Data
Reader small image

You're reading from  Blockchain with Hyperledger Fabric - Second Edition

Product typeBook
Published inNov 2020
PublisherPackt
ISBN-139781839218750
Edition2nd Edition
Concepts
Blockchain
Right arrow
Authors (6):
Nitin Gaur
Nitin Gaur
author image
Nitin Gaur

Nitin Gaur, is the director of IBM's Blockchain Labs, and an IBM Distinguished Engineer.
Read more about Nitin Gaur

Anthony O'Dowd
Anthony O'Dowd
author image
Anthony O'Dowd

Anthony O'Dowd is a Distinguished Engineer at IBM, focusing on Blockchain. He led IBM's contribution to the design and development of the new smart contract and application SDKs found in Hyperledger Fabric v2. Anthony has also made significant contributions to Hyperledger Fabric documentation and samples.
Read more about Anthony O'Dowd

Petr Novotny
Petr Novotny
author image
Petr Novotny

Petr Novotny is a research scientist at IBM Research, with an MSc from University College London and PhD from Imperial College London, where he was also a post-doctoral research associate.
Read more about Petr Novotny

Luc Desrosiers
Luc Desrosiers
author image
Luc Desrosiers

Luc Desrosiers is an IBM-certified IT architect with 20+ years of experience.
Read more about Luc Desrosiers

Venkatraman Ramakrishna
Venkatraman Ramakrishna
author image
Venkatraman Ramakrishna

Venkatraman Ramakrishna is an IBM researcher, with a BTech from IIT Kharagpur and PhD from UCLA.
Read more about Venkatraman Ramakrishna

Salman A. Baset
Salman A. Baset
author image
Salman A. Baset

Dr. Salman A. Baset is the CTO of security in IBM Blockchain Solutions.
Read more about Salman A. Baset

View More author details
Right arrow

Hyperledger Fabric Security

Hyperledger Fabric has a modular architecture. It has been designed to allow a known set of actors to participate and perform actions in a blockchain network (the so-called permissioned blockchain). Due to its modular nature, it can be deployed in many different configurations. The different deployment configurations of Hyperledger Fabric have varying security implications for the operator of the network, as well as its users.

At its core, Hyperledger Fabric is a public key infrastructure (PKI) system, and thus it inherits the security (and complexity) associated with such systems. At the time of writing this book, Hyperledger Fabric 2.1.1 has been released.

The security aspects of designing and implementing a blockchain network have been discussed in earlier application chapters; here, we intend to give a broader as well as a more in-depth view of security.

We will be covering the following topics in this chapter:

  • Design goals impacting...

Hyperledger Fabric design goals impacting security

To understand the security of Hyperledger Fabric, it is important to state the key design goals that impact security:

  • Existing members should determine how to add new members to the network: The admission of new entities (members or organizations) to a Hyperledger Fabric-based network must be agreed upon by existing entities in the network. This principle is at the foundation of creating a permissioned blockchain. Instead of allowing any entity to download software and connect to a blockchain network without any verification, the current members in a Hyperledger Fabric-based blockchain network must agree upon a policy to admit new members (such as by majority vote). This policy is then enforced by the underlying mechanisms of Hyperledger Fabric. Upon the successful verification of such an admission policy, the digital credentials of a new member can be added to an existing network.
  • Existing members should determine...

Hyperledger Fabric architecture

The Hyperledger Fabric architecture for N participating organizations is illustrated in the following screenshot. An organization is a business entity that participates in a Hyperledger Fabric-based permissioned blockchain network and deploys the Hyperledger Fabric infrastructure such as peers, ordering nodes, smart contracts, and membership service providers.

In this section, we will describe this architecture in more detail from a security viewpoint:

Figure 14.1: Hyperledger Fabric architecture

Fabric CA or membership service provider

The membership service provider (MSP) is responsible for creating digital identities for peers and users of a participating organization, validating identities, and is configured based on the root certificates and CRLs of one or more X.509 CAs. Fabric Certificate Authority (Fabric CA) is the recommended CA server for Fabric deployments, but it is possible to use other CA architectures, or even public...

Network bootstrap and data governance: the first step toward security

When organizations decide to form a permissioned private blockchain network using Hyperledger Fabric, they need to consider several governance aspects that will ultimately determine the overall security posture of the Hyperledger Fabric-based network. These governance aspects include, but are not limited to, the items discussed in this section.

Bootstrapping the network with known members

Bootstrapping the network is the first step in creating a Hyperledger Fabric-based blockchain network. The network typically represents the existing or new business relationships between the participating organizations. The organizations responsible for creating the network are typically known to each other through existing business relationships and have a lot of say in the purpose of the network, such as:

  • Sharing data
  • Defining the data schema to be shared among participants
  • Establishing governance...

