By Anna Shugol, Blockchain IT specialist, zChampion, IBM
Blockchain is a cutting-edge technology, streamlining business processes, removing intermediaries, reducing fraud, risk and time to bring new offerings to the market.
The Hyperledger Project, an open source blockchain framework developed under the governance of the Linux Foundation, took all this into consideration and released Hyperledger Fabric platform (here, the “Fabric”). The Fabric offers a wide range of cryptography services, aimed at arming blockchain solution developers with capabilities to build secure blockchain applications.
In article one we focused on Hyperledger Fabric’s security aspects through the prism of Pervasive Encryption. In part two, we introduce the blockchain platform—Hyperledger Fabric1 and its key components from the perspective of Pervasive Encryption2.
The Hyperledger Fabric (here, the “Fabric”) is an open source blockchain framework developed under the governance of the Linux Foundation. Pervasive Encryption for IBM Z®3 was introduced in 2017 by IBM to help enterprises in creating dynamic, armoured and protected operational environments.
Pervasive Encryption can be implemented to complement and enforce the Fabric’s existing cryptographic services, accelerating blockchain cryptography operations, and provide a bullet-proof secure execution environment for blockchain applications.
Hyperledger Fabric Security Aspects
Isolation, encryption, protection, privacy, confidentiality: these are the fundamental requirements of any blockchain solution. Whether the business solution supports a food safety platform, a stock exchange trading system, or a medical record tracking solution, it must operate with sensitive data, and requires the highest standards of security and adherence to industry regulations, and the Hyperledger Fabric platform helps satisfy these requirements.
The Hyperledger Project is constantly evolving, with more than 170 members—software and hardware vendors, banks and insurance companies, retailers, other blockchain consortiums etc. Unlike Bitcoin (arguably the most well-known blockchain platform), Hyperledger Fabric does not operate with cryptocurrencies. However, the technologies share a common heritage in blockchain.
Where the Fabric surpasses other projects is how it provides the whole range of capabilities to architect, design and develop production-ready blockchain solutions. That said, the Fabric must still be secured. The Fabric’s security considerations are:
- Privacy and Access control;
- Strong identity management;
- Authorized execution;
- Accountability and non-repudiation;
- Compliance with existing crypto protocol and standards.
In a Hyperledger Fabric, blockchain network identities of all participants are known. This reflects the usual way of conducting business, in that parties know each other; for example, financial consortiums, retail networks, etc. The Fabric’s security module allows other participants to verify that someone’s identity has not been compromised or stolen.
Identity management is extremely important, due to the scope of privileges in the Fabric. This is based on Role-Based Access Control (RBAC): mechanisms conceal logic and data from non-authorized parties. Permission to execute certain operations is granted depending on the participant’s role in the blockchain. The transactions that participants exchange cannot be anonymous; all entities are accounted for; and transactions cannot be forged. And, based on the conditions in the Smart Contract, transactions may require approval of the majority (if not unanimously) of participants.
At the same time, there is a focus on privacy around operational data, to exclude the possibility of exposing private business data outside of the network or to other blockchain participants. In the latest version of the Fabric, channels were introduced to separate and isolate the data (transactions, ledger) and communications between the network participants. The encryption of channels is possible with an additional development effort.
The Hyperledger Fabric provides mechanisms and functions to satisfy these security requirements by providing the following components with every Fabric release: MSP (Membership Services Provider) and BCCSP (Blockchain Crypto Services Provider).
MSP abstracts cryptographic mechanisms and protocols behind issuing and validating user certificates, and user authentication. An MSP may define their own notion of identity, and the rules by which those identities are governed (identity validation) and authenticated (signature generation and verification). Hyperledger Fabric-CA (Certificate Authority), a component that comes with Fabric, provides public key infrastructure operations and functions.
BCCSP offers implementation of cryptographic algorithms and standards. MSP and BCCSP were designed to support plugability, which allows blockchain developers to use other cryptographic interfaces without the need to change the Fabric’s core code.
