Hyperledger Fabric Archives

Jun 30

Avoid Ransomware Using BIoT – A Lightweight Zero Trust Architecture using Hyperledger Fabric

By Owen Wang, BDATA, and Nima Afraz, School of Computer Science at University College Dublin Blog, Hyperledger Fabric

Let’s talk about cyberattacks

Before the pandemic hit, the world was already experiencing an increase in cybercriminal activities. The pandemic is merely a catalyst that made the cybersecurity problem even worse. From the start of the pandemic to the economic shutdown, companies worldwide have been forced to let their employees work from home at short notice. Many companies are not prepared for their employees to access intranets from their homes with various levels of security. For example, some employees do not have updated computers and many have computers already infected with viruses, malware, and trojan software. Such unsecured connections and the blurred usage between work and personal computers have increased IT/OT infrastructure vulnerabilities and expose companies to cyberattacks.

In the past six months, there have already been several major attacks on infrastructures and critical industries:

The Irish Health Service Executive cyberattack: On May 14, 2021, the HSE reported a major ransomware cyberattack that caused all of its IT systems nationwide to be shut down to prevent further damage. The HSE ransomware attack that has crippled the Irish healthcare system since mid-May started when a single computer stopped working, and the HSE worker reached out for help by clicking on a disguised link that led to a drive-by download of ransomware.

Colonial pipeline ransomware: On May 7, 2021, Colonial Pipeline suffered ransomware attacks that resulted in the company paying five million dollars to the hackers to unlock the system. While the company did not release any information on how the ransomware infected the company’s computers, some insiders familiar with the matter said the VMware was compromised through an open port.

Oldsmar, Florida, water treatment plan hack: On February 8, 2021, the Oldsmar water treatment plant was hacked. The hacker was able to gain access to a control computer and attempted to increase the sodium hydroxide level in the drinking water. Luckily, the attempt was stopped in time by the operator.

Advantech’s ransomware attack: On November 20, 2020, the global industrial computer manufacturing company Advantech was hit by a ransomware attack, and the people behind the attack demanded a ransom of 750 Bitcoins ($13.8 million).

Unsecured connectivities, infested home devices, and password-driven technologies could be the reason why cyberattacks, cyberwarfare, and ransomware are hitting daily news headlines at an unprecedented rate. Meanwhile, hackers leverage the scale of impact as their bargaining chip to force governments or corporations into compliance.

The ransomware business model

The business model of ransomware is simple: the attackers infect the victim’s computer with ransomware through a phishing email, drive-by download of trojan software or through stolen password, infest the key computers in the network, open a port for attack and data transmission, then lock the important data away, generate a cryptographic key and hide it until the victim pays up the ransom.

Attackers can choose to go after smaller victims for smaller ransom amounts or risk attacking larger victims, or go big game hunting. Although the prize for big game hunting is considerably more tempting, the risks are higher. For instance, attacking a bigger target (e.g., a government organization, healthcare system, or energy infrastructure) puts the attackers on the radar of law enforcement. These larger targets are also less likely to pay the ransom to avoid funding future attacks by these cybercriminal gangs.

Targeting smaller but numerous victims requires more workforce as the attackers have to penetrate the victims’ networks and negotiate and convince every one of them to pay the ransom. In addition to being costly, more humans involved means more space for error and eventually jeopardizing the entire operation. However, smaller targets are more likely to choose the easy way out and pay the ransom to avoid scandal, panicking customers, and plummeting stock prices. Perhaps all of these pros and cons have made the cybercriminal gangs go back and forth with small and big targets and try their luck.

The current cybersecurity solution

The most common approach companies take to secure their network is through layering and isolation. In the simplest term, layering architecture helps companies to ‘limit’ access from different levels of users. For example, a public user can only visit the public section of a website while the employees with special privileges can access the backend of the site. This approach is simple and easy to create. However, the biggest challenge is that if the authentication of a superuser is compromised or malware secretly opens a port to the attacker, the layering system will not be able to stop the attacker because systems using layering architecture always trust local connections and requests. In the view of the attackers, once they pass the gate, it is a free buffet. It is especially true that conventional tunneling technologies such as Virtual Private Network, VPN, could help mitigate some cybersecurity threats by strengthening the external connection. However, VPN is still a password-driven technology, and as long as there is a single weak point in the VPN network, the entire network’s safety is jeopardized.

Blockchain and Zero-Trust netwworks

Blockchain technology offers several advantages when used for data encryption and communication. In a blockchain, data is structured into blocks, and each block contains a ledger to keep a bundle of transactions in a decentralized structure. What makes blockchain secure is that all transactions must be approved and validated by all the nodes in the chain through a consensus mechanism. Blockchain technology’s immutable and decentralized nature makes the data impossible to tamper with and the network nearly impossible to hack.

Blockchain can greatly enhance the zero-trust network. In a zero-trust network, any transaction needs to be authenticated. The network controller does not ‘trust’ any request or command sender until that sender can be verified for each action. Blockchain can enhance the network by:

a.    Detection of suspicious activity in any transaction
b.    Isolation of connection
c.    Access limits for certain users until cybersecurity officers have a closer look
d.    Immutable policies due to the immutable nature of blockchain

Despite blockchain technology’s advantages in cybersecurity, the application of blockchain technology is limited largely to supply chain, fintech, and digital currency at the moment.

Several roadblocks are hindering the implementation of the blockchain in network security. First, the latency caused by updating all nodes can pose operational problems. Second, the size of the ledgers may be an issue for IoT devices and smaller devices to use blockchain. Third, it drives up the energy consumption for the network.

BDATA and BIoT technology

BDATA (www.Bdata.ca), a Toronto-based company, has taken a stab at the roadblocks for using blockchain in cybersecurity. BDATA has developed BIoT (Blockchain Internet of Things) technology, which is a lightweight and low latency blockchain.

BIoT uses the multichain architecture based on Hyperledger Fabric, which creates complex on-device security. BIoT technology is also energy friendly since it requires low processing power and low RAM to run on edge devices. BIoT technology has also avoided the problem with high latency and large file issues associated with blockchain technology. BIoT is a lightweight (<50MB) and low latency (<10ms on 5G and <40 ms on 4G LTE) protocol that can be deployed on any device.

