Joseph, A and Yadav, N and Ganapathy, V and Behl, D and Jayachandran, P (2023) Data Protection in Permissioned Blockchains using Privilege Separation. In: 5th International Conference on COMmunication Systems and NETworkS, COMSNETS 2023, 3-8 January 2023, Bangalore, pp. 748-756.
PDF
COMSNETS_2023.pdf - Published Version Restricted to Registered users only Download (666kB) | Request a copy |
Abstract
This paper concerns the Hyperledger Fabric permissioned blockchain system. This system is in popular use in several enterprise settings, where each participating corporate entity may have sensitive business-related data whose confidentiality it wishes to protect. Fabric provides the channel abstraction that ensures that channel data (e.g., data stored in that channel's ledger, or data transmitted via the network to members of that channel) are only accessible to members of that channel. Unfortunately, as we show in this paper, the channel abstraction only offers data protection under the implicit assumption that all system components in the permissioned blockchain are trustworthy. This assumption may not hold in the presence of compromised container nodes, on which several blockchain-related components execute, or malicious business users inside any one of the participating corporate entities. Under such situations, sensitive corporate data can be leaked to unauthorized entities. We present Aramid, which is an enhanced version of Fabric that offers data protection even in the presence of compromised blockchain components. Aramid uses a privilege-separated architecture in which blockchain components (such as peer or orderer nodes) that are members of multiple channels execute on different containers. Aramid is transparent to legacy Fabric applications, requiring no changes to their codebase. Through our prototype implementation, we show that Aramid robustly defends against a number of attacks possible on Fabric, and that it does so with performance comparable to Fabric. © 2023 IEEE.
Item Type: | Conference Paper |
---|---|
Publication: | 2023 15th International Conference on COMmunication Systems and NETworkS, COMSNETS 2023 |
Publisher: | Institute of Electrical and Electronics Engineers Inc. |
Additional Information: | The copyright for this article belongs to Institute of Electrical and Electronics Engineers Inc. |
Keywords: | Abstracting; Containers; Distributed ledger; Sensitive data, Block-chain; Business-users; Channel abstractions; Corporate data; Corporates; Data leakage; Permissioned blockchain; Privilege separation; Security; System components, Blockchain |
Department/Centre: | Division of Electrical Sciences > Computer Science & Automation |
Date Deposited: | 20 Mar 2023 09:41 |
Last Modified: | 20 Mar 2023 09:41 |
URI: | https://eprints.iisc.ac.in/id/eprint/81030 |
Actions (login required)
View Item |