Demo: Infrastructure for Managing, Sharing, and Utilizing Sensitive Data using Hyperledger Fabric Private Chaincode Running on Microsoft Azure

© Hitachi, Ltd. 2022. All rights reserved.
● Demo:
Infrastructure for Managing, Sharing, and Utilizing Sensitive Data using
Hyperledger Fabric Private Chaincode Running on Microsoft Azure
Hitachi, Ltd. / Research and Development Group
Monday, September 12, 2022. • 14:40 - 14:55
Koshi IKEGAWA
#HyperledgerForum @koshi_ikegawa

1. Background and Introduction
2. Motivation
3. Demonstration
4. Summary
Contents
1

2
1. Background and Introduction

3
Data Free Flow with Trust (DFFT) is a top priority for the new economy,
according to the World Economic Forum 2019
❚ Blockchain is expected to be used as a means to realize DFFT
u A feature of blockchains is that transactions and data contents are shared and written to a
ledger by all participating organizations.
❚ There are open data that can be shared by all organizations, and there are sensitive
data that needs to be controlled to whom it is shared.
u Such as medical data, personal information, etc...
❚ When handling sensitive data, privacy protection is required by laws
u Such as “the Act on the Protection of Personal Information (Japan)”, “GDPR (EU)”, and etc...
Background | Data Free Flow with Trust (DFFT)

4
Fabric Private Chaincode (FPC) enables the execution of chaincodes
using Trusted Execution Environment (TEE) for Fabric
❚ protect the privacy of chaincode data and computation from potentially untrusted
peers.
❚ allows to write chaincode applications where the data is encrypted on the ledger and
can only be accessed in clear by authorized parties.
Fabric Private Chaincode (FPC)
BC
Network
Org 2 (Trusted)
Peer TEE
Encrypted
Ledger
Encrypted
State DB
Private
Chaincode Org 3 (Untrusted)
Peer
Client
TEE
Encrypted
Ledger
Encrypted
State DB
Private
Chaincode
Org 1 (Trusted)
Peer TEE
Encrypted
Ledger
Encrypted
State DB
Private
Chaincode
Client Client
Decrypt and return data if requested
by a trusted organization
Return only error if requested by
an untrusted organization.

5
TEE is a security feature that prevents external attacks by executing
programs in an area called an enclave that is isolated from the OS
❚ Technology to create Enclave in memory as a function of CPU
u Intel Software Guard Extensions (SGX)
u ARM TrustZone, etc....
❚ Technology that makes the VMs itself an Enclave.
u Intel Trusted Domain Extensions (TDX)
u AMD Secure Encrypted Virtualization (SEV)
u AWS NitroEnclave, etc...
Fabric Private Chaincode (FPC) implementation uses Intel SGX
Trusted Execution Environment (TEE)

6
Intel SGX [1] is Hardware security function enhancements in Intel CPUs
❚ Intel SGX
u is an Intel CPU feature that creates an encrypted area called an Enclave in RAM
u loads programs and data into Enclave, allowing programs to be executed while protecting
sensitive data
Intel SGX
RAM
Intel CPU
Enclave
OS
Create
Enclave
SGX
Calculation
Sensitive
Data
This figure is based on [2].
1. Intel® Software Guard Extensions (Intel® SGX). URL: https://www.intel.co.jp/content/www/jp/ja/architecture-and-technology/software-guard-extensions.html
2. Intel SGX入門 - SGX基礎知識編 (in Japanese). URL: https://qiita.com/Cliffford/items/2f155f40a1c3eec288cf

7
By using virtual machines created using “infrastructure as a service
(IaaS)”, there is no need to prepare or manage your own hardware.
❚ Only a few IaaS offering VMs with Intel SGX that can use FPC
u Microsoft Azure can create virtual machines (DCsv2 series) with Intel SGX
Why use Microsoft Azure for running FPC?
Azure AWS GCP IBM