BIoT technology is also cost effective when compared with the practice most companies are doing. The majority of the companies are using MQTT for data streaming, VPN for handshake connectivity, intrusion detection systems (IDS) for device monitoring, and device management (DM) for endpoint management, and each application costs significant resources to deploy and maintain. BIoT is an all-in-one solution as the technology contains functionalities such as authentication, intrusion detection, data streaming, endpoint management, and KPIs ensuring IT/OT infrastructure security.

The following are the steps to deploy BIoT technology:

Register organization and deploy BIoT endorsing peers
Extract devices board identity (e.g, for Mac, Hardware UUID)
Register device using board identity
Deploy BIoT peer on the device using the curl command:
o    BIoT peer will read the device board ID to enroll the device with the BIoT chain
o    BIoT peer will stream the data fully encrypted using a cryptographic chain of TLS 1.3 certificates.
o    BIoT peer will provide complete device log analytics, intrusion detection, endpoint management, MITRE, device compliance with cybersecurity standards and many other useful features.

Upon successful consensus among the organization endorsing peers, the device will be authenticated and received a trusted status to stream data from the device to pre-authenticated designated servers on the organization’s BIoT zero-trust network. Time-stamped hashes are created for every data point streamed from the trusted device. Every hash is stored in the query-able ledger to ensure the immutability of the data, and the streamed data gets decrypted for analytics and other uses.

BIoT technology works on ARM, Intel, and AMD architectures and all the major operating systems such as Android, Mac, Windows, and Linux-based operating systems. Devices with the BIoT technology can be implemented rapidly for a consortium of organizations or an individual organization without duplicating data. Early adopters of the technology include Advantech, Supermicro, Intel, Arrow, and ASUS IoT edge devices.

BIoT features include:

Multichain Architecture – BIoT has four chains:
i.    Device Authentication
ii.    Data Streaming
iii.    Endpoint Management
iv.    Intrusion Detection System
Cryptographic chain of TLS certificates
DevOps & serverless technologies to auto manage the data load and peer deployments

Differences between BIoT and VPN

BIoT technology has several advantages when compared with VPN technology:

1. First, the machine-to-machine trust is automatically established in the BIoT network. This helps the machine to communicate with other machines on the trusted network of machines without password-driven authentication. The network trust is handled entirely by the blockchain, based on the device’s unique board identity.

2. Second, any data transaction is traceable and is always ready for auditing. The blockchain ledgers store the hashes of each data transaction, which ensures data immutability, and the hashes are always ready for the read operation. Currently, companies do backups to store the data, but data trust is always a big question during the backup. BIoT’s data immutability ensures data backup without compromising data quality and authenticity.

3. BIoT runs on a zero-trust network. Every operation is recorded on the ledger, and all the nodes in the chain authenticate every block. If any anomaly happens, the BIoT intrusion detection mechanism will be triggered, and the operators will be alerted in real-time.

A brighter future of remote working and IoT using BIoT

As manufacturing automation and edge device implementation are growing exponentially, the need to protect remote assets and keep the network safe from cyberattacks is also increasing exponentially. Data privacy and integrity are also paramount in many verticals of our society, such as medical, defense, and smart city infrastructure. Likewise, with a continued increased number of remote access and IoT deployments, cyber criminal activities will be on the rise. BIoT can be a great resource for companies to add an immutable layer of security to fight against advanced and diverse cyberattacks.

About the contributors

Owen Wang is the co-founder of BDATA solution. He is a professional engineer by trade and graduated from Queen’s University with an Electrical and Computer Engineering bachelor’s degree. Owen joined SIEMENS Canada after university and led a team of R&D software developers before finishing his MBA degree from Schulich School of Business. Now, Owen and Syed Bari are working together on the BDATA startup venture and working together to change the world of cybersecurity with blockchain technology.

Nima Afraz is an Assistant Professor in the School of Computer Science at University College Dublin. He is affiliated with the CONNECT Research Centre, and his research focuses on blockchain applications in telecoms, the economics of networks, and network virtualisation. Nima is a recipient of the government of Ireland postdoctoral fellowship and worked as a postdoctoral fellow at Trinity College Dublin to address the challenges in the adoption of blockchain technology in telecommunications. Nima is the vice-chair of the Linux Foundation’s Hyperledger telecom special interest group. He received his PhD in computer science from Trinity College Dublin, Ireland, in 2020.

Jun 29

Love1

Hyperledger Technologies at Work: Production Solutions in Telecom

By Hyperledger Blog, Hyperledger Fabric, Telecom

It’s #HyperledgerTelecom month so we are spotlighting some of the exciting ways Hyperledger technologies are at work across the industry. Below are some noteworthy production solutions in the telecom market that are built on Hyperledger platforms.

GSMA eBusiness Network

GSMA eBusiness Network, a blockchain solution developed by GSMA, aims to automate the complex business processes for wholesale roaming, ensuring readiness in the 5G and IoT era. The new private-permissioned industry-wide blockchain network. The GSMA eBusiness Network, built on Hyperledger Fabric, has the potential to support secure and transparent inter-operator settlements through decentralised applications and facilitate the digital transformation of wholesale roaming by improving operational efficiency, cutting costs, and mitigating errors and disputes. It was announced as a commercial offering just this week.

Tech Mahindra’s plug-n-play solution to curb spam calls

By 2018, the spam call situation had grown grim in India, a country with more than 1 billion active mobile subscribers, causing bad customer experience and propagating of fake news and financial scams. The Telecom Regulatory Authority of India (TRAI) acknowledged UCC (Unsolicited Commercial Communication) or spam calls were a major nuisance to telecom subscribers across the country and a growing menace that needed to be tackled with immediate effect. Though TRAI had established a “Do Not Disturb” (DND) list with more than 230 million subscribers on it, unregistered telemarketers continue to spam customers, obtaining their consent through fraudulent and questionable tactics. Through various internal and external assessments, DLT was selected as the underlying technology to curb the menace.

Tech Mahindra developed a plug-n-play solution, built on Hyperledger Fabric, to mitigate the problem. With the solution successfully deployed across three major telcos in India, Tech Mahindra has access to >50% market. This solution has potential to have a global impact. Tech Mahindra has already reached out to the Federal Communications Commission (FCC) in the U.S. market and is exploring opportunities to socialize it with U.S.-based telcos to address the pain points of robo-calling and caller ID spoofing are key pain areas that can be addressed by our solution.