Strong identities: the key to the security of the Hyperledger Fabric network

Strong identities are at the heart of Hyperledger Fabric security. Creating, managing, and revoking these identities is critical to the operational security of Hyperledger Fabric-based deployment. The identities are issued and validated by an MSP. As shown in the previous Hyperledger Fabric architecture diagram, one logical MSP is typically associated with one peer. An MSP can validate any appropriate cryptographically signed identities. Hyperledger Fabric ships with a default MSP (Fabric CA), which issues X.509 certificates to the authenticated entities.

Bootstrapping Fabric CA

Fabric CA can be configured with an Lightweight Directory Access Protocol (LDAP) server or run in standalone mode. When running in standalone mode, it must be configured with a bootstrap identity that gets stored in its backend database. By default, a SQLite database is used, but for production usages, a PostgreSQL or MySQL...

Smart contract security

In Hyperledger Fabric, as indicated previously, smart contracts (chaincodes) can be written in Go, Java, or JavaScript. The smart contract must be installed on a peer and then explicitly instantiated.

When instantiated using the docker builder command, each smart contract is built and then launched in its own Docker container. Starting with version 2.0, external builders can be utilized to build and run smart contracts without requiring a Docker daemon.

When running the smart contract inside a Docker container, it is important to understand what access this container may have to the network. If care is not taken in carefully reviewing the smart contract before it gets installed on the peer, and in isolating the network access for that smart contract, it could result in a malicious or misconfigured node probing or attacking the peer attached to the same virtual network.

How is a smart contract shared with other endorsing peers?

Starting in Fabric...

Common threats and how Hyperledger Fabric mitigates them

Hyperledger Fabric provides protection against some of the most common security threats and assumes that a participating organization (node operator) will manage the threats inherent in running such a system, while at the same time introducing new attack vectors inherent in data sharing and governance. In the following table, we will summarize the most common security threats, whether Hyperledger Fabric addresses them and how, or whether it is the responsibility of a node/network operator to address them:

Hyperledger Fabric and quantum computing

Hyperledger Fabric uses elliptic curve cryptography for digitally signing transactions. Elliptic curve cryptography relies on mathematical techniques that can be sped up using quantum computing (https://en.wikipedia.org/wiki/Post-quantum_cryptography). However, Hyperledger Fabric provides a pluggable cryptographic provider, which allows us to replace these algorithms for digital signatures with others. Moreover, according to the director of Information Technology Lab at NIST, the impact of quantum computing on the security of blockchain systems is at least 15 to 30 years from becoming a reality (https://www.coindesk.com/dc-blockchain-hearing-sees-call-for-congressional-commission/).

GDPR considerations

General data protection regulation (GDPR) (https://gdpr-info.eu/) is an EU law that defines how personal data is acquired, processed, and ultimately erased from a computing system. The definition of personal data in GDPR is quite broad—examples include names, email addresses, and IP addresses.

Blockchain, by design, creates an immutable, permanent, and replicated record of data. A blockchain network based on Hyperledger Fabric will obviously encompass these three properties. Thus, storing personal data on a blockchain network that cannot be deleted or modified can be challenging from the perspective of GDPR. Similarly, it is important to know with whom that personal data is shared.

The channel private data feature of Hyperledger Fabric provides a mechanism for determining the entities with which data is shared. In the case of channel private data, the data is never stored on a blockchain, but its cryptographic hashes are stored on the chain. Through...

Summary

In this chapter, we first covered design goals of Hyperledger Fabric that are tied to security. We then described key concepts that impact the security of Hyperledger Fabric-based networks, such as network bootstrap, data governance, strong identities, and smart contract security. We then dove into the common Hyperledger security threats and how Fabric mitigates them.

We also briefly looked at the impact of quantum computing on Hyperledger Fabric.

We ended our discussion with GDPR considerations. In the final chapter, we will be looking at the next steps in Hyperledger and where it is heading in the future.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 15 of 18
Next Chapter
You have been reading a chapter from
Blockchain with Hyperledger Fabric - Second Edition
Published in: Nov 2020Publisher: PacktISBN-13: 9781839218750
© 2020 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (6)

author image
Nitin Gaur

Nitin Gaur, is the director of IBM's Blockchain Labs, and an IBM Distinguished Engineer.
Read more about Nitin Gaur

author image
Anthony O'Dowd

Anthony O'Dowd is a Distinguished Engineer at IBM, focusing on Blockchain. He led IBM's contribution to the design and development of the new smart contract and application SDKs found in Hyperledger Fabric v2. Anthony has also made significant contributions to Hyperledger Fabric documentation and samples.
Read more about Anthony O'Dowd

author image
Petr Novotny

Petr Novotny is a research scientist at IBM Research, with an MSc from University College London and PhD from Imperial College London, where he was also a post-doctoral research associate.
Read more about Petr Novotny

author image
Luc Desrosiers

Luc Desrosiers is an IBM-certified IT architect with 20+ years of experience.
Read more about Luc Desrosiers

author image
Venkatraman Ramakrishna

Venkatraman Ramakrishna is an IBM researcher, with a BTech from IIT Kharagpur and PhD from UCLA.
Read more about Venkatraman Ramakrishna

author image
Salman A. Baset

Dr. Salman A. Baset is the CTO of security in IBM Blockchain Solutions.
Read more about Salman A. Baset

Other recommended products

Related to this chapter

Hands-On Blockchain with Hyperledger

Hands-On Blockchain with Hyperledger

With concrete exercises and examples this book will help you to understand how to deploy a Hyperledger Fabric network. It then proceeds to explain the steps in developing a full fledged decentralized application. You will not only learn how to plan, design and create private networks but also evolve the network as per organizational needs.

BookJun 2018460 pages
Hyperledger Cookbook

Hyperledger Cookbook

The book not only implements Hyperledger Fabric, but also shows you how to build and model a blockchain network with Composer. You will master several business blockchain technologies under the Hyperledger umbrella, including Sawtooth, Iroha, decentralized Identity Hyperledger Indy, and Ethereum smart contract machine Burrow etc.

BookApr 2019310 pages
Oracle Blockchain Services Quick Start Guide

Oracle Blockchain Services Quick Start Guide

Blockchain empowers enterprises to scale out in a unique way, allowing them to build and manage blockchain business networks. This book offers an exploration of distributed ledger technology, blockchain, and Hyperledger fabric along with blockchain-as-a-service (BaaS).

BookSep 2019350 pages
Blockchain Quick Start Guide

Blockchain Quick Start Guide

Blockchain technology is giving birth to new business models, inspiring communities to build economies on a decentralized network. This book will be your practical guide to get you up and running with concepts of building your very own Blockchain network. You will get a thorough understanding of how a decentralized network is built and deployed.

BookDec 2018222 pages
Blockchain Development for Finance Projects

Blockchain Development for Finance Projects

Blockchain technology will play a disruptive role in the banking and finance sector in the future. Experts estimate that it will save up to 20 billion dollars annually. You will build full-fledged financial applications using blockchain. It will aid you in building more secure and transparent workflows and re-engineering your business processes.

BookJan 2020530 pages
Blockchain across Oracle

Blockchain across Oracle

Blockchain across Oracle is a professional orientation for Oracle developers to get up to speed with the details and implications of the Blockchain across Oracle. Learn everything from Blockchain concepts, through to working with Oracle Blockchain Cloud Service, expert guidance on the effects of the Blockchain on key markets, and the impact to Oracle customers.

BookOct 2018530 pages
Securing Blockchain Networks like Ethereum and Hyperledger Fabric

Securing Blockchain Networks like Ethereum and Hyperledger Fabric

The adoption of blockchain for the value chain, insurance, and healthcare domain is flourishing. However, one of the key challenges faced in blockchain development is securing them. The book will cover essential architectural considerations, system and network security, various operational configurations to Ethereum and Hyperledger fabric network.

BookApr 2020244 pages
Learn Bitcoin and Blockchain

Learn Bitcoin and Blockchain

Blockchain and Bitcoin are currently the talk of the town. This book will start with an introduction to the fundamental concepts of Blockchain and it will take you through its various features and challenges. By the end of this book, you will learn to implement the Blockchain technology for securing your cryptocurrency.

BookAug 201894 pages
Blockchain By Example

Blockchain By Example

This book covers all the relevant concepts and phases of the blockchain development cycle. It will walk you through a step-by-step process to build three blockchain projects with differing complexity levels and hurdles. By the end of this book, you will be ready to tackle common issues in the blockchain ecosystem.

BookNov 2018528 pages
Foundations of Blockchain

Foundations of Blockchain

Blockchain technology is a combination of three popular concepts: cryptography, peer-to-peer networking, and game theory. This book is for anyone who wants to dive into blockchain from first principles and learn how decentralized applications and cryptocurrencies really work. Learn blockchain from first concepts to algorithms explained in Python.

BookJan 2019372 pages
Blockchain for Business 2019

Blockchain for Business 2019

Blockchain has the potential to change the world and has become the hottest field in the tech sector now. Blockchain for Business is a comprehensive guide that enables you to fully understand the far-reaching applications beyond Bitcoin and empowers you to make fully-informed decisions.

BookJan 2019258 pages
Hands-On Cybersecurity with Blockchain

Hands-On Cybersecurity with Blockchain

Despite the growing investment in cybersecurity, modern attackers manage to bypass advanced security systems. Blockchain and Hyperledger architecture provide a safer way of avoiding such attacks. This book will help you build blockchain-based apps for DDoS protection, PKI-based identity platform, Two-factor authentication and DNS Security platform.

BookJun 2018236 pages

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages

Threat

Description

Hyperledger Fabric

Network/Node Operator

Spoofing

Use of a token or other credential to pretend to be an authorized user, or to...