Cybersecurity Threats and Cybersecurity Best Practices
An introduction to blockchain and hyperledger v ru
1. An Introduction to Blockchain and
Hyperledger
Lennart Frantzell
IBM Developer Advocate
San Francisco
alf@us.ibm.com
V1.2 February 1 2019
Blockchain Explored Series
IBM Blockchain Platform Explored
Fabric Explored
Composer Explored
What’s New
Architectures Explored
5. 5
Breaking News: Hyperledger Fabric Now Supports
Ethereum Smart Contracts
• Enterprise blockchain Hyperledger Fabric has introduced support for Ethereum smart contracts. Fabric is designed
to be modular with four main components. These are the main ledger, the consensus mechanism, identity
management, and smart contracts called chaincode. The latest announcement provides an alternative to chaincode.
• Ethereum’s large pool of developers are comfortable with its Solidity smart contract language, so the integration
should make Fabric more appealing to Ethereum developers. Additionally, many coders use Web3 a Node.js set of tools to
build Ethereum decentralized apps (Dapps). By integrating with the EVM, these developers can work with Fabric and
even migrate smart contracts and Dapps over to Hyperledger Fabric.
• https://www.ledgerinsights.com/hyperledger-fabric-integrates-ethereum-smart-contracts-evm-blockchain/
6. 6
Business networks, wealth and markets
• Business Networks benefit from connectivity
– Participants are customers, suppliers,
banks, partners
– Cross geography and regulatory boundary
• Wealth is generated by the flow of goods and
services across business network in transactions
and contracts
• Markets are central to this process:
– Public (fruit market, car auction), or
– Private (supply chain financing, bonds)
7. 7
Transferring assets, building value
Anything that is capable of being owned or controlled to produce value, is an asset
Two fundamental
types of asset
Intangible assets
subdivide
Cash is also
an asset
• Tangible, e.g. a house
• Intangible, e.g. a mortgage
• Financial, e.g. bond
• Intellectual, e.g. patents
• Digital, e.g. data
• Has property of anonymity
8. 8
Ledgers are key
Ledgers are THE system of record for a business.
Businesses will have multiple ledgers for the multiple
business networks in which they participate.
• Transaction: an asset transfer onto or off the ledger
– John gives a car to Anthony (simple)
• Contract: the conditions for a transaction to occur
– If Anthony pays John money, then car passes
from John to Anthony (simple)
– If car won't start, funds do not pass to John (as
decided by third party arbitrator) (more
complex)
13. 13
… with consensus, provenance, immutability and finality
Bank
records
Participant
B’s records
Auditor
records
Regulator
records
Blockchain
Insurer
records
Participant
A’s records
A shared, replicated, permissioned ledger …
No trusted
third party,
No need
for reconciliation
14. 14
Security: Public vs. private blockchains
• Some use-cases require anonymity, others require privacy
– Some may require a mixture of the two, depending on the characteristics of each participant
• Most business use-cases require private, permissioned blockchains
– Network members know who they’re dealing with (required for KYC, AML etc.)
– Transactions are (usually) confidential between the participants concerned
– Membership is controlled
• For example, Bitcoin
• Transactions are viewable by
anyone
• Participant identity is more
difficult to control
Public blockchains Private blockchains
• For example, Hyperledger
Fabric
• Network members are known
but transactions are secret
15. 15
Security: Real-world vs. digital identity
CA
CA
R
U
U
• Consider real-world identity documents…
– The issuers of the identity documents are trusted third
parties (e.g. passport office)
– There is usually a chain of trust (e.g. to get a bank card
you need a drivers license or passport)
– Identity documents are often stored in wallets
• In the digital world, identities consist of public/private key pairs
known as certificates
– Identity documents are issued by trusted third parties
known as Certificate Authorities (CAs)
• Private blockchain networks also require CAs
– So network members know who they’re dealing with
– May sit with a regulatory body or a trusted subset of
participants
16. 16
Security: Encryption and Signing
• Cryptography basics
– Every member of the network has (at least) one public key and one private key
– Assume that every member of the network knows all public keys and only their own private
keys
– Encryption is the process applying a transformation function to data such that it can only be
decrypted by the other key in the public/private key pair
– Users can sign data with a private key; others can verify that it was signed by that user
• For example
– Alice can sign a transaction with her private key such that anyone can verify it came from her
– Anyone can encrypt a transaction with Bob’s public key; only Bob’s private key can decrypt it
• In private, permissioned blockchains
– Transactions and smart contracts can be signed to verify where they originated
– Transactions and their payloads can be encrypted such that only authorized participants can
decrypt
17. 17
Introducing a trusted oracle
• The architectural approach described in the previous section provides a reliable
means to externalize complex decision rules. However, in the case of volatile
information (such as interest rate), how can you reliably enrich a smart contract with
such information?