Trust Your Supplier

Trust Your Supplier (TYS) is an innovative solution developed in a partnership between IBM and Chainyard to address the inefficiencies and risks associated with supplier information management. Built on a Hyperledger Fabric framework, it works with a network of enterprise buyer organizations, including three of the leading telecom companies: BT, Nokia and Vodafone.

These companies are working on TYS together to bring digital transformation to the telecom industry. As an integral part of their strategy, the TYS blockchain platform is bringing transparency and supplier visibility at every touchpoint, which supports compliance activities such as diversity, sustainability, cyber security, and anti-corruption.

Chime in on social with your own examples of Hyperledger in action in the telecom space here using #HyperledgerTelecom.

Telecom updates from Hyperledger Global Forum

At Hyperledger Global Forum, there was a range of telecom sessions led by experts from carriers, technology leaders and academia, including:

Dispute Management using Blockchain – Rangesh Sripathi & Ahmed Khan, Verizon

Building Transformative Platforms to Scale 5G Ecosystems using Hyperledger – Utpal Mangla & Mathews Thomas, IBM

Access for the Next Billion – Decentralizing Authentication and Handover in 4G LTE/5G – Sudheesh Singanamalla, University of Washington

We also have an active community for those interested in participating and contributing to telecom solutions. The Hyperledger Telecom Interest Group (SIG) is focused on technical and business-level conversations about appropriate use cases for blockchain technology in the telecom industry. All are welcome.

Cover image by Pete Linforth from Pixabay.

May 26

Love0

#HyperledgerInterop: A Sampling of Production Cross-Platform Solutions and Deployments Built with Hyperledger Technologies

By Hyperledger Blog, Hyperledger Besu, Hyperledger Fabric, Hyperledger Sawtooth

The rapid pace of innovation in the development and deployment of blockchain technologies is creating more points of intersection for cross chain and cross application data and transaction flow. Fortunately, there is also a robust effort underway to deliver new approaches to ensuring that solutions work across platforms and protocols. Case in point: at the upcoming Hyperledger Global Forum, there will be 20 talks covering various aspects of blockchain interoperability and integration.

Below, we take a look at a sampling of use cases where Hyperledger technologies are at play in solutions that are operating in or enabling cross-platform production deployments:

Daml
Daml, a multi-party application platform created by Digital Asset, is widely used in distributed applications that deliver portability across a number of blockchain platforms, including Hyperledger frameworks: Besu, Fabric and Sawtooth. Recently, using Hyperledger Fabric, Ethereum and a traditional Postgres database, Digital Asset demonstrated platform interoperability and open sourced the code to help CBDCs (and other applications that need to integrate with CBDCs) interoperate, making the digital currencies compatible regardless of the underlying technology. The code for this CBDC use case is available on Git Hub. Read more and watch the demo here.

Hala System’s Sentry

Hala Systems is using Hyperledger Fabric alongside Hedera as part of its Sentry early warning system, which helps protect 2M+ people in Syria. Hala Systems uses both Hyperledger Fabric and Hedera to manage the metadata of created media and user input produced in conflict. The hashed metadata is simultaneously written to a private blockchain built on an IBM Blockchain Platform powered by Hyperledger Fabric and to Hedera Consensus Service. Hala Systems uses the IBM Blockchain Platform to act as its internal repository, preserving additional metadata to augment the auditable hash data sent to Hedera Consensus Service. With these two sets of records, any third party can verify the information on the public ledger to match the image and, if necessary, its accompanying data stored on the private ledger.

Project Starling

Project Starling was developed to help empower organizations to securely capture, store, and verify human history. Starling represents a ground-breaking methodology in the fight against the spread of misinformation and the looming threat of deep fakes by providing open-source tools. Starling uses the latest cryptographic methods and decentralized web protocols to meet the challenges of establishing trust in our most sensitive digital records.

Jointly developed by teams at USC and Stanford, the Starling framework leverages multiple decentralized technologies including IPFS, GUN, Hyperledger Fabric, and Hedera Hashgraph throughout its process. For each piece of media captured, the framework is designed to store images on IPFS, using Filecoin, these image’s associated metadata is then stored in a permissioned Hyperledger Fabric network, securely protecting any sensitive information. For each media file, a hash of the information stored in Hyperledger Fabric is taken and recorded on the public Hedera network. By doing so, third parties are able to more readily trust the application owner and be assured no bad actor has falsified or modified results after the fact.

Join the conversation this month about developments and deployments using Hyperledger technologies to drive interoperability with #HyperledgerInterop on social channels.

Cover image by Clker-Free-Vector-Images from Pixabay.

May 13

Love0

The Power of Collaboration in a Vendor-Neutral Environment: An Interoperability Story

By Kevin Otto, Senior Director, Community Engagement, GS1 US Blog, Hyperledger Fabric

With the vast amount of data being shared today, and even more potential for data to be shared widely through distributed ledger technologies, the value of collaboration is becoming an imperative. As the saying goes, none of us is as smart as all of us.

Collaboration in the supply chain is accomplished in many ways, but where the exchange of data is concerned, it happens more efficiently within a standards-based framework. There are dozens of companies currently leveraging Hyperledger platforms in combination with GS1 Standards as a foundation for data consistency and accuracy. Together, innovative use cases come alive, including potentially life-saving advances in food and pharmaceutical supply chain safety, as well as applications of technology that make supply chains more visible to support product provenance and information transparency.

Collaboration in a vendor-neutral environment starts with having an organizational culture that first recognizes the value of having access to outside insights. Like the Hyperledger projects, collaboration often means joining together with peers, or even competitors, to better understand how to apply standards and technology to solve a collective problem. When industry leaders come together for a GS1 US initiative meeting, workgroup, discussion group, or virtual event, for example, they are making a commitment to problem-solving on pre-competitive issues and operating with the understanding that all participants are there to learn, contribute, and holistically support their respective industries.

To better understand the power of collaboration in a neutral environment, let’s examine a recent example—a pilot program convened by GS1 US to explore interoperable seafood traceability solutions.

Facilitating Innovation

GS1 US facilitates innovation in a few ways, often through a discussion group or to conduct a pilot that investigates a specific challenge or technology. First, the organization has a dedicated team of innovators who regularly explore the impact of emerging technology, such as DLT, artificial intelligence, robotics, emerging data carriers and more, on the supply chain. This is a proactive operation designed to stay ahead of what could be influencing the business landscape in the next few years.

