoT devices are faced with a great security challenge and their security appears particularly important. On one hand, though IoT devices have had a long existence, legacy IoT devices and their application protocols contain a variety of vulnerabilities due to the ill-conceived security design. On the other hand, as noted in the analysis of […]

Enterprise Blockchain Security 2020-3

January 27, 2021 | Mina Hao

Current mainstream consortium blockchain platforms include Hyperledger, Quorum, and R3 Corda, which are described in detail in the following sections.

Enterprise Blockchain Security 2020-2

January 26, 2021 | Mina Hao

This chapter describes the characteristics, usage scenarios, and architecture of enterprise blockchains, and illustrates three major enterprise blockchain systems in three separate sections.

Annual IoT Security Report 2019-17

January 22, 2021 | Mina Hao

Malicious Behaviors Targeting UPnP Vulnerabilities We captured four kinds of UPnP exploits 1, as shown in Table 4-7. Apparently, all the exploits targeted remote command execution vulnerabilities. Besides, we found that when a vulnerability is found on a specific port, attackers usually directly hit this port by skipping the UPnP discovery phase.

Enterprise Blockchain Security 2020-1

January 19, 2021 | Mina Hao

Blockchains are distributed digital ledgers of cryptographically signed transactions that are grouped into blocks. Each block is cryptographically linked to the previous one (making it tamper evident) after validation and undergoing a consensus decision. As new blocks are added, older blocks become more difficult to modify (creating tamper resistance). New blocks are replicated across copies […]

Annual IoT Security Report 2019-16

January 15, 2021 | Mina Hao

The following sections analyze threats from the port mapping service based on UPnP port mapping tables collected from network-wide devices. Overview In the 2018 Annual IoT Security Report , we focused our attention on four types of malicious port mappings that had the most distinctive characteristics and the most extensive impact. Of the four major […]

Annual IoT Security Report 2019-15

January 8, 2021 | Mina Hao

In the 2018 Annual IoT Security Report, we analyzed threats against UPnP and you can refer to the report for basics of UPnP. In this report, we updated UPnP-related data and added new findings. Viewpoint 6: Approximately 2.28 million IoT devices around the world had the UPnP/SSDP service (port 1900) publicly accessible and therefore were […]