• One possibility is to delegate this responsibility to the client application: The client
application retrieves the current interest rate and includes it in its payload to the
smart contract. But why would the network trust the client application to always
provide such information reliably and accurately? Hence, instead of delegating this
responsibility to the client application, a better option is to:
• Delegate the processing for obtaining volatile information to a third-party known as
the oracle
• Deterministically agree on the value to use for a volatile piece of information
https://developer.ibm.com/articles/cl-extend-blockchain-smart-contracts-trusted-oracle/
20. 20
Pluggable Consensus
• https://www.slideshare.net/MattLucas3/blockchain-whats-new-in-hyperledger-fabric-oct-2018
• https://www.slideshare.net/HoreaPorutiu/using-blockchain-to-increase-supply-chain-transparency?qid=c095a0f0-6de6-
43cb-8597-6a1ffccc0d52&v=&b=&from_search=3
• https://www.slideshare.net/MattLucas3/blockchain-whats-new-in-hyperledger-fabric-oct-2018
• This modular architecture allows the platform to rely on well-established toolkits for
CFT (crash fault-tolerant) or BFT (byzantine fault-tolerant) ordering.
• In the currently available releases, Fabric offers a CFT ordering service implemented
with Kafka and Zookeeper. Kafka is fault tolerant, but not Byzantine fault tolerant
• In subsequent releases, Fabric will deliver a Raft consensus ordering service
implemented with etcd/Raft and a fully decentralized BFT ordering service.
21. 21
The Ledger, Blockchain and World State Database
https://hyperledger-fabric.readthedocs.io/en/release-1.4/ledger/ledger.html#example-ledger-fabcar
world state – a database that holds a cache of
the current values of a set of ledger states.
The world state makes it easy for a program
to directly access the current value of a state
rather than having to calculate it by traversing
the entire transaction log (= Blockchain).
22. 22IBM Blockchain Platform
How applications interact with the IBM Blockchain
Platform
Blockchain
Developer
Develops
Chaincode
Submits
0 1 2 3
Ledger
Blockchain WorldState
Get, Put, Delete
Record
SDK
Application
!
Emits
Emits
!
Peer
Accesses
24. 24
What makes a good Blockchain Use Case?
•
• A Business problem that cannot easily be solved
with existing techniques
• An identifiable business network
• With a shared ledger
• With Participants, Assets and Transactions
• A need for embedded trust but no Trusted Third
Party
27. 27
IBM Code Patterns for Blockchain
• IBM Code Patterns for Blockchain: https://developer.ibm.com/patterns/category/blockchain/
• 10 Lessons: Design Thinking for Blockchain
https://www.ibm.com/blogs/insights-on-business/government/10-lessons-design-thinking-blockchain/
28. 28
Linux Foundation Open Source Hyperledger
•
App Layer: Hyperledger Sawtooth
Supply Chain
Cargill
https://sawtooth.hyperledger.org/examples/seafood.html
29. Roadmap
• Channels
• Selective endorsement
• SOLO/Kafka orderers
• LevelDB or CouchDB
• Javascript chaincode
• Connection profile
• Encryption library
• Attribute access control
• CouchDB indexes
• Channel based events
• ACLs
• Service discovery
• Pluggable endorsement and validation
• Private Data Collections
• State based endorsement
• Java chaincode
• CouchDB pagination
• Identity Mixer
• Local collections
• SDK improvements
• Lifecycle changes
• Revocation for Idemixer
• Tokenisation
• RAFT
• Operational metrics and logging
• SDK and SHIM improvements
• Burrow EVM
• Long Term Service (LTS) support
07/17 03/18 06/18 10/18 4Q/18
*
1Q/19
*
Based on https://wiki.hyperledger.org/projects/fabric/roadmap - Dates determined by the Hyperledger community - (*) Subject to change
v1
v1.1
v1.2
v1.3
v1.4
v2.0
30. 30
Announcing Hyperledger Grid, a new project to help build and deliver
supply chain solutions!
• United States-based agricultural conglomerate Cargill has announced that it is investing digital
engineering resources to develop Hyperledger Grid, according to an announcement on Jan. 25.
• Hyperledger Grid is a recently announced project from Hyperledger that aims to streamline supply
chains by using blockchain technology.
• Cargill — the U.S.’s largest privately held company with $114.7 billion in revenue — states that the
Hyperledger Grid can “accelerate development of blockchain and other digital solutions for the global
food and agriculture supply chains.”
https://cointelegraph.com/news/cargill-invests-digital-engineering-to-develop-hyperledger-grid
31. 31
The Blockchain Bean in the Supply Chain Space
https://www.ibm.com/thought-leadership/blockchainbean/
YourCup NJB123
40. 40
Blockchain and Supply Chain
• Using a consortium based model, DLT provides the ability to follow a
product from inception to end point delivery while maintaining an
appropriate degree of control and information availability to the consortium
members.