Another way is as a response to an industry “ask.” Highly engaged industry executives leverage the organization’s neutrality to evaluate a technology that has industry communities buzzing and interested. In either case, GS1 US serves as a bridge between the technologists and those who can use their solutions to solve problems.

The seafood traceability pilot was born through industry’s request. Several stakeholders expressed concern for the lack of interoperability between solutions and a growing need to address visibility gaps in the seafood supply chain that leave it open to fraud and other food safety hazards. They foresaw a potentially inefficient future where end users would be forced to join multiple ecosystems, and the costs of each would create a burden to work with their many trading partners. GS1 US hypothesized that GS1 Standards could play a role to preserve solution choice while enabling multiple systems to interoperate.

Assembling the Participants

Building on our evolving and well-rounded understanding of the supply chain and the industries using GS1 Standards, GS1 US recruited participants of diverse sizes.

In early 2020 as part of the first phase of the pilot, the team selected traceability solutions from FoodLogiQ, IBM Food Trust (which leverages Hyperledger Fabric), ripe.io, and SAP to be evaluated. Simply put, the phase would create a prototype for how GS1 Standards can help each solution interoperate to transmit and exchange information about a product’s journey throughout the supply chain. The pilot’s focus was on the use case first, not necessarily the technology—hence the inclusion of FoodLogiQ, which does not have a DLT solution. Blockchain was considered a technology choice—each platform was required to have the ability to extract data to exchange with another platform.

Just recently, GS1 US completed the second phase of this pilot, adding end user participants (well-known seafood industry stakeholders and solution providers) and real-world traceability data, building on the simulated data of the first phase. For this part of the study, GS1 US enlisted the help of the Global Dialogue on Seafood Traceability (GDST), a seafood industry forum dedicated to forming global application standards for seafood traceability. In this phase, the group tested the flow of existing standardized product data using the established prototype and the GDST application standards for the seafood supply chain.

Key Findings and Their Significance

In both phases of the pilot, GS1 US determined that interoperability between solutions was possible when leveraging the GS1 System of Standards for the unique identification of products and locations, as well as GS1 Electronic Product Code Information Services (EPCIS), as a standardized data model for physical event data. EPCIS provided a consistent format and exchange protocol for sharing event data and transmitting key information from production to sale by uniformly facilitating the transmission of critical tracking events, such as whether a product had been shipped, received, packed, or transformed.

The interoperability of these systems supports the movement toward more widespread supply chain digitization and future requirements of the U.S. Food and Drug Administration (FDA) proposed Food Safety and Modernization Act (FSMA) section 204 food traceability rule.

Using real-world data, the pilot demonstrated how EPCIS effectively connected two or more traceability systems and provided a way for systems to “speak” to each other using standards. Equally important, industry collaboration was critical to define the systems’ “conversation.” With both key elements in place, participants were confident that they had moved a step closer to industry-wide traceability and transparency for seafood.

Ongoing Efforts

Moving forward, the GS1 US team will continue to work with industry to understand traceability data requirements, evaluate the need for new technical standards or protocols required for interoperability, and explore more advanced use cases.

Ultimately, the pilot story is just one story where the power of standards to bring unlikely collaborators together, united in a common goal. When industry leaders join together, advancement for all can be accomplished.

Cover image by Volker Glätsch from Pixabay

May 10

Love0

Universal DLT interoperability is now a practical reality

By Luke Riley, Head of Innovation at Quant Blog, Hyperledger Besu, Hyperledger Fabric

Anyone who’s involved in the implementation of DLT-based solutions will need no introduction to the problem of interoperability. It’s an issue that has dogged the technology from the very beginning and has severely limited its application. Now, though, that era is in the past. Today, DLTs can interoperate seamlessly and easily, allowing their full potential to be realised across a multitude of use cases. Here, we’ll take a look at how this breakthrough has been achieved. And we’ll begin with a review of the problem and the various attempts to solve it.

Over the years, there have been many attempts to solve the problem of interoperability. Of the various approaches taken, the World Economic Forum (WEF) identified three main categories: Cross Authentication (DLT-relayers), Oracles and the API Gateway. Which, of course, begs the obvious question: which is the best path to follow in the search for true universal interoperability?

To answer this question we will firstly introduce each approach and follow with a comparison between them.

WEF DLT Interoperability Category 1: Cross Authentication

This interoperability category is the most decentralised of the three categories. It requires separate authorization on each side of the interoperability connection. Examples include:
– Hash-locking: this is used, for example, to atomically swap assets across distributed ledgers.
– DLT-Relayers: these are distributed ledger communication protocols that act as orchestration layers between other distributed ledgers. They are designed for the exchange of different types of messages between these networks. Two DLT- relayer examples are Polkadot and Ethereum 2.0.

WEF DLT Interoperability Category 2: Oracles

Oracles allow distributed ledgers to connect to external data resources (which may be another distributed ledger). Oracles are therefore orchestration layers, connected to different resources, that perform various actions according to on-chain and off-chain pre-defined bespoke rules. Some oracles not only pass information from an external data resource to smart contracts but also send data from the distributed ledger back to the external resources. There is usually a single oracle to perform each task, but occasionally there can be a collection of oracles performing the same task (in a permissioned or permissionless manner). Smart contract logic then states how consensus of data is achieved between multiple inputs recorded by different oracles. An example of an oracle system is Chainlink.

WEF DLT Interoperability Category 3: API Gateway

An API provides access to a server and the resources it is connected to. An API gateway provides organised access to many underlying API resources, simplifying requests to the underlying resources to improve the user experience. A DLT API gateway can have shared end points across distributed ledger networks, standardise DLT data objects and can compress many DLT actions into one endpoint. This is the approach we take with Quant’s Overledger API.

One way to determine the best interoperability path to follow in the search for true universal interoperability is to look at how each approach “scores” in terms of the key functional criteria that defines a robust, flexible and scalable solution. These criteria are:

Proven Technology

While it’s true that DLT-relayers have been in development for many years, they are not yet proven technology – there is, as yet, no stable implementation running in a high-load environment. A similar story is true of oracles – although data feed technology is established, data feeds from one distributed ledger network (DLN) to another and back again has yet to be proven in practice. API gateways, on the other hand, have a long-proven record with many thousands of implementations around the world.

