Combining Multiple ID’s, Attributes, and Policies to Provide Secure Access Control within Hyperledger Fabric Blockchain Networks

Bachelor thesis (2022)

Authors

D.A. Gordijn Electrical Engineering, Mathematics and Computer Science

Contributors

K. Liang Cyber Security - (supervisor 1)

R.G. Kromes Cyber Security - (supervisor 1)

D.M.J. Tax Pattern Recognition and Bioinformatics - (supervisor 2)

Faculty

Electrical Engineering, Mathematics and Computer Science

Hyperledger Fabric Access Control Blockchain

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:0687b37f-ccca-4459-9c32-9f9f3ba12816

Published Date

23-06-2022

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Blockchain technologies allow users to securely store and trace their data on a fully decentralized system, and have the potential to make a huge impact on many industries. While traditional, permissionless blockchains such as Bitcoin, Ethereum, and Cardano are very popular, they are currently unable to provide trust and privacy on the network. To solve these issues, many new, permissioned blockchain technologies have been implemented, including Hyperledger Fabric. Although Hyperledger Fabric has proven to be highly successful in providing trust and privacy through the use of identities, channels, and private data collections, one of its major drawbacks is the lack of a flexible and scalable access control system. Currently, access control decisions have to be built into each smart contract individually, which can cause many vulnerabilities and prevent access policies to be updated dynamically.

This research aims to answer the research question “How can secure access control in Hyperledger Fabric be guaranteed by combining multiple ID’s, attributes, and policies with the components that regulate access control?”. To answer this question, the access control system currently used by Hyperledger Fabric is first completely analyzed. Next, a new implementation is proposed that builds upon the existing solution but provides users and developers with easier ways to make access control decisions based on combinations of multiple ID's, attributes, and policies. This solution is then implemented using the smart contract technology of Hyperledger Fabric, which allows it to easily be deployed to existing Hyperledger Fabric networks. Finally, the performance impact of this proposed implementation is analyzed, and new areas of research are proposed that can potentially be explored in future papers.

At the end of this research, it was concluded that it is possible to combine multiple ID's, attributes, and policies with the help of Hyperledger Fabric's smart contract technology. Furthermore, it could be seen that the performance impact for real-world applications is negligible compared to the insecure case of always providing access to a resource without performing access control.

Files

Final_Paper_8.pdf

(.pdf | 1.43 Mb)