Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to secure hyperledger fabric state database?

Tags:

blockchain

hyperledger-fabric

hyperledger

I have a use case where one individual(i1) hosts hyperledger fabric system. Other individual(i2) is also interested to use the system, but is unsure if his data is secure in the system. I can create two separate channels or even make private data store and give access to data to only the data owner. However, since i1 is in control of the system, he could see data through couchdb or by accessing docker containers. How to secure the database, so that the second individual (i2) can be convinced that his data is not accessible by the first individual (i1)?

like image 584
Bukks Avatar asked Aug 06 '19 11:08

Bukks

People also ask

How do you encrypt data in Hyperledger Fabric?

In Hyperledger Fabric on Managed Blockchain, you can specify the type of AWS KMS key at the member level. This encryption key is then inherited by any peer nodes that the member creates. Data at the network level is encrypted using AWS owned keys by default at no additional cost.

How secure is Hyperledger Fabric?

Hyperledger Fabric Security Blockchain data is secure by design, however, the functional part of this security relies on proper configuration of Hyperledger certificate authority (CA) with proper key management.

What is state database in Hyperledger Fabric?

LevelDB is a state database that stores ledger data as simple key-value pairs. It is the only peer state database available for Hyperledger Fabric 1.2 networks on Managed Blockchain. LevelDB supports only key, key range, and composite key queries.

Why is state database used in Hyperledger Fabric?

Hyperledger Fabric uses state databases to store the ledger records in the World State. The State Database includes LevelDB and CouchDB to be flexible for the developer to verify the records.

1 Answers

@Bukks for just simply encrypting data in Hyperledger Fabric couchdb you can follow this tutorial https://www.skcript.com/svr/end-to-end-encryption-hyperledger-fabric/ . as per your concern that is related to data privacy in case where network is owned by i1 in fabric network to perform any transaction a user needs an MSP and i2 user/admin MSP will be required to do so. that i1 will not have. so accessing anything from docker container wouldn't be possible. now talking about couchdb while spinning up couchdb container you can specify username password using env variable in docker-compose.yml file so even accessing couchdb wouldn't be possible.

i2 as an organisation, Considering your particular scenario when i2 joins the network peer, couchdb and MSP will be created dynamically for i2, at same time a random password generation or user can provide password for couchdb.

like image 119
mohammed Avatar answered Sep 18 '22 13:09

mohammed
Sign in to Comment

Related questions

Bulk insert into Hyperledger Fabric keeps timing out
Docker overlay2 eating Disk Space
How to query ledger and historic data in Hyper-ledger Fabric
Where can I find out the possible environment variables for Hyperledger Fabric peer command?
Fabric Error: failed to create deliver client: orderer client failed to connect to orderer.example.com:7050: failed to create new connection
Hyperledger Fabric with docker not storing data after restart
What does shim in fabric chaincode stand for?
Hyperledger Fabric blockchain network from scratch
Hyperledger Composer v0.16.0 network start error
how we can call one chaincode from another chaincode in fabric 1.0 ?? if anyone having example please share
Hyperledger Fabric - Error on Invoke / TLS handshake failed with error tls: first record does not look like a TLS handshake
Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied
unable to find newEventHub function
How your data is safe in Hyperledger Fabric when one can make changes to couchdb data directly
In Hyperledger Fabric when I try to invoke, I'm getting the following error: chaincode definition for 'fabcar' exists, but chaincode is not installed
Can identities running on Indy be referenced in Fabric blockchain?
Attempt to achieve high throughput in Hyperledger Fabric network
Unable to communicate with orderer from peer hyperledger fabric

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!