Decentralisation method: As pointed out by the WEF, the three different models have different decentralisation properties. DLT-relayers, for example, can be fully decentralised if a permissionless DLN is used. Oracles, however, have two different levels of permissions. One depends on the network permissions, the other depends on the smart contract permissions. With API gateways, on the other hand, the amount of decentralisation is provided by the ecosystem of separate API gateways run by different stakeholders.

How users interact: For DLT-relayers, users either need to be provided with direct access to relayer nodes, or they must be given access to DLT-relayer nodes through an API gateway model. Non-oracle users can interact with the on-chain oracle smart contracts, or they can interact with an off-chain oracle instance. For the API gateway itself, users interact through the API using standard elements like REST.

Resilience: The resilience of DLT-relayers depends on the consensus protocols it runs, particularly that of the connecting chain. As each consensus protocol has limits on the percentage of malicious nodes that it can handle, the resilience of the entire network is dependent on the number of nodes in the network. With oracles, the more oracles that feed data about the same topic, the more resilient the system – generally speaking – will be. An API gateway’s resilience is determined by the number of instances running and its load balancing capabilities and can be tuned for each type of use case.

Combining permissionless and permissioned DLNs: As yet there is no technical, or convincing theoretical demonstration, of how this can be completed using DLT-relayers without compromising security.

The brief analysis above points to a clear conclusion: API gateways have significant advantages over the other approaches. And it was for this reason that Quant chose the API gateway model for Overledger, our own solution to the challenge of interoperability. Developed by a team highly experienced in enterprise security and nation-level critical systems, Overledger is built on research that began as a collaboration with UCL, and now provides a secure, simple, and cost-effective API connection to all major DLTs. A robust, enterprise-grade solution, Overledger is easily integrated with multiple DLTs, including Hyperledger Fabric and Hyperledger Besu, and Quant is constantly expanding the list of supported DLTs.

Today, Overledger is helping to unlock the potential of DLTs in many major projects across the world. One of the most ambitious of these projects is LACChain, an alliance led by the Inter-American Development Bank. Operating across the Latin American and Caribbean region, LACChain is already having demonstrable positive social impact, and the consortium has developed a roadmap that will ultimately lead to the interconnection of regional DLT ecosystems.

Achieving success will require the integration of LACChain (which provides both Hyperledger Besu and EOS technologies) and Quant’s unique Overledger technology. This will facilitate the creation of a new, fast cross-border payments system for the region, using tokenised currency. By flexibly tokenising money, using Quant’s (patent-pending) multi-DLT token technology (MLTS), the LACChain DLN will power a variety of new solutions, ranging from money transfers between private individuals to government and corporate payments, as well as many other future LACChain use cases.

One immediate benefit of this breakthrough will be a revolution in remittances and financial inclusion. For example, where, currently, cross-border banking services for people such as migrant workers or farmers are hard to access and unreliable, the LACChain solution, supported by Overledger, will allow foreign and/or local currency to be transferred in a simple but secure manner, with affordable transaction costs. The system has the potential to be expanded to the large-volume market of the unbanked or others currently excluded from the financial system. In short, the LACChain/Quant partnership will open the door to a host of faster, more efficient and more inclusive financial processes and applications in the LAC region, ranging from cross-border and interbank settlement, to the deployment of digital wallets and smart contracts. The pilot phase of the LACChain project is already well advanced, and full commercial development over the coming twelve months will be a landmark year for DLTs and DLNs.

Apr 29

Love0

Hyperledger-Powered Digital Identity Solutions at Work

By Hyperledger Blog, Hyperledger Fabric, Hyperledger Indy, Identity

As the world continues to grapple with COVID-19, there is an upswing in interest in digital identity technologies and their potential to underpin new health passes, travel credentials and other pathways to restarting economies that are effective, secure, accessible and privacy preserving.

For more on these efforts, read up on the work of the Good Health Pass Collaborative.

Stephan Curran’s post on Why Distributed Ledger Technology (DLT) for Identity? also offers a good explanation of sudden and urgent issues driving interest in identity and the role of Hyperledger technologies in delivering solutions.

Advances on these fronts are fostering important new developments. However, digital identity solutions are reshaping other industries as well. Read on for a sampling of Hyperledger-powered solutions that are in production now, bringing innovation to the telecom, supply chain, education and training and financial services markets:

Alastria ID over Red H+

Alastria ID, a project of Alastria, the Spanish association that promotes the development of solutions based on decentralized ledger technologies, is focused on decentralized identity management. It is a self-managed identity model based on the World Wide Web Consortium (W3C) Verifiable Credentials standard designed to facilitate compliance with the General Data Protection Regulation (GDPR) for individuals, companies, organizations and entities. The use of credentials issued on different networks will enable interoperability across multiple applications.

Telefonica and Inetum have partnered to implement Alastria ID in a Hyperledger Fabric production environment in Alastria. Named “red H+” (H+ network), this implementation gives more than 500 members of Alastria access to a production grade infrastructure based on Hyperledger Fabric technology. Red H+ offers a free of charge Hyperledger Fabric environment for Alastria members, designed for the deployment of proofs of concept or production projects without demanding requirements, and a production-ready paying platform for those members interested in having certain levels of service and personalised and guaranteed response times, as well as value added services such as Alastria ID.

(Note: You can learn more about Alastria’s mission to promote the digital economy and how the Hyperledger community is involved in this May 5 webinar.)

MemberPass®

MemberPass is a digital credential solution that enables financial institutions to instantly verify financial credentials seamlessly across all consumer contact points in a highly secure and privacy-preserving manner. It is the flagship product of Bonifii, the financial industry’s first verifiable exchange network designed to enable trusted digital transactions using open standards and best-of-breed security technologies. Because MemberPass is built on Hyperledger Indy, credit union members can retain full control of their private personal information. The credential is secure and flexible. It allows the member to reveal only the data necessary for a given transaction. (See more on MemberPass adoption here.)

SnapCert

SnapCert is a blockchain-based Credential Authentication platform for universities, colleges and institutes. Offered as a SaaS platform by Snapper Future Tech, SnapCert equips education customers to issue and verify credentials on a blockchain, ensuring no fraudulent credentials can be issued in their name.

