Abstract
In this paper, we take a closer look at the attack surface of permissioned blockchains by focusing on Hyperledger Fabric and present scenarios where the assumptions of trust could lead to possible attacks on an organization’s ledger. We systematically examine each participant and treating it as a malicious entity look at the attacks possible on the system as a whole. With the global shift in adopting blockchains as vehicles of trust, a collection of such scenarios would be useful to organizations using Fabric to implement their own Distributed Ledger Technologies (DLT), as it would highlight the possible misuse cases of the platform. It would also help fellow researchers by presenting a primitive idea of the possible attacks and promote further research in preventing them.
The first author carried would like to thank Robert Bosch Engineering & Business Solutions Pvt. Ltd. (RBEI/ESY), Bangalore, where he was a summer intern when this work was carried out.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Apache CouchDB. http://couchdb.apache.org/
Sybil Attack. https://en.wikipedia.org/wiki/Sybil_attack
Open Blockchain (2016). https://developer.ibm.com/open/projects/open-blockchain/
Androulaki, E., et al.: Hyperledger fabric: a distributed operating system for permissioned blockchains. In: EuroSys, pp. 30:1–30:15. ACM (2018)
Avan-Nomayo, O.: Iran developing national blockchain platform on hyperledger fabric (2019). https://cointelegraph.com/news/iran-developing-national-blockchain-platform-on-ibm-hyperledger-fabric
Back, A.: Blockstream (2014). https://blockstream.com/
del Castillo, M.: Blockchain 50: billion dollar babies (2019). https://www.forbes.com/sites/michaeldelcastillo/2019/04/16/blockchain-50-billion-dollar-babies/#39a73cc657cc
Hyperledger: Hyperledger.org. https://www.hyperledger.org/
Intel: Sawtooth (2016). https://www.hyperledger.org/projects/sawtooth
Kfir, S., Rooz, Y., Saraniecki, E.: Digital asset (2014). https://digitalasset.com/
Li, Z., Lu, S., Myagmar, S., Zhou, Y.: CP-Miner: finding copy-paste and related bugs in large-scale software code. IEEE Trans. Softw. Eng. 32(3), 176–192 (2006)
Marlinspike, M.: sslstrip. https://moxie.org/software/sslstrip/
Potter, J.: The unfortunate rise of permissioned blockchains (2018). https://blog.xtrabytes.global/technology/the-unfortunate-rise-of-permission-blockchains/
Riedesel, S., Hakimian, P., Buyens, K., Biehn, T.: Tineola: taking a bite out of enterprise blockchain (2018). https://github.com/tineola/tineola/raw/master/docs/TineolaWhitepaper.pdf
Sanders, C.: SSL stripping. http://techgenix.com/understanding-man-in-the-middle-attacks-arp-part4/
Sarai, A.: Bugzilla bug report: CVE-2018-15664. https://bugzilla.redhat.com/show_bug.cgi?id=1714722 (2019)
Torvalds, L.: The Linux foundation. https://www.linuxfoundation.org/
Vukolić, M.: The quest for scalable blockchain fabric: proof-of-work vs. BFT replication. In: Camenisch, J., Kesdoğan, D. (eds.) iNetSec 2015. LNCS, vol. 9591, pp. 112–125. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39028-4_9
Wei, J., Pu, C.: TOCTTOU vulnerabilities in UNIX-style file systems: an anatomical study. In: FAST. USENIX (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Dabholkar, A., Saraswat, V. (2019). Ripping the Fabric: Attacks and Mitigations on Hyperledger Fabric. In: Shankar Sriram, V., Subramaniyaswamy, V., Sasikaladevi, N., Zhang, L., Batten, L., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2019. Communications in Computer and Information Science, vol 1116. Springer, Singapore. https://doi.org/10.1007/978-981-15-0871-4_24
Download citation
DOI: https://doi.org/10.1007/978-981-15-0871-4_24
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0870-7
Online ISBN: 978-981-15-0871-4
eBook Packages: Computer ScienceComputer Science (R0)