Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to secure hyperledger fabric state database?

I have a use case where one individual(i1) hosts hyperledger fabric system. Other individual(i2) is also interested to use the system, but is unsure if his data is secure in the system. I can create two separate channels or even make private data store and give access to data to only the data owner. However, since i1 is in control of the system, he could see data through couchdb or by accessing docker containers. How to secure the database, so that the second individual (i2) can be convinced that his data is not accessible by the first individual (i1)?

like image 584
Bukks Avatar asked Aug 06 '19 11:08

Bukks


People also ask

How do you encrypt data in Hyperledger Fabric?

In Hyperledger Fabric on Managed Blockchain, you can specify the type of AWS KMS key at the member level. This encryption key is then inherited by any peer nodes that the member creates. Data at the network level is encrypted using AWS owned keys by default at no additional cost.

How secure is Hyperledger Fabric?

Hyperledger Fabric Security Blockchain data is secure by design, however, the functional part of this security relies on proper configuration of Hyperledger certificate authority (CA) with proper key management.

What is state database in Hyperledger Fabric?

LevelDB is a state database that stores ledger data as simple key-value pairs. It is the only peer state database available for Hyperledger Fabric 1.2 networks on Managed Blockchain. LevelDB supports only key, key range, and composite key queries.

Why is state database used in Hyperledger Fabric?

Hyperledger Fabric uses state databases to store the ledger records in the World State. The State Database includes LevelDB and CouchDB to be flexible for the developer to verify the records.


1 Answers

@Bukks for just simply encrypting data in Hyperledger Fabric couchdb you can follow this tutorial https://www.skcript.com/svr/end-to-end-encryption-hyperledger-fabric/ . as per your concern that is related to data privacy in case where network is owned by i1 in fabric network to perform any transaction a user needs an MSP and i2 user/admin MSP will be required to do so. that i1 will not have. so accessing anything from docker container wouldn't be possible. now talking about couchdb while spinning up couchdb container you can specify username password using env variable in docker-compose.yml file so even accessing couchdb wouldn't be possible.

i2 as an organisation, Considering your particular scenario when i2 joins the network peer, couchdb and MSP will be created dynamically for i2, at same time a random password generation or user can provide password for couchdb.

like image 119
mohammed Avatar answered Sep 18 '22 13:09

mohammed