• The three main components (end-end traceability, physical
characteristics and regulatory concerns) can be properly accounted for
through ensuring the permissions and access required of each entity (e.g.,
regulator, customer, partner, producer etc.)
https://wiki.hyperledger.org/_media/groups/requirements/hyperledger_-
_supply_chain_traceability-_anti_counterfeiting.pdf
44. 44
Trade-offs Between Non-Functional Requirements
Consider the trade-offs between
performance, security and resiliency!
Performance
o The amount of data being shared
o Number and location of peers
o Latency and throughput
o Batching characteristics
Security
o Type of data being shared, and with whom
o How is identity achieved
o Confidentiality of transaction queries
o Who verifies (endorses) transactions
Resiliency
o Resource failure
o Malicious activity
o Non-determinism
45. 45
Hyperledger Fabric Now Supports Ethereum Smart
Contracts
• Enterprise blockchain Hyperledger Fabric has introduced support for Ethereum smart contracts. Fabric is designed
to be modular with four main components. These are the main ledger, the consensus mechanism, identity
management, and smart contracts called chaincode. The latest announcement provides an alternative to chaincode.
• Ethereum’s large pool of developers are comfortable with its Solidity smart contract language, so the integration
should make Fabric more appealing to Ethereum developers. Additionally, many coders use Web3 a Node.js set of tools to
build Ethereum decentralized apps (Dapps). By integrating with the EVM, these developers can work with Fabric and
even migrate smart contracts and Dapps over to Hyperledger Fabric.
• https://www.ledgerinsights.com/hyperledger-fabric-integrates-ethereum-smart-contracts-evm-blockchain/
49. 49
Blockchain in the Oil and Gas industry
• The financial implications of conducting traditional transactions for
businesses in the Oil and Gas industry can be staggering.
• These businesses typically rely on extensive supply chains to bring their
products to market.
• As the number of businesses in the supply chain increases, so does the
cost and complexity of reconciling each transaction.
• In response, many organizations are dedicating small armies of people to
resolving billing disputes which can tie up billions of dollars in working
capital.
https://www.ibm.com/blogs/insights-on-business/oil-gas/blockchain-adoption-
chemicals-petroleum/
51. 51
IBM Food Trust
IBM Food Trust
https://www.ibm.com/blockchain/solutions/food-trust
https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=01022001USEN/
https://developer.ibm.com/patterns/track-the-coffee-supply-chain-on-the-blockchain/
52. 52
IBM Food Trust architecture
DATA ENTRY AND ACCESS
Leveraging solution and global standards to
share data with any network participant
authorized by the data owner, you can feel
confident knowing your data is shared only with
need-to-know business partners in a secure and
confidential environment.
CERTIFICATIONS
Digitize business critical certificates and
inspection documents to optimize efficiency for
information management, certify provenance,
and ensure authenticity.
https://www.ibm.com/us-en/marketplace/food-trust
53. 53
Tradelens: Digitizing the Global Supply Chain
•
IBM Blockchain Services: 1500 industry and technical experts
https://cdn2.hubspot.net/hubfs/4989579/TradeLens%20Solution%20Brief
:%20Edition%20One.pdf
Brings together all parties in the supply chain — including shippers/BCOs, freight
forwarders, inland transportation, ports and terminals, ocean carriers, customs and
other government authorities, and more — onto a blockchainbased platform with a
secure permission and identity framework.
Documents are stored off chain with only their hashes included in on-chain
transactions.
65. IBM Blockchain Platform Free 2.0 Beta
65
Design your network with total control: Maintain complete control of your identities, ledger, and smart contracts through
a totally redesigned console. Management of the individual blockchain components is done by you in your own set
of Kubernetes clusters for greatest deployment flexibility.
Govern distributed network with security and ease: In the new IBM Blockchain Platform, individual network components
are even more powerful than before—you can deploy only the components you need and even connect a single peer to
multiple networks, which accelerates your ability to benefit from multiple blockchain industry networks. The monitoring and
governance tooling provides visibility across all your blockchain components. Later in 2019, we will provide the capability
to connect to nodes running in any environment, including on-premise, public, and hybrid clouds.
Grow your network faster and easier: The new design allows you to grow more quickly and easily, to start small and grow
as you scale, paying only for the compute you need. Simplified DevOps allows you to move from development to test
to production in a single environment, and a new VSCode extension creates seamless integration between smart
contract development and network management.
https://www.ibm.com/blogs/bluemix/2019/02/ibm-blockchain-platform-free-2-0-beta/