Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Similar documents
ENEE 457: E-Cash and Bitcoin

Hyperledger fabric: towards scalable blockchain for business

Distributed Ledger Technology & Fintech Applications. Hart Montgomery, NFIC 2017

Key concepts of blockchain

Lecture 44 Blockchain Security I (Overview)

Blockchain, cryptography, and consensus

SOLUTION ARCHITECTURE AND TECHNICAL OVERVIEW. Decentralized platform for coordination and administration of healthcare and benefits

Executive Summary. (The Abridged Version of The White Paper) BLOCKCHAIN OF THINGS, INC. A Delaware Corporation

Blockchain! What consultants should know about it. Daniel

A Blockchain-based Mapping System

The power of Blockchain: Smart Contracts. Foteini Baldimtsi

White Paper. Blockchain alternatives: The case for CRAQ

BBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air -

Privacy based Public Key Infrastructure (PKI) using Smart Contract in Blockchain Technology

Bitcoin, a decentralized and trustless protocol

Hyperledger Fabric v1:

Problem: Equivocation!

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

Security: Focus of Control

OpenbankIT: a banking platform for e- money management based on blockchain technology

Who wants to be a millionaire? A class in creating your own cryptocurrency

Blockchains & Cryptocurrencies

Preserving Data Privacy in the IoT World

SpaceMint Overcoming Bitcoin s waste of energy

BITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW

Bitcoin and Blockchain

Introduction to Cryptography in Blockchain Technology. December 23, 2018

Privacy-Enabled NFTs: User-Mintable, Non-Fungible Tokens With Private Off-Chain Data

BLOCKCHAIN ARCHITECT Certification. Blockchain Architect

Enhanced Immutability of Permissioned Blockchain Networks by Tethering Provenance with a Public Blockchain Network

UNIT - IV Cryptographic Hash Function 31.1

IoT security based on the DPK platform

Privacy Enhancing Technologies CSE 701 Fall 2017

Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. Yashar Dehkan Asl

Using Chains for what They re Good For

A Scalable Smart Contracts Platform

Hyperledger - Project Overview. January 2018

Blockchain (de)constructed

Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues

Blockchain without Bitcoin. Muralidhar Gopinath October 19, 2017 University at Albany

Decentralized Identity for a Decentralized World. Alex Simons Partner Director Program Management, Identity Division Microsoft

Securing, standardizing, and simplifying electronic health

Biomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs

DEV. Deviant Coin, Innovative Anonymity. A PoS/Masternode cr yptocurrency developed with POS proof of stake.

Smalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold

Table of contents. Technical Features. Our approach. Technical Overview. Stage 1 (Using Ethereum blockchain) Participants. Data Owner.

Cryptography and Cryptocurrencies. Intro to Cryptography and Cryptocurrencies

Reliability, distributed consensus and blockchain COSC412

LECTURE 2 BLOCKCHAIN TECHNOLOGY EVOLUTION

A Public Database for the Planet

BaFin-Tech 2018 BlockChain & Security (from #developerview)

Blockchain and Additive Manufacturing

Key Security Issues for implementation of Digital Currency, including ITU-T SG17 activities

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Introduction to Bitcoin I

International Journal of Computer Engineering and Applications, Volume XIII, Issue II, Feb. 19, ISSN

Blockchain (a.k.a. the slowest, most fascinating database you ll ever see)

Blockchain Frameworks

Bitcoin. CS6450: Distributed Systems Lecture 20 Ryan Stutsman

Hyperledger Quilt and Interledger Protocol. Nathan Aw - Technical Ambassador Edmund To - Organizer of Hyperledger Meetup Hong Kong

Blockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini

Biomedical Security. Some Security News 10/5/2018. Erwin M. Bakker

Data Consistency and Blockchain. Bei Chun Zhou (BlockChainZ)

Security Analysis of Bitcoin. Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula

AIM Enterprise Platform Software IBM z/transaction Processing Facility Enterprise Edition 1.1.0

Using Blockchain for Consent and Access to Private and Sensitive Data in the GDPR Environment

Detecting Insider Attacks on Databases using Blockchains

Whitepaper Rcoin Global

ISSUSE AND FEATURES TO CONSIDER WHEN SELECTING A BLOCKCHAIN SYSTEM. Find us at

Analyzing Bitcoin Security. Philippe Camacho

BlockFin A Fork-Tolerant, Leaderless Consensus Protocol April

SOME OF THE PROBLEMS IN BLOCKCHAIN TODAY

Physical Access Control Management System Based on Permissioned Blockchain

Bitcoin, Security for Cloud & Big Data

Alternatives to Blockchains. Sarah Meiklejohn (University College London)

BYZANTINE CONSENSUS THROUGH BITCOIN S PROOF- OF-WORK

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

What s new under the blockchain sun. HYPERLEDGER FABRIC AND A SHORT SURVEY OF INTERLEDGER. DIDIER PH MARTIN, PHD.

