Making Blockchain Real for Business IBM Blockchain Offering

Similar documents
IBM Blockchain. High Secure Business Network. Angel Nunez Mencias. May 16, IBM Corporation

Lessons Learned from running Hyperledger Demos on z/vm Linux. Yongkook(Alex) Kim Vicom Infinity June 23 rd 2017 Ohio State University

Hyperledger Fabric v1.0 Deep Dive. Binh Nguyen, IBM

Dyadic Security Enterprise Key Management

IBM Db2 Analytics Accelerator Version 7.1

IBM LinuxONE Rockhopper

Distributed Ledger Technology & Fintech Applications. Hart Montgomery, NFIC 2017

Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof

Linux on IBM Z. Operational efficiency and trustworthiness. Linux at its best. Highlights. IBM Systems Data Sheet

Running blockchain demo app with Hyperledger Fabric on LinuxONE server Labs

Blockchain Frameworks

Connect and Transform Your Digital Business with IBM

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

IBM Compose Managed Platform for Multiple Open Source Databases

SOLUTION ARCHITECTURE AND TECHNICAL OVERVIEW. Decentralized platform for coordination and administration of healthcare and benefits

EBPI Critical Payments Solutions for a market in turbulence. Frank Kooistra, Product Owner

IBM Cloud Hyper Protect DBaaS

Fabric Development Update & Discussion. Binh Nguyen

Hardware Cryptography and z/tpf

IBM Cloud for VMware Solutions

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

#techsummitch

Database Level 100. Rohit Rahi November Copyright 2018, Oracle and/or its affiliates. All rights reserved.

An Innovative Hyperledger Fabric Blockchain to Eliminate Fraud from Philanthropic Giving

Adding value to your MS customers

Lecture 44 Blockchain Security I (Overview)

Security Requirements for Crypto Devices

Why AWS CloudHSM Can Revolutionize AWS

Provisioning secure Identity for Microcontroller based IoT Devices

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Patching and Updating your VM SUSE Manager. Donald Vosburg, Sales Engineer, SUSE

QuickSpecs. Key Features and Benefits. HP C-Series MDS 9000 Storage Media Encryption (SME) Software. Overview. Retired

2013 Cisco and/or its affiliates. All rights reserved. 1

Security in NVMe Enterprise SSDs

A Byzantine Fault-Tolerant Ordering Service for the Hyperledger Fabric Blockchain Platform

The Road to a Secure, Compliant Cloud

Choosing the level that works for you!

Who s Protecting Your Keys? August 2018

PKI Credentialing Handbook

Microsoft Azure Stack Hybrid Cloud. The Modern System Architecture

IBM Single Sign On for Bluemix Version December Identity Bridge Configuration topics

Hyperledger - Project Overview. January 2018

Connecting Securely to the Cloud

Enabling Open Standards at Scale

Mellanox InfiniBand Solutions Accelerate Oracle s Data Center and Cloud Solutions

Test drive Hyperledger Composer Playground and blockchain demo app with Hyperledger Fabric on IBM LinuxONE server

API s in a hybrid world. Date 28 September 2017

Hyperledger Fabric Single Member Blockchain in Azure Marketplace Christine Avanessians Senior Program Manager

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

What s new in Db2 Analytics Accelerator V7.1.2 and V7.1.3

Speed to Market with Open Source

Build your own Cloud on Christof Westhues

Utimaco HSM Introduction JIPDEC Seminar June 2017

Pervasive Encryption for Linux on z Systems and LinuxONE

OpenStack enablement for IBM Z DPM

Performance Benchmarking & Optimizing Hyperledger Fabric Blockchain Platform

The Pervasive Encryption Imperative. IBM Competitive Project Office Mark Moore Senior Software Engineer

API Connect. Arnauld Desprets - Technical Sale

Secure Key Management and Data Privacy on z/tpf

Docker and Oracle Everything You Wanted To Know

Deploying Secure Boot: Key Creation and Management

Securing VMware NSX MAY 2014

ISSUSE AND FEATURES TO CONSIDER WHEN SELECTING A BLOCKCHAIN SYSTEM. Find us at

B2B Marketplace Platform

Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin

What s new under the blockchain sun. HYPERLEDGER FABRIC AND A SHORT SURVEY OF INTERLEDGER. DIDIER PH MARTIN, PHD.

