Shan Wang, Ming Yang, Yue Zhang, Yan Luo, Tingjian Ge, Xinwen Fu, Wei Zhao
{"title":"On Private Data Collection of Hyperledger Fabric","authors":"Shan Wang, Ming Yang, Yue Zhang, Yan Luo, Tingjian Ge, Xinwen Fu, Wei Zhao","doi":"10.1109/ICDCS51616.2021.00083","DOIUrl":null,"url":null,"abstract":"Hyperledger Fabric is a popular permissioned Blockchain framework for a consortium of organizations to develop Blockchain based applications and transact within the consortium. Hyperledger Fabric introduces a fine-grained access control mechanism called the private data collection (PDC), which allows private data to be shared by only a subset of participants. In this paper, we analyze PDC and show three classes of use cases in which misuse of Hyperledger Fabric features may endanger implemented Hyperledger Fabric systems. We present two groups of potential attacks including fake PDC results injection and PDC leakage against the misuse of the policy based consensus protocol. We use prototype systems to validate the discovered attacks. We also collected 6392 Hyprledger Fabric projects on GitHub and built a tool to statically analyse them. We find that 86.51% of the PDC related projects are potentially vulnerable to the fake PDC results injection attacks, and 91.67% have PDC leakage issues. We design new features for the Hyper-ledger Fabric framework to mitigate the attacks and show that the new features have minor impact on the system performance.","PeriodicalId":222376,"journal":{"name":"2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDCS51616.2021.00083","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 14
Abstract
Hyperledger Fabric is a popular permissioned Blockchain framework for a consortium of organizations to develop Blockchain based applications and transact within the consortium. Hyperledger Fabric introduces a fine-grained access control mechanism called the private data collection (PDC), which allows private data to be shared by only a subset of participants. In this paper, we analyze PDC and show three classes of use cases in which misuse of Hyperledger Fabric features may endanger implemented Hyperledger Fabric systems. We present two groups of potential attacks including fake PDC results injection and PDC leakage against the misuse of the policy based consensus protocol. We use prototype systems to validate the discovered attacks. We also collected 6392 Hyprledger Fabric projects on GitHub and built a tool to statically analyse them. We find that 86.51% of the PDC related projects are potentially vulnerable to the fake PDC results injection attacks, and 91.67% have PDC leakage issues. We design new features for the Hyper-ledger Fabric framework to mitigate the attacks and show that the new features have minor impact on the system performance.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
