By Anna Shugol, IBM Blockchain IT specialist, zChampion
Blockchain is without a doubt cutting-edge technology, streamlining business processes, removing intermediaries and reducing fraud, risk and time to bring new offerings to the market. It is changing the way business is done across many industries, including public, healthcare, financial, retail and manufacturing.
The main concept of blockchain is rooted in the fact that, in business, parties conducting a transaction cannot fully trust each other. No business wants to be exposed to a security breach. Trust is a solid foundation for attracting customers and their businesses, ensuring that their data will be always kept private and protected. Digital trust can be easily gained; however, it can be lost even faster.
Like every new technology, blockchain brings new ideas not just to developers, but to cyber criminals as well. Stealing identities, compromising credentials, revealing transaction contents – these are well-known examples of security breaches which led to enormous fines and reputational losses.
The Hyperledger Project1, an open source blockchain framework developed under the governance of the Linux Foundation2, took all this into consideration and released Hyperledger Fabric platform (here, the “Fabric”). The Fabric has a wide range of cryptography services, aimed at arming blockchain solution developers with capabilities to build secure blockchain applications.
At the same time, the blockchain infrastructure requires end-to-end protection of all blockchain resources and sensitive customer data, guaranteeing compliance with security and industry standards, while meeting performance SLAs.
Pervasive Encryption for IBM Z®3 was introduced in 2017 by IBM to help enterprises in creating dynamic, armored and protected operational environments. The goal of Pervasive Encryption is to adhere automatically to the latest security standards for IT environments without additional cost, or the need for a complicated configuration change.
Pervasive Encryption can be implemented to complement and enforce the Fabric’s existing cryptography services, accelerating blockchain cryptography operations, and by providing a bullet-proof secure execution environment for blockchain applications, winning customers’ trust.
Let’s focus on Hyperledger Fabric’s security aspects through the prism of Pervasive Encryption.
Blockchain: Trust and Compliance
The surge of recent blockchain projects demonstrates the scale of growth; cross-border payments system, trade finance for a consortium of the biggest European banks, digital identity for governments, and much more. This is because the introduction of a blockchain technology allows businesses to remove intermediaries, cut the costs of operations, and bring innovative solutions to the market to gain a leadership position.
This rapid growth imposes strict requirements for blockchain solutions. They must automatically provide data protection, isolation, and confidentiality for the blockchain participants and their data. Medical records, transactions content and banking client data are all examples of sensitive information, where the protection needs to be native, and not bolted on later.
How does blockchain provide native security? In any blockchain solution, there are components that interfere with private data:
- The Ledger
- Smart Contracts (also known as a “chaincode”)
The ledger is the most foundational part of the blockchain solution. In essence, it is a book of transactions, and every participant of a blockchain network has its copy. This is key, as all participants have nearly instantaneous access to the current state of a ledger, which streamlines business processes and results in efficiency and speed. The ledger is immutable, append-only filesystem, without an option to delete the information that has already been stored. This peculiarity fundamentally distinguishes blockchain from any other technology, introducing traceability, immutability and provenance capabilities.
At the same time, the ledger contains private corporate data and requires protection – encryption – and businesses will want to limit the types of data that can be shared with other participants. This creates a requirement of a permissioned replicated ledger, where access to the ledger will be based on a participant’s role.
Smart contracts define business terms and conditions, which must be kept private and not be exposed publicly or to a competitor. They require a similar level of encryption and protection to the ledger. They encapsulate business logic and rules in a programming code that can be executed automatically if a transaction meets the requirement – no human interaction needed.
Blockchain participants, ledger, smart contracts, transactions – all these components require encryption, privacy, isolation and confidentiality.
Almost every blockchain platform has capabilities to provide encryption, access control and data protection. However, the cryptography services that are inherent in a blockchain platform do not provide end-to-end protection. Some additional development is still required. When a blockchain project moves into a production-ready state, it is not sufficient to rely only on the blockchain platform’s inherent security capabilities. The whole blockchain infrastructure must be fully protected and be compliant with industry regulatory standards.
The traditional encryption approach classifies the data based on its origin (in the filesystem or in memory) and suggests treating these perimeters separately. The moment the data leaves the perimeter, for example, being transferred from disk to tape, it immediately becomes unprotected.
IBM introduced Pervasive Encryption to address this problem: providing end-to-end capabilities to protect any application’s sensitive data, regardless of origin, whether this is data at-rest or in-flight. Pervasive Encryption transforms data by protecting it throughout its lifecycle.
The concept of the Pervasive Encryption can be applied to blockchain solutions, too – complementing and enforcing Hyperledger Fabric platform cryptography capabilities and services.
In part two of this series we will examine the security aspects of the Fabric and how Pervasive Encryption approach can be applied to build secure and bullet-proof blockchain infrastructure environment.
- Hyperledger Project: https://www.hyperledger.org/
- Hyperledger Fabric documentation: http://hyperledger-fabric.readthedocs.io/en/latest/
- IBM Pervasive Encryption FAQ: https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSQ03116USEN