Next Paradigm for Decentralized Apps. Table of Contents 1. Introduction 1. Color Spectrum Overview 3. Two-tier Architecture of Color Spectrum 4

Hyperledger fabric: towards scalable blockchain for business

TERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004

Launch Smart Products With End-to-End Solutions You & Your Customers Can Trust

Database as-a- Service with IBM LinuxONE and z Systems. Dr. Holger Smolinski, IT Architect Boeblingen, March 28, 2017

A portfolio of hardware, software, and services for an enterprise-grade Linux operating environment. Marcel Mitran DE, CTO IBM LinuxONE

Technical Brief Distributed Trusted Computing

OpenStack Mitaka Release Overview

Blockhead Open Service Broker Jonathan Berkhahn Swetha Repakula IBM

Hypervisors & related technologies Arwed Tschoeke Client Center Böblingen

Service Description. IBM DB2 on Cloud. 1. Cloud Service. 1.1 IBM DB2 on Cloud Standard Small. 1.2 IBM DB2 on Cloud Standard Medium

ProtectV StartGuard. FIPS Level 1 Non-Proprietary Security Policy

Not ACID, not BASE, but SALT A Transaction Processing Perspective on Blockchains

The New Enterprise Data Center Summit. Session: zmr - consolidation with an affordable mainframe Speaker: Sreenath Chary Date: 19 th Nov 2008

Data Center and Cloud Automation

Blockchain on Kubernetes

nshield GENERAL PURPOSE HARDWARE SECURITY MODULES

Designing MQ deployments for the cloud generation

Cisco Storage Media Encryption for Tape

Executive Summary. (The Abridged Version of The White Paper) BLOCKCHAIN OF THINGS, INC. A Delaware Corporation

Exam C Foundations of IBM Cloud Reference Architecture V5

VMAX3 AND VMAX ALL FLASH WITH CLOUDARRAY

70-532: Developing Microsoft Azure Solutions

Strong Security Elements for IoT Manufacturing

The zenterprise Unified Resource Manager IBM Corporation

Redesigning PKI To Solve Revocation, Expiration, & Rotation Problems. Brian

Rethinking IoT Authentication & Authorization Models

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

Introduction to Fabric Composer

Key Management in a System z Enterprise

Putting It (almost) all Together: ios Security. Konstantin Beznosov

How to Keep UP Through Digital Transformation with Next-Generation App Development

Channel FAQ: Smartcrypt Appliances

Transcription:

Making Blockchain Real for Business IBM Blockchain Offering Guillaume Hoareau Certified IT Architect Blockchain on IBM z Systems SME V3.5, November 24th Page 1

Linux Foundation s Hyperledger Project Linux Foundation project announced December 17, 2015 with 17 founders, now 40 members The Hyperledger Project is a collaborative effort to advance Blockchain technology by identifying and addressing important features for a cross-industry open standard for distributed ledgers that can transform the way business transactions are conducted globally Open source and open standards-based Enable adoption of shared ledger technology at a pace and depth not achievable by any one company or industry Page 2 Chairman Executive Director Technical Chair Contribution Sprint to one codebase with unified thinking QUICK FACTS Blythe Masters/DAH Brian Behlendorf Chris Ferris/IBM 44,000 lines of code in February 2016 Target 3Q release www.hyperledger.org

2016 IBM IBM Corporation Pag Page3 3 As of 07 September 2016

How Hyperledger Works Has an Owner ID = Digital Cert Blocks Copy of Ledger Issues Transaction Sign Transactions 1. It all starts with one node Each block has a digital fingerprint of the previous block 2. Each node has the shared ledger 3. Nodes form a peer network Update A = 100 Then A=10 Now A=100 User Answer Validated 4. Users submit transactions 5. Consensus 6. Execution Page 4