Customers include Kushal, a social organization that trains unskilled labour under Indian government National Skill Development program. With SnapCert, verifiers can get real-time verification of Kushal credentials directly from the primary source of the data simply using the last four digits of the credential holder’s Aadhaar id and the name. The solution solves the problem of misplaced paper credentials and reduces the trust deficit by providing easy access to credible credentials that prove the holder’s construction training. It also helps Kushal manage long term record keeping for the skilled workers, connect stakeholders that need the data and increase transparency and ease of doing business.

SnapCert is built using Oracle Blockchain, which is powered by Hyperledger Fabric.

Trust Your Supplier

Built on Hyperledger Fabric blockchain technology, Trust Your Supplier provides organizations a trusted exchange of information across an encrypted blockchain environment to minimize risk and fraud throughout the onboarding and life cycle of partnerships.

A single, digital identity for suppliers can be shared with multiple buyers and business networks. This two-tiered supplier profile approach allows suppliers to be discovered by new customers without handing over unlimited access to their data. The Trust Your Supplier cross-industry blockchain network provides clear provenance and a single, shared, tamper-evident ledger. This is ideal for supporting auditing capabilities as it provides an immutable relationship history between parties.

Verified.Me

In our current digital landscape, securely accessing online services has never been more important. With Hyperledger Fabric, SecureKey Technologies established Verified.Me, Canada’s leading digital identity network which helps verify consumers’ digital identity so they can access the services and products they want. With Hyperledger’s support, SecureKey has put user consent at the forefront and in control of when, why and with whom their personal information is being shared. This collaboration is critical to progressing the digital identity landscape in Canada and globally.

Join the conversation about blockchain-based identity technologies and solutions with #HyperledgerIdentity this month on social channels. Also, Hyperledger has an Identity Working Group that is open to all.

Cover image by vectambulist from Pixabay.

Mar 11

Love0

Combing IoT and DLT to Ensure the Safety of the World’s Vaccine Supply Chains

By everis UK Blockchain for Banking Practice, Emma Landriault & Dario Cerchiaro Blog, Healthcare, Hyperledger Fabric

In March 2020, the world was devastated by a global pandemic that fundamentally restructured the way we live and do business. Now, a year to date later, we are lucky to be at the point where multiple vaccines have been approved and administered to the public. Alas, vaccinating the global population against COVID-19 has proved to be one of the biggest challenges humanity has ever faced, both with unique distribution and logistical challenges.

To date, as per March 10th, there have currently been ~93.6 million vaccine doses administered in the US and 23.7 million administered in the UK¹.

At the moment, there are multiple different COVID-19 vaccines that have been authorized and recommended, with others in advanced stages of development. While they have all been developed with the same goal in mind, there are substantial differences between the jabs from their composition and reported effectiveness, to their price and ease of conservation, and distribution obligations. For instance, some vaccines are incredibly time and temperature-sensitive, requiring a life of 5-8 days only with temperatures as low as -75C, whereas others can be maintained stable for 30 days at a temperature between 2C and 8C. Needless to say, the logistics and operations of selling, storing, shipping, and administering each of these vaccines is incredibly time-consuming and overwhelmingly manual, only increasing the burden when one administrator must manage large purchase order quantities of two or more different Covid-19 vaccines.

With particular reference to the distribution of the vaccine, a few challenges must be noted. Namely

Demand Forecasting – What is the total quantity required for shipment
Supply Chain Management – How it should be sent to purchases and distributed once arrived to host countries
Quality Assurance – How and by whom it should be administered, and with what specific procedure to ensure appropriate provision
Monitor and Mitigation – How people who have received the vaccine should be monitored, particularly where potential collateral effects may rise

With these vaccines quickly coming to market, it is no surprise that governments and enterprises around the world are exploring solutions, such as vaccine credentials or digital immunization certificates, that can streamline the rollout of vaccines. Many of these solutions leverage combined emerging technologies such as artificial intelligence, machine learning, Internet of Things, and distributed ledger or blockchain technologies

The Powerful Combination of Internet of Things (IoT) and Distributed Ledger Technologies (DLT)

The combination of IoT and blockchain, in particular, opens the door for new systems that inherently reduce inefficiencies and increase transparency for all involved parties. Take a supply chain for example: the accessibility and geolocation functionality of IoT, paired with the accounting of blockchain and DLTs has created new systems that foster supply chain accountability and integrity unlike any before seen solutions. The coupling of these technologies allow an asset to be tracked from the moment the raw materials are mined and among every step of the supply chain until it is with the end consumer. Without leveraging various device intercommunication capabilities and a strong audit system such as the one perpetuated by DLT, this would be virtually impossible (without large-scale human intervention).

*An example of combined IoT, Cloud, and Hyperledger Fabric Solution Architecture(2)*

Everis and NTT Data have developed such a tool that combines IoT and Hyperledger Fabric, allowing users to track any type of virtualized asset such as bulk or trade item products, additives, packaging materials, logistic units, and more, from any device. The solution utilizes Hyperledger Fabric to ensure that corresponding transactions are stored and accounted for when reviewing the movement of the assets. This ensures data security, transparency, and an indisputable audit trail, while allowing for automation (via smart contracts), simplification due to a shared truth (ledger), increased security, and certification capabilities.

Future Applications of Blockchain/DLT in Covid-19 Vaccinations

As both Covid-19 vaccines and DLT+ IoT technology solutions remain in their infancy, only early implementations have been seen – as such, we can expect to see a variety of future applications that have not yet been pushed to production. This may include implementations to alleviate key pains including negotiations, logistics, and fraud prevention.

Supply Chain Integrity and Validity of Origin: Analysts project that Covid-19 vaccines will be the highest demand counterfeit drug on the black market for 2021³. Track and trace DLT networks with blockchain-based authenticity certificates could allow purchasers to ensure the origin of the vaccination and track the journey throughout an often global fragmented supply chain. We believe that leveraging IoT and a mature enterprise blockchain such as Hyperledger Fabric would create an accountability and tracking flow to benefit all parties, virtually removing the possibility of receiving fraudulent or counterfeit drugs. In this case, Hyperledger Fabric’s architecture and IoT could benefit the proposed solution as outlined below.

