IT Audit Blockchain encryption technology types and how to conduct IT Audit
23-02-20
본문
Blockchains use different types of encryption, and the type of encryption used determines how to perform an IT audit of a particular blockchain.
Let's take a look at what to focus on in an IT audit based on the cryptography used in a blockchain.
1. Hash functions
To verify the accuracy of the original message, hash functions are used to generate a fixed-size message digest from a variable-size message.
Because hash functions are irreversible, it is impossible to reconstruct the original message from the digest. Therefore, the integrity of the data should be a primary concern when auditing blockchains that use hash algorithms.
IT auditors should compare the hash of the original message with the hash of the message on the blockchain to assess that the message has not been altered.
2. Symmetric key encryption
When one key is used for both encryption and decryption, this is called symmetric key cryptography. Blockchain technology uses this kind of encryption to protect transaction data.
When auditing a blockchain that uses symmetric key encryption, the security of the encryption keys should be a top priority.
IT auditors should assess whether the keys are stored in a secure location, whether only authorized people have access to them, whether the keys were generated and distributed correctly, and whether the keys have not been altered.
3. Asymmetric key encryption
Asymmetric key encryption encrypts and decrypts data using two separate keys (public key, private key). Digital signatures, for example, frequently employ asymmetric key encryption techniques like RSA and the Elliptic Curve Digital Signature Algorithm (ECDSA).
IT auditors need to check that the proper public key is used to validate transactions and determine whether private keys are being maintained securely.
Conclusion:
In conclusion, encryption is crucial for securing data on blockchains. Depending on the type of encryption technique utilized, IT audits of blockchains should be conducted differently, thus it's critical to have a solid grasp of these technologies.