DisLedger - Distributed Concurrence Ledgers 12 August, 2017

Next Paradigm for Decentralized Apps. Table of Contents 1. Introduction 1. Color Spectrum Overview 3. Two-tier Architecture of Color Spectrum 4

Bitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January Keeping Current 1

Blockchain & Distributed Internet Infrastructure

Biomedical Security. Cipher Block Chaining and Applications

Principals of Blockchain technology - Digital Business Ecosystem Kick of meeting Helsinki

The Blockchain. Josh Vorick

Lecture 3. Introduction to Cryptocurrencies

Introduction to Cryptocurrency Ecosystem. By Raj Thimmiah

Blockchain Certification Protocol (BCP)

Yada. A blockchain-based social graph

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Unblockable Chains. Is Blockchain the ultimate malicious infrastructure? Omer Zohar

Health Data & Blockchain: The New Sharing Frontier. Michael Dillhyon, CCO, Graftworx

B2B Marketplace Platform

GENESIS VISION NETWORK

REM: Resource Efficient Mining for Blockchains

EECS 498 Introduction to Distributed Systems

Let's build a blockchain!

Security (and finale) Dan Ports, CSEP 552

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Transcription:

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016

Blockchain systems Introduced in 2008 [Bitcoin08] Open to be used by anyone Decentralized networks to decide on the order & validity of transactions that are announced in it Blockchain/ of announced & validated transactions Mechanism/protocols to extend the ledger Occasionally, with their own currency (e.g., BTC, ETHER) Emerging: Integrated in multiple businesses around the globe Market sizes of Billions USD An ecosystem established around them

Blockchain systems: concepts of interest Transaction End-user Alice Client Validating Entities 3 Transaction definition Blockchain / data structure Participant identities Underlying agreement (aka consensus) protocol Motivation mechanisms for proper functionality of the system

Blockchain systems: the example of Bitcoin Transaction End-user Alice Client Validating Entities 4 Transactions are payment transactions Users and validating peers are the same set Clients use self-generated pseudonyms Miners vote with their computing power the executed result Motivation for good behavior through the generation of BTC coins

Blockchain systems: the example of Ethereum Transaction End-user Alice Client Validating Entities 5 Transactions can include any type of code, smart contract Smart contracts & result are added to the Blockchain Users and validating peers are the same set Clients use self generated pseudonyms Miners vote with their computing power Motivation for good behavior through the generation of ETHER coins

Blockchain for enterprise?

Problem: Electronic networks that transfer the ownership of assets between parties according to business rules are inefficient, expensive and vulnerable. Party A s Records Hack Counter-party records API-integrations Bank records Party C s Records Auditor records Party B Records System integrations grow x(x-1) with each additional party x

Solution: Blockchain networks simpler; no centralized control points; spread risk = lowered costs; hardened inside (not just at the perimeter). Party A Counter-parties All Parties have Replicated Banks Can still have private permissioned network Party C Consensus Algorithm Prevents Double-spend Digitally Signed / Encrypted Transactions & Auditors Party B

Blockchain: all we need! Shared replicated ledger: a peer-to-peer append-only transaction database that is replicated and shared across organizational boundaries/legal entities Embedded crypto layer: supporting secure authenticated verifiable multi-party transactions via tokenization, digital identity, digital signatures, and other Business rules (evolving to Smart Contracts): ability to specify business logic, embed it in the transaction database, and couple execution of the logic with transaction processing Business rules derived from contracts trigger actions & workflows Org A Org B Multi-party contracts defined around shared state & state changes Secure authenticated updates to shared state Replicated shared state Org C Org D

Benefits of Blockchain Reduce costs and complexity Automate trusted processes Improve discoverability Ensure trusted record-keeping "Over decades banks and other firms have built systems for themselves... and then a collection of processes has emerged between the banks... to make sure these systems are kept synchronized and are reconciled with each other." "With shared or distributed ledgers perhaps we can imagine a world where participants share this infrastructure, so rather than everyone running their own systems that have to be reconciled, we can have... an open platform that multiple firms can connect to. R. G. Brown

Blockchain: How to decide whether to use it? Very high Performance, (sub)millisecond Transactions? Are You Managing Contractual Relationships? Does Identity Matter? Does This Require a Market Approach? No Yes 1 Yes Yes Yes Are you working with Complex Business Logic? Do You Need to Keep Your Transactions Private? Does it Require Greater Than Two Parties? No Yes 4 Yes 2 Yes Yes Are You Looking to Reduce Costs? Consider Alternative Approaches Let s Talk Yes 3 No Are You Looking to Improve Discoverability? 1 By design, no one party can modify, delete, or even append any record without consensus, making the system useful for ensuring the immutability of contracts and other legal documents. Smart contracts aim to provide security superior to traditional contract law and to reduce other transaction costs associated with contracting. When everyone on an exchange can view the same ledger, it is easy to broadcast an intention (or offer) by appending it. For example, in a trading network, all ask and bids would be visible to every network participant. 2 3 4 Blockchain networks allow each participant to create customized solutions using their own proprietary business logic while running on the same common ledger. 1 1