	Hyperledger Fabric(4)	IoT
Flexibility	The programmability of Hyperledger Fabric allows for the flexibility required to digitize complex supply chain operations. For example, trust assumptions for chaincodes are separated from trust assumptions for ordering, ensuring that ordering services can be provided by one set of nodes and tolerate some failure or misbehaviour, depending on the lenience in the business case at hand. It also allows for separate channels per company or shipment, and that endorses may be different for each chaincode, allowing for customization while maintaining privacy and security. In this use case, this is particularly relevant as the system design can be built to ensure end-to-end tracking where any (movement) data is logged or payments are made leaving no room for the entry of malicious actors.	IoT allows for multiple types of devices to communicate with one another achieved thanks to different IoT protocols such as Bluetooth, ZigBee, MQTT or CoAP. This ensures that sensors or equipment, from the time of production through to delivery, can communicate with devices of key stakeholders throughout the entire process, from the time of production through to delivery, adding a layer of reassurance for all parties. There is no room for counterfeit drugs to enter the value chain if tracking is end-to-end.
Confidentiality	There is a possibility to add confidentiality requirements to chaincodes, so that content and state of transactions can only be updated if requirements are met. This ensures that the strictest of confidentiality is ensured across the supply chain.	Confidentiality is often embedded in the design of IoT systems. In this use case, it would be key to ensure that the security and authentication measures only permit participants who have defined roles in the system which require the logging of data. As such, end purchasers can review the roles of all parties involved throughout the entire production and shipping process.
Consensus	The modular architecture allows for pluggable consensus, which provides an added level of customization. The endorsement policies can include checking the certificate details, roles of the requester, or executing chain code. This allows for originating companies to build a consensus mechanism that suits only their operational process and can remove any possibilities for counterfeit drugs to enter the value chain. It also retains a level of programmability and flexibility, which may be required to build a solution across multi-national vaccine supply chains.	With specific solution design and consented user permissions, there is no room for disruption across IoT devices or networks.

Cargo Storage Space: With temperature and time-sensitive lifecycles, the vaccines must be shipped in specific conditions. By tracking cargo ship storage space and corresponding vaccinations through asset tracking DLT networks, logistical burdens can be minimized.

Smart Contracts for Negotiations: To date, many governments around the world have found themselves susceptible to private battles with vaccination companies. With high global demand and few verified suppliers, private companies hold essentially all bargaining power. As seen in Canada, Italy, and other countries, this allows the companies to delay sending vaccinations even after payments have been made and force better conditions including import tax payment delays, among other critical legal disputes⁵. By leveraging a smart contract in the negotiation process, any room for intermediation is removed as they will be self-executing with previously agreed upon terms.

Ultimately, it is clear that there is a strong cause to leverage IoT and DLT technologies to ameliorate the current Covid-19 vaccination system, from logistics to temperature monitoring and negotiations. Though there are currently only a few systems in production, we can assume that the efficiencies brought forth perpetuate more use cases in the future.

Cover image by torstensimon from Pixabay.

Mar 04

Love0

Easing World Trade: Avanza Innovation, Hyperledger Fabric and Dubai’s Digital Silk Road

By Hyperledger Blog, Hyperledger Fabric

As part of Dubai 10X, an initiative to put Dubai 10 years ahead of other world cities in terms of technology, the Dubai Chamber of Commerce and Port Authority, called DP World, formed a joint team to develop the Digital Silk Road. This smart platform would aim to solve the global trading system’s key issues–high costs, low trust, and lack of transparency using blockchain technology.

The Digital Silk Road is a broad, multi-year initiative. It’s intended to be a one-stop digital trading platform, marketplace, and matchmaker for people seeking and providing trade services. The starting point was two projects that serve as the foundation for the Digital Silk Road: Unification of Trade Registration and Export Authorization.

In Dubai, registering to import or export even a single container of goods was neither smooth nor easy. In reality, it was a lengthy process that touched on many authorities.

First, a company needed to register for a trade license to operate in the country. To import or export, it also registered with DP World. Next it registered with Dubai Trade, Dubai Chamber of Commerce, and Dubai Customs. And if the trader ever updated anything? There would be gaps in the information among authorities.

For export, the process took even more steps. Exporters needed a Certificate of Origin, issued by Dubai Chamber. The exporter took the certificate and export declaration to DP World to gather documentation. Then to Dubai Customs to gather more documentation. All those documents would move from one organization to another until the goods finally left the country.

Dubai Chamber and DP World wanted to break ground on the Digital Silk by unifying trade registrations and replicate information across all the authorities. They also set a goal streamlining the exporting process and making it paperless. So they teamed up with Avanza Innovations on the Unification of Trade Registration and the Export Authorization projects, which went live in January 2020. Avanza built and deployed the projects on Hyperledger Fabric as it was a mature, tested blockchain platform that had demonstrated it could handle production-grade transactions

Now, with the Unification of Trade Registration, a company wanting to do business in Dubai can register once, through a secure, single-window interface. The data gets distributed across all government trade entities. And if the company needs to update any information, the new information is instantly shared by all.

Export Authorization tracks trade transactions, reduces transaction time, and enables secure, encrypted digital authentication. Seamless documentation sharing with relevant government entities happens through smart contracts. Compliance and regulatory checks happen throughout the process, which is completely paperless.

Hyperledger worked up with Avanza Innovation on a case study that covers blockchain’s role in Dubai’s ambitious technology plans, details the initial Digital Silk Road projects that are in production now, automating international trade, and previews future plans for the digital marketplace.

Read the full case study here.

Mar 02

Love0

Translating Hyperledger Fabric Documentation into Multiple Languages

By Hyperledger Fabric Documentation Working Group Blog, Hyperledger Fabric, Working Group

Since Hyperledger Fabric was first introduced in 2017, it has been embraced by the open source community, including both Fabric developers and Fabric contributors, from around the world. Today, Fabric networks are currently running in numerous countries. But 80% of the world’s population are non-English speakers. English-only Fabric documentation represents a barrier to adoption by the broader global community. What if the Fabric documentation was available in native languages to these non-English speakers? Blockchain networks could be deployed and shared more easily as the pool of Fabric users broadens to non-English speaking developers around the world.

Therefore, to spearhead further project adoption in the global community, Anthony O’Dowd launched an initiative in 2019 to begin translating the Fabric documentation into other languages to empower non-English speakers to use Fabric. It started with a small group of Chinese translators and spread to an academic institution in India where the Malayalam translation followed.

Anthony created a repeatable process to translate the documentation that allows translators from other languages to quickly on-board and get started. The process was published in the Fabric documentation Contributing Guide and includes resources and examples for how to start a new translation in GitHub as well as instructions for which topics to translate first and how to collaborate with other translators.