Blockchain NOW Hyperledger fabric on Docker Hub Fastest development of blockchain solutions Certified Hyperledger fabric instances Supported by IBM available cross platform Dedicated compute power isolated partition High security business blockchain on Bluemix Bluemix blockchain service Secure key management (FIPS 140-2 Level 4) Tamper resistant service container Performance optimized (Operating System & Privacy Services) Fast blockchain network on Bluemix also now China Samples for deployment, customization & usage Tool support for development and deployment Supporting serious blockchain deployment! Page 5

IBM Blockchain offering - On-premises From Docker Container certified by IBM From the code source available on GitHub Page 6

Hyperledger Project Scope (Self Managed) App Layer Custom Applications Value Added Systems Core APIs Blockchain Fabric for a Permissioned, Distributed and Shared Ledger API libraries and GUIs Specialized extensions Specialized consensus algos Membership policies Gateway Operations dashboard Code execution environment Ledger data structures Modular consensus framework Modular identity services Network peers Out of scope Community + Code Linux Hyperledger Project Page 7

Hyperledger Project on IBM Systems APIs, Protocol CLI, REST, SDK Programming Database Software Requirements Linux Distribution Container Linux Virtualization Technology Virtualization LPAR KVM SSC z/vm IBM Systems IBM Systems IBM LinuxONE IBM z Systems IBM Power Systems Page 8

Hyperledger Acceleration and Security on IBM Systems COLLOCATION App 1 App2 App3 Optimized network between blockchain nodes up to 7X more throughput, 82% faster response time IBM Systems Crypto Stack Network Smart Contracts API Layer Smart Contracts Cryptographic Protocols Integrate Existing Business Processes: CICS, IMS, TPF, DB2, VSAM Elliptical Curve Digital Signatures (ECC P256, P384) Hashing (SHA) Crypto Accelerators Blockchain DB Shared Replicated Ledger In Memory (10TB) Block Creation Consensus Algorithm ISOLATION Global Security Compliance: Enterprise PKCS11, FIPS 140-2, EAL Page 9

Transaction Anatomy (API Query) Type -The type of the transaction. ID-The ID of a chaincodewhich is a hashof the chaincode. uuid-a unique ID for the transaction. Payload-Bytes defining the hashoftransactionpayload.payload. Cert- Certificate of the transactor. Signature- Signature of the transactor. Page 10

Eg. Hyperledger and IBM z Systems Crypto Stack CPACF SHA2 SIMD P256, P384 Page 11

Eg. Cryptographic Performance (1 IFL) P256Sign : 19,356 operations per second P256Verify : 7,636 operations per second SHA256x8 : 40,775,467 bytes per second SHA256x1K : 1,470,032,300 bytes per second 1.4 GB/s SHA256x8K : 2,081,554,661 bytes per second 2GB/s SHA512x8 : 29,498,960 bytes per second SHA512x1K : 1,682,964,910 bytes per second 1.6 GB/s SHA512x8K : 3,139,587,469 bytes per second 3.1 GB/s SHA3_256x8 : 5,008,226 bytes per second SHA3_256x1K : 112,317,044 bytes per second SHA3_256x8K : 123,028,957 bytes per second SHA3_512x8 : 5,508,810 bytes per second SHA3_512x1K : 69,438,021 bytes per second Digital Signature Hash Hardware acceleration with SIMD (x33 Improvement) Hardware acceleration with CPACF Software operations Page 12 Data size legend: x8: 8bytes x1k: 1024 bytes x8k: 8192

Hyperledger Purposed Topology Samples on IBM Systems LPAR KVM, z/vm, No Hyp SSC Partition LPAR Linux SSC IBM Blockchain Linux KVM, z/vm, No Hyp Linux Linux Linux Linux Horizontal Peer topology with z/vm or KVM Extreme Isolation and Security with SSC Vertical Peer topology with massive docker containers Page 13 Docker Peer Linux Peer

