Sorry, you need to enable JavaScript to visit this website.

Making Your Blockchain Solution Ultra-Secure with Trusted Execution Environments

Making Your Blockchain Solution Ultra-Secure with Trusted Execution Environments
August 18, 2021

Overview of Blockchain

Blockchain has revolutionized transactions through cryptocurrency by removing the need for a trusted third party to conduct transactions among untrusted parties. With the use of blockchain, the trust was established with the use of technology and without needing any trusted third party to mediate the transactions. These blockchains were public blockchains, which allowed anyone to join the network and further strengthen the trust by way of mathematical computations. On a high level, blockchain solutions are classified based on following parameters:

  • Private  or public
  • Permissioned or permission-less

In this blog post, we will consider the private permissioned blockchain powered by Hyperledger Fabric, which is a part of the Linux Foundation.

Hyperledger Fabric Blockchain

Hyperledger Fabric has recorded many success stories and has grabbed a majority share in the private permissioned blockchain space. Hyperledger Fabric allows for greater transparency by way of a shared ledger, while allowing for required privacy levels. Blockchain’s inbuilt encryptions ensure that the data at rest is highly secured and tampering becomes very difficult and unviable for the attackers.

Hyperledger Fabric allows for greater transparency by way of a shared ledger, while allowing for required privacy levels.

However, despite the highly secured nature of the blockchain solution, the data-in-use for a node is still vulnerable if the hardware where that node is hosted is compromised. In this case, the read-write sets which are used for providing consensus can be accessed and leaked by a Trojan or malware.

Protecting Data-in-Use

There are various options available to secure the data-in-use such as homomorphic encryptions but their practical implementation in specific scenarios makes them less viable. The other alternative is hardware- based trusted execution environments. These are also referred to as confidential computing. We will now look at how a Trusted Execution Environment (TEE)  powered by Intel SGX can protect the data-in-use and if it can be a viable solution for its protection.

Trusted Execution Environment

A trusted execution environment provides for a secure enclave for data within which cannot be accessed by programs outside the enclave. This ensures the security up to the point that it cannot be compromised by either software or hardware attacks. A TEE, as provided by Intel SGX, works on the assumption that the host is malicious and then computes how it can safeguard your data. To validate the integrity of the enclave, Intel SGX provides for the attestation of the TEE to confirm that it is up to date in terms of security configurations. It not only secures the data but the code as well.

Hyperledger Fabric with TEE/Confidential Computing

Together with TEE, Hyperledger Fabric provides the following advantages:

  • Tightens the privacy measures over Hyperledger Fabric-shared ledgers
  • If required, fine-grained access control can be implemented over shared data
  • It can be configured to ensure that the user can only read their own data
  • The data can be validated using confidential computing
  • Nodes act as access points to read/write data on the ledger for the subscribers
  • Nodes cannot see the user request but can provide consensus when needed without knowing about the transaction details
  • User is not limited by one node to access the ledger. Nodes can, thus, monetize the access request and charge on a per request basis, as users are not bound to any particular node

This can be further explained by way of the following illustration:

Confidential

Figure 1: Confidential Computing via the Hyperledger Fabric Network

As explained in the illustration above, actors can connect to the Fabric network from any node to access the shared blockchain ledger. At the same time, they can use Intel SGX technology to securely execute transactions without disclosing any details, even with the nodes they use to execute the transaction.

Sample Use Cases

This solution allows for a wide variety of use cases that can be implemented with ease and trust such as:

  • Fabric-based user account wallets: Creating user wallets which secure the information on the shared ledger but, at the same time, allow full control to the user using their public-private key encryption
  • Tokenization: Creating, issuing, and trading tokens over the platform while keeping the data always encrypted outside of enclave using pair-wise keys
  • Machine learning integrations: Blockchain enables trust between parties without the need for third-party trust establishers/mediators. This trust defines that data once recorded on the ledger cannot be manipulated by malicious parties. However, this trust is limited to the data/content that the user has submitted. The machine learning code or algorithms which are part of the smart contract are exposed, which may be a challenge if it had been a strongly kept secret or proprietary code that could not be shared. With the use of a trusted enclave, blockchain can integrate with the machine learning code and expand its reach to such use cases where not just the data but the code/algorithm are also protected.

Conclusion

Blockchain provides trust in recorded data/ledgers while confidential computing or TEE provides the same for the machine learning code/algorithm and the data to remain secure (out of reach) from the hardware provider as well. Together, they provide for a highly secure transaction processing and management system, as highly restricted code/algorithm can be made accessible by way of trusted enclaves and their outputs can be recorded on blockchain for provenance.