Today, Fabric is being translated today into six languages (Chinese, Japanese, Malayalam, Portuguese, Russian, Spanish), and we are excited to see what other languages people are interested in contributing to. See the existing translated content on the documentation home page, by clicking on the Introduction. Switch between languages by clicking on the version in the table of contents to view the other languages that are available and their translated content.

Translation of the Fabric documentation has benefited the broader community in many ways. Translators have acknowledged that the translation effort itself has been a great way to learn Fabric and,as they become familiar with the contributing process overall, provides the experience to not only contribute translations but also code or bug fixes. Translations now not only allowFabric developers to take advantage of the technology but also enable the general public to learn about the benefits of blockchain technology in their native language. When content is available in your native language, it encourages engagement, enables a stronger connection to the technology, and opens the door for even more companies to adopt Fabric technologies.

Get Involved with a New or Existing Translation Effort

But translation requires collaboration, so the Linux Foundation is launching the Fabric Documentation Translation Campaign to recruit and encourage new translators to join an existing effort or start a new language translation. To get involved with a translation, check out the available working groups or start your own. And you’re welcome to translate any of the material in the Hyperledger community that you would find useful to have in your own language.

Everyone has limited time, and the volume of content available for translation is large. However, the more people who step in to help just proof-read or contribute a small amount of translation, the greater the benefit for the entire community. Appreciation goes out to the following translators for their help in getting this community driven translation effort started: Satomi Tsujita, Yang Cheng, Junjie Zhou, Aneena Alexander, Renato Teixeira, Claudio Paz, and Oumar Fall. And we’d like to acknowledge other open source projects with active translation efforts such as Mozilla, Kubernetes, and Apache for a model of how to provide documentation in multiple languages. To get started visit www.hyperledger.org/translate or join a workgroup that has already started translations in your language. See International groups on the Wiki for a list of available groups or start your own.

Feb 17

Love1

Full decentralization of Hyperledger Fabric through embedded IoT solutions

By Gary Xu, aitos.io and María Teresa Nieto, Telefónica Blog, Hyperledger Fabric, Hyperledger Labs

Almost a year ago, Telefónica brought TrustID to Hyperledger Labs as an open source project. Telefónica initiated development of TrustID to ease the management of identities across several blockchain networks. The initial idea of TrustID was to decouple the issuance of identities from their consumption and allow users to operate in some networks with credentials issued in others. In this manner, users shouldn’t need to hold a different set of credentials for each network or decentralized application they interact with.

Furthermore, TrustID provides the opportunity to decentralize identity in Hyperledger Fabric. When you deploy a blockchain network using TrustID, identities are organization locking and, therefore, they are centralized on the Certificate Authorities (CAs) that have issued them. Inside the network, several CAs can co-exist, but easy onboarding of new organizations is an unsolved problem that makes it very hard for the network to grow organically as new partners join. Initially, TrustID, as a first approach, solves this restriction of the identity management in Hyperledger Fabric. Furthermore it brings to this technology the chance to really enable a custom decentralized identity management.

As you scale up a deployment, adding many different organizations from different origins, many without trust relationships between them, this identity issue becomes much more serious and limiting between them. However, shifting to decentralized identity management ensures that a network is not dependent on the companies that are part of the solution, making it more resilient in the face of change and growth.

A clear example where we can appreciate these characteristics is the case of the IoT world. Use cases often include companies providing monitoring services with IoT devices, operators offering the communication network, and owners of the devices looking to apply the benefits of this technology to their blockchain-based traceability projects.

The identity management in IoT is a complex scenario that involves the provisioning of certificates in the device and the need to have a public key infrastructure. This process must be accomplished in a secure way, verifying the software in the factory. Once provisioned, the device is able to use its certificate to sign communications with the aim of demonstrating its identity.

However, it’s also known that sometimes the devices are limited in performance or storage. For example, they could be designed to write once in their memory in all their useful life so, if we need to change an identity because the blockchain network has changed, the device could be useless for a blockchain use case.

On the opposite, when the devices can write in their memory many times, the process of updating the firmware or any information stored on it securely is also a hard process. So, at the end, it’s a requirement to have a flexible management of the keys stored at first instance, which, thanks to TrustID, is possible.

Recently, aitos.io and Telefónica have collaborated on a PoC to integrate IoT technology with Telefónica’s TrustOS product. The goal was to use blockchain technology to perform interactions from the device to the ledger, provisioning the identity and the keys associated directly on the device.

aitos.io developed its blockchain application framework, named BoAT (Blockchain of AI Things), which is an IoT-device-oriented C-language client library for blockchain services, to enable IoT devices to access blockchain. In this PoC, BoAT running in a Fibocom FG150, a 5G blockchain module, helps a FG150-based IoT device access TrustOS services directly. So, as a result, it has been possible to create signed transactions on the device in order to be stored in the TrustOS platform, which is based on Hyperledger Fabric, without any intermediary.

The device manufacturer could register every device onto the TrustID service of TrustOS and write the unique DID allocated by TrustID into the device. When the device is powered on and connected to the network for the first time, BoAT, in the device, imports the device into TrustOS by signing its DID in a JSON Web Signature (JWS) message. In this way, the device, and not the application, is the custodian of the private keys that would be used to sign transactions.

BoAT also provisions the IoT device asset, as a digital twin, on the TrustOS Track service that offers all the traceability functionalities in order to give full transparency of the physical device. Then, the device comprising the BoAT-enabled 5G blockchain module can send periodic updates on its status (e.g., vehicle speed, heading, etc.) to TrustOS by composing additional JWS messages. All of this generates the possibility of offering, in a transparent way, the traceability of the data generated by the device.

In deployments with integrated BoAT technology, all the data the IoT device captures could be directly sent to TrustOS with a cryptographically verifiable DID identifying their origin. That is, not only the data integrity is assured by the Hyperledger Fabric blockchain under TrustOS but also the data provenance can be identified by TrustID. Tampered-resistant IoT data with identifiable origin builds a great value for the industry.

From the point of view of TrustOS, thanks to the implementation of the machine-to-machine interaction and how TrustID manages the authentication and access to the system, it’s possible to avoid unauthorized tampering or unexpected updates. As a result, it adds extra trustworthiness-proof beyond the standard KPI.

Cover image by Pete Linforth from Pixabay.