IBM Blockchain offering - Cloud Bluemix blockchain service High security business blockchain on Bluemix Page 14

IBM Blockchain for Business Bluemix Page 15 DEMO TIME

Secure Service Container High Security Business Network Secure Service Container (SSC) ensures How the Secure Service Container boot sequence works Appliance Content (i.e., Blockchain) Protected Memory (SSC PAR) Firmware Bootloader check Software Bootloader open Software Image & Data SSC Software Runtime Environment SSC signature check decryption decrypt Disc Encryption Key LUKS Disc Encryption LVM No system admin access, ever Once the appliance image is built, OS access (ssh) is not possible Only Remote APIs available Memory access disabled Encrypted disk Debug data (dumps) encrypted Secure Execution Context Mainframe & LinuxONE platform Page 16 Secure Service Container SE Encrypted Software Encrypted Data 1. Firmware bootloader is loaded in memory 2. Firmware loads the software bootloader from disk i. Check integrity of software bootloader ii. Decrypt software bootloader 3. Software bootloader activate encrypted disks i. Key stored in software bootloader (encrypted) ii. Encryption/decryption done on the flight when accessing appliance code and data 16

IBM Secure Service Container Protection from system administrators Appliance code cannot be accessed even by platform or system administrators. Data access is controlled by the appliance, therefore unauthorized access is disabled. This is supported through a combination of signing and encrypting all data in flight and in rest. All the access to memory is also removed. Firmware supports this with a secure boot architecture. System administrators have the following limitations when blockchain is secured by the IBM Secure Service Container: Cannot access the blockchain node Cannot view the blockchain Tamper protection The IBM Secure Service Container disables all external interfaces that provide LPAR memory access. An image boot loader is signed to ensure that it cannot be tampered or exchanged with a different one. Encrypted appliance disks All code and data stored on disk is encrypted at all times by using the Linux encryption layer: Encapsulated operating system Protected IP Embedded monitoring and self-healing Page 17 Source: https://console.ng.bluemix.net/docs/services/blockchain/etn_ssc.html

Overview: High security business network Service Plan on Bluemix IBM Cloud Service Plans Starter Plan High Security Plan Isolated and highly secured environment, distinguishing it from other cloud-hosted offerings Purpose Development Simulate a business network Operating system, fabric, and nodes all exist in an IBM Secure Service Container, providing your enterprise with a high level of security 4 nodes + Certificate Authority Dashboard for registration, monitoring, provisioning & documentation provided through Bluemix Network Connections through SoftLayer IBM Secure Service Container also delivers performance optimization for peer-to-peer communication, availability, scalability, hardware encryption, & securely encrypted VMs Keys secured in HSM Cloud Provisioning & Self Service Enablement Service Management and Billing through Bluemix Customer Support through Bluemix Environment Shared, multi-tenant Isolated, single tenant Sign up: https://www.ibm.com/blockchain/bluemix.html Product documentation: https://new-console.ng.bluemix.net/docs/services/ blockchain/etn_hsn.html Secure Service Container Highest levels of isolation in industry Compliance for highly regulated industries (Keys secured in HSM) Accelerated performance Page 18 18

Conclusions : Blockchain NOW Hyperledger fabric on Docker Hub Fastest development of blockchain solutions Certified Hyperledger fabric instances Supported by IBM available cross platform Dedicated compute power isolated partition High security business blockchain on Bluemix Bluemix blockchain service Secure key management (FIPS 140-2 Level 4) Tamper resistant service container Performance optimized (Operating System & Privacy Services) Fast blockchain network on Bluemix also now China Samples for deployment, customization & usage Tool support for development and deployment Page 19 IBM Blockchain 101: Quick-start guide for developers Free Certification!

Thank you! Guillaume_hoareau@fr.ibm.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback