Blockchain & Security in Oracle by Emmanuel Abiodun

Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Blockchain & Security
Emmanuel Abiodun
Blockchain Architect
Oracle Cloud
October 2018
emmanuel.abiodun@oracle.com
www.linkedin.com/in/emmanuel-abiodun/
Nov 2018

Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, timing, and pricing of any
features or functionality described for Oracle’s products may change and remains at the
sole discretion of Oracle Corporation.
Confidential – Oracle Internal/Restricted/Highly Restricted

Program Agenda
Introduction to Oracle Blockchain Cloud Service
State Database Enhancements
Smart Contract Design Best Practices
Some Security Considerations
Q&A
1
2
3
4
5
Confidential – Oracle Internal/Restricted/Highly Restricted 4

Pre-Assembled
Enterprise-Grade
Managed
Plug and Play Integrations
Open
Oracle Blockchain Cloud Service
5
ORACLE
BLOCKCHAIN
CLOUD SERVICE
Oracle’s
Experience and
Expertise

Oracle Blockchain Cloud Platform
6
Container
services
Identity
Management
Services
Events Management
Services
Data
Services
ORACLE CLOUD INFRASTRUCTURE and PAAS SERVICES
ON PREMISES APPS
CONSENSUS
Validates transactions before adding to chain
SMART CONTRACTS
Business logic based on agreements
DISTRIBUTED LEDGER
Whole state data and its history
CONFIDENTIALITY
Permissioned blockchain with private channels
REST API / SDKs for Go, Java, and Javascript
ORACLE BLOCKCHAIN PLATFORM
Hyperledger
Fabric Peers
in Customer
Datacenters or
3rd Party Clouds
External
Members
SCMERP HCM CX
ORACLE SAAS
CRM
OPEN SOURCE HYPERLEDGER FABRIC
3rd Party
SaaS
Custom
Cloud Apps
*
Managed PaaS

Built on Hyperledger Fabric
• Clients submit transactions for endorsement to peers
• Peers call smart contracts aka chaincode to simulate/endorse transactions
• Client submits endorsed transaction to ordering service
• Peers validate and commit transactions
– Verify policies met and versions for multi-version concurrency control (MVCC)
• World state database is a key/value store
– Get by key, key range, or partial composite key
– Optional databases provide rich queries that can query based upon values

Hyperledger Fabric Transaction Flow
Client Application
Fabric SDK
Keys
Membership Service
Peers
Endorser
Simulates TX
World
State
Committer
Applies changes
Ordering Service
Certificate
Authority
4.0 - Deliver TX Batch
Validate Signatures
and Authorization
Orders TXs into
batches
according to
consensus3.0 - Submit Endorsed TX
Includes RWset and endorser
signatures
Ledger
5.0 – Writes ledger block
5.1 - Updates State
Oracle Confidential – Under NDA
6.0 – Commit Notification
Smart Contract
(Chaincode)

Oracle State Database Enhancements
• Default state database in Hyperledger Fabric is LevelDB
• Optional database supporting rich queries CouchDB – extremely slow
• Neither supports isolation, snapshots, or local transactions
• Fabric read locks the database for read access during endorsement
• Fabric write locks the database for exclusive access during commitment
• Result: Endorsement and commitment cannot overlap
Hyperledger Fabric

Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 10
State Based Enhancements

Oracle State Database Enhancements
• OBCS uses Berkeley Database (BDB) for state database which supports local
transactions and isolation
• SQL layer on top of BDB for rich queries
• Replace database locking with a transaction manager using local txn
• Allows endorsement and commitment to execute in parallel
• Supports SQL SELECT statements and CouchDB queries in rich queries

Smart Contract Design Best
Practices

OABCS Application Design Best Practices
• Start small
• Keep it simple
• Not everything belongs on a ledger
• Workflow is best done in the application, not smart contracts
• L10N I18N
• Pull instead of push
• Determine who you trust and how much you trust them

Not Everything Belongs on the Ledger
• Blockchains replicate the ledger – potentially many copies
• For large objects, this dramatically increases storage requirements
• Store what’s absolutely needed and must be shared
• Large objects or PII should be stored off-chain if possible
– Store them elsewhere
– Place hash of object on the ledger as proof
– Mediate off-chain storage access via the blockchain

Workflow in the Application, not Smart Contracts
• Ledger records the transactions
• Workflow such as multi-step processes best left to external tools
• Examples:
– Voting to add new member to blockchain network
• the state of the votes is maintained on blockchain
• Acting on the vote is a workflow issue
• Use events to move workflow forward

Who Do You Trust and How Much Do You Trust Them?
• This determines many design decisions such as:
• Endorsement policies – who needs to validate transactions
• How confidential is the data?
– Peers running outside Oracle cloud can snoop data
– By default, any user can read ledger

Agenda
Introduction to Blockchain and Smart Contracts
CargoSmart
OABCS Application Design Best Practices
Hyperledger Fabric Smart Contract best practices
Summary and Q&A
1
2
3
4
5

Hyperledger Fabric Smart Contracts
• Smart contracts provide the cross organization business logic
• Similar to stored procedures
• Executed multiple times
• Only thing that update world state
• Written in Go, Node.js, and Java

Smart Contract Mandatory Practice
• Deterministic!
– Do NOT generate guids, random numbers,…
– Do NOT try to the get the time
• If needed have client pass in:
– guids, random numbers, timestamps,…
– Data from external systems
• Watch for timeouts
Better than best practices

Avoid Data Hot Spots or Global Keys
• Keys that are read and written frequently
– Sequence number
– Totals
• Likely cause invalidation errors
– Especially for larger block sizes
• Higher likelihood for MVCC errors
– Transactions have to be retried
Performance

World State Access
• Watch for phantom reads
– Standard Fabric rich queries don’t affect RWset
– OBCS rich queries are re-executed at validation time
• Create indexes for rich queries
• Using OBCS
– Use rich queries instead of composite keys
– Push summaries, calculations, etc., down to database
• Average number of marbles owned

Avoid Off Chain Access
• Avoid network connections/interactions if possible!
– Potential source of non-determinism
• Off chain data
– Let client provide the data
– Store hash in ledger as proof
• Off chain applications
– Oracles are fine

Push vs Pull
• Push – smart contract pushes data
– Smart contract updating an external application
– But will be called multiple times – once for each endorsement
• Pull – application pulls data
– External application calls smart contract to put data
– Can maintain queue in world state
– Use a chaincode event to trigger
– Receiving application pulls the data from the blockchain

Circuit Breakers
• Emergency stop
• Essentially denies all executions until reset
• Commonly used to deal with serious bugs or security issues
• Controlled by limited parties, e.g. admins

Side DB
Peer3
Chaincode State
hash(k1), hash(secret value)
Private State
k1, secret value
Channel 1
Peers in collection
Peer2
Peers not in collection
Gossip
Chaincode State
Private State
k1, secret value
Chaincode State
Peer1
Endorsing
Committing
Endorsing
Committing
Committing
only
Private state among subset of peers

Some Security Considerations

Privacy and Confidentiality
• Only put what’s necessary on the ledger!
• All peers get a copy, consider where peers run
• Encrypt data or store sensitive data off chain
• Choose strong encryption – quantum computing is coming
• Use side database feature of Fabric
– Only specific peers get private data, hash of key/value recorded in ledger
• Soon: Anonymous Authentication and Zero-Knowledge Asset Transfer

Privacy and Confidentiality
• Normally any authorized user has access to ledger
• Use Fabric fine grained access control
– Prohibit or limit access to query system chaincode and events
– Only allow access via invoking smart contracts
• Implement fine grained access control in chaincode
– Take control of who has access to what
– Maintain the access information in chaincode
– Field level access control, attribute access control
• Use transient data to pass in data to be excluded from the ledger
Keep prying eyes out

Security
• Use static analysis tools
• Use SSL/TLS to protect communication
• Check everything!
– all needed arguments
– Injection attacks
– Verify identity

Security
• Docker isolation is not enough
• Kata containers use in multi-tenancy
• Ensure customer can harm only himself
• Careful with platform / env secrets

Questions?

Blockchain & Security in Oracle by Emmanuel Abiodun

More Related Content

What's hot (20)

Similar to Blockchain & Security in Oracle by Emmanuel Abiodun (20)

More from Vishwas Manral (7)

Recently uploaded (20)

Blockchain & Security in Oracle by Emmanuel Abiodun

Editor's Notes