It’s important to underline that, despite this wide range of cryptographic functions and mechanisms that are included with the Fabric, the information architects and developers should not rely on it alone. While the Fabric provides the cryptographic interfaces and services, it is up to developers to fully design and implement them.
The encryption of critical Fabric components—ledger and transactions—has shifted towards being the developers’ responsibility since the release of the recent Fabric version (v1.0). This approach offers more flexibility to tailor the infrastructure. On the other hand, this means developers may introduce a potential vulnerability if cryptographic services have not been properly implemented.
Pervasive Encryption and Blockchain
Pervasive Encryption is aimed at providing an end-to-end secure infrastructure, and is a natural fit for blockchain applications, leaving none of the components unprotected.
The concept of Pervasive Encryption was introduced with the latest IBM z14 platform announcement, delivering an outstanding combination of hardware and software cryptographic enhancements.
A Fabric’s BCCSP can transparently use IBM Z’s cryptographic hardware to accelerate numerous blockchain crypto operations: encryption, hashing, digital signing, authentication, and verification.
The IBM Z Crypto Express 6S features provide the environment with a FIPS 140-2 Level 4-compliant tamper-proof secure key infrastructure. With the next release of the Fabric (v.1.1) it will be possible to use an HSM (Hardware Security Module) for storing private keys—and Crypto Express cards are HSMs. The recent generation of cards allow double asymmetric encryption acceleration for TLS handshakes.
At the same time, it’s important to protect the whole blockchain infrastructure itself, as a single object, and provide a secure environment for protecting all components—the peers, the ledger, the state database, all internal communications, channels, and smart contracts (chaincode). Selective encryption, which has been the traditional approach, requires investigating and classifying the data, and applying security measures separately to each defined perimeter (e.g., for the data residing on disks, for the network traffic etc.) However, the very moment the data leaves the designated perimeter it is exposed.
Pervasive Encryption has a data-centric approach, enabling customers to protect 100% of their data: databases, file systems, files and datasets. Blockchain applications can benefit from the end-to-end encryption of data, for both data-at-rest (e.g., the ledger stored on the disk) and data-at-flight (e.g., transactions and peers’ communication).
The IBM Secure Service Container (SSC) provides an encrypted, isolated, and trusted runtime for deploying the blockchain infrastructure. SSC completely conceals the Fabric's data and prevents non-authorized access—both from inside and outside threats.
The SSC appliance, which is a combination of IBM Z hardware and various software components, is secured from creation in a trusted firmware boot sequence before the software deployment. The appliance is made tamper-resistant during the installation and runtime. After the appliance is built, it can be accessed only by remote APIs.
End-to-end data encryption with a protected key and secure key guarantees additional level of security and meets FIPS 140-2 level 4 standard. The Fabric peers, channels, ordering services and Fabric-CAs belonging to the same blockchain network can be hosted within a single or multiple SSCs, leveraging protected memory, protected process execution, accelerated crypto operations and end-to-end data encryption.
Client applications will be transparently accessing the Fabric via APIs (that can be configured with HTTPS and TLS). Pervasive Encryption can complement the Fabric’s inherent security model; while the encryption of the ledger, transactions and channels is not implemented by default and requires some development effort, this end-to-end approach can be used to provide a bullet-proof solution. The deployment of the Fabric applications inside the secure and tamper resistant SSC appliances, as well as HSM support, add an additional level to the security of the whole infrastructure.
This 360-degree approach builds a foundation of digital trust for the Fabric. It accelerates blockchain development and deployment, and it will become a key driver for production readiness, allowing organizations to rapidly produce new solutions and lead the market.
Will the Pervasive Encryption become the ultimate ‘slam dunk’ when it comes to choosing the blockchain platform? It certainly has the potential to do so.
- Hyperledger Fabric: http://hyperledger-fabric.readthedocs.io/en/latest/
- Hyperledger Fabric documentation: http://hyperledger-fabric.readthedocs.io/en/latest/
- IBM Pervasive Encryption https://www-304.ibm.com/servers/resourcelink/svc00100.nsf/pages/zOSV2R3izsp100?OpenDocument