Enterprise blockchain? Not quiet there yet Strong identity management Auditable user-behavior Accountability of individual users and validating entities Transactional privacy of blockchain users Anonymity & unlinkability of transactions of the same user Confidentiality of the contract to be executed w.r.t. validating entities Access control in contract invocation Scalability & performance Proof-of-work systems need to be substituted by something more energy-efficient Need to sustain large number of transactions per time unit Scale to large number of nodes Support for auditing 12

Open(-sourced) Blockchain: Enterprise Blockchain born within IBM One of Hyperledger candidates

Hyperledger-fabric model Permission Issuer Transaction (defining contracts) End-user Alice Client Transaction (invoking contracts) Validating Entities End-user Bob Client 14 Permissioned system Transactions can implement arbitrary (business) logic via chain-codes Distinct roles of users, and validators Users deploy chaincodes and invoke them through deploy & invoke transactions Validators evaluate the effect of a transaction and reach consensus over the new version of the ledger = total order of transactions + hash (global state) Pluggable consensus protocol, currently PBFT & Sieve

Security & privacy features Privacy of userparticipation Each user has control over the degree to which its transaction activity will be shared with its environment Contract Privacy Contract logic can be confidential, i.e., concealable to unauthorized entities Accountability Non-repudiation Users can be accounted for the transactions they create, cannot frame other users for their transactions, or forge other users transactions. Auditability Auditors are able to access & verify any transaction they are legally authorized to 15

Security and privacy mechanisms Privacy of userparticipation Contract Privacy Membership Services { Auditable mechanisms to grant users credentials to (anonymously) authenticate their transactions and secure their connection to the network. Accountability Non-repudiation Auditability Contract Confidentiality Mechanisms { Auditable mechanisms to enable users to conceal their contracts and associated transactions to unauthorized nodes, while guaranteeing correctness. 16

Adversarial model Membership Management Transaction (defining contracts) End-user Alice Client Validating Entities End-user Bob Client Transaction (invoking contracts) Permission issuer / membership service is assumed honest Users: - have access to raw ledger data - may try to escalate their read/invoke access rights Validators: Up to f number of byzantine nodes All entities assumed trusted to not reveal confidential information that are given access to. 17

Membership Membership auditors End-user Client Validating Entities Anonymous credentials User registration Nominal credential Membership Management registration Nominal credential Users prove identity and issue two types of credentials Transaction certificates (anonymous) Enrollment certificates (nominal) s only issue enrollment certificates Nominal credentials contain encryption & signing keys Auditors can audit certificates and ownership 18

Working towards user & contract privacy Transactions Nominal, visible only to validating entities End-user Alice Client Anonymous, visible only to validating entities & Bob Validating Entities Client End-user Bob Contracts can be encrypted such that decryption is possible only by the validating entities and potentially authorized users Audit of Bob s contracts Contract & system auditors Audit of ledger s contracts Auditing through proper key distribution at: system level, i.e., all system transactions user level, i.e., a user s transactions contract level, i.e., contracts messages 19

Other contract security considerations Transaction unforgeability: an attacker should not be able to alter (forge) the content of other user transactions - Guaranteed through the unforgeability of digital signatures (membership services) Non-repudiation/impersonation attack: an attacker should not be able to claim ownership of other user transactions or frame other users for her transactions through security of digital signatures (membership services) through transaction bindings to bind application security to the platform Replay attack protection: an attacker should not be able to replay Blockchain transactions and affecting system state (replay attack protection) through transaction nonces optimized via the use of anonymous certificate expiration 20

Future directions / online discussions Not all pieces are there yet Hyperledger/fabric evolves as a community effort https://github.com/hyperledger/fabric/ Hot topics: Separating chaincode execution & consensus Extend confidentiality features to extend to validating entities/endorsers Decentralization of membership services / high availability of membership services 21

Overview Blockchain systems Blockchain security requirements for enterprise Hyperledger/fabric: A security and privacy perspective Thank you for your attention! lli@zurich.ibm.com 22

Contract access management Contract resources are accessible only to authorized parties Contract resources: Prototypes of contract-functions Contract content Contract state Contract activity Contract invocation accessible : authorization to read (read access) requires trust to not reveal confidential info granted to users or validators fine-grained submit transactions to (invocation access) granted to users Privacy-preserving by leveraging our membership services infrastructure Use of (anonymous) signing keys in (transaction) enrollment certificates for authentication Use of (anonymous) encryption keys for read access 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback