Vulnerabilities on Hyperledger Fabric

Abstract In this paper, we have precisely analysed Hyperledger Fabric and pointed out two security limitations with possible solutions. First, the identity of an endorser is known to all members within a channel, which opens a gateway for DoS attack on endorsers in order to either block transaction pertaining to a client, or to degrade network efficiency. Second, the technology is prone to wormhole attack i.e. within a channel, compromising a member leads to leakage of ledger information of all members, to everyone outside the channel. We have proposed a solution to remove the above mentioned weaknesses. We have proposed two different mechanisms to eliminate the first weakness. The first approach uses a random verifiable function to randomize endorsers, while the second approach uses pseudonyms to anonymize endorsers. To address the second weakness, we have anonymized sender and receiver identity inside a channel. We have used a group signature approach using bilinear pairing to hide the sender identity and a zero knowledge approach using bilinear pairing to anonymize the receiver. The approach is immune to a malleability attack. Proper security proofs have been provided for Signature Unforgeability and Unlinkability in Ciphertext (UN-C). We have provided experimental results to measure the impact of DoS attack on hyperledger network using Hyperledger Caliper. After applying DoS attack on two peers, the throughput is reduced from 125 t p s to 100 t p s at send rate 123 t p s . The latency in increased from 1.396 s to 2.44 s at send rate 123 t p s .

[1]  Ping Wang,et al.  Two Birds with One Stone: Two-Factor Authentication with Security Beyond Conventional Bound , 2018, IEEE Transactions on Dependable and Secure Computing.

[2]  Ping Wang,et al.  Measuring Two-Factor Authentication Schemes for Real-Time Data Access in Industrial Wireless Sensor Networks , 2018, IEEE Transactions on Industrial Informatics.

[3]  Ping Wang,et al.  The Request for Better Measurement: A Comparative Evaluation of Two-Factor Authentication Schemes , 2016, AsiaCCS.

[4]  Muhammad Khurram Khan,et al.  An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography , 2015, Journal of Medical Systems.

[5]  Robert H. Deng,et al.  A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[6]  Kim-Kwang Raymond Choo,et al.  A Provably-Secure Cross-Domain Handshake Scheme with Symptoms-Matching for Mobile Healthcare Social Network , 2018, IEEE Transactions on Dependable and Secure Computing.

[7]  Debiao He,et al.  Privacy-preserving data aggregation scheme against internal attackers in smart grids , 2016, Wirel. Networks.

[8]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[9]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[10]  Marko Vukolic,et al.  A Byzantine Fault-Tolerant Ordering Service for the Hyperledger Fabric Blockchain Platform , 2018, DSN.

[11]  Frederik Vercauteren,et al.  Aspects of Pairing Inversion , 2008, IEEE Transactions on Information Theory.

[12]  Silvio Micali,et al.  ALGORAND: The Efficient and Democratic Ledger , 2016, ArXiv.

[13]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[14]  Ping Wang,et al.  Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment , 2015, IEEE Transactions on Dependable and Secure Computing.

[15]  Jianhua Chen,et al.  Certificateless Searchable Public Key Encryption Scheme for Industrial Internet of Things , 2018, IEEE Transactions on Industrial Informatics.

[16]  Athanasios V. Vasilakos,et al.  Secure Biometric-Based Authentication Scheme Using Chebyshev Chaotic Map for Multi-Server Environment , 2018, IEEE Transactions on Dependable and Secure Computing.

[17]  Song Han,et al.  An Efficient Identity-Based Group Signature Scheme over Elliptic Curves , 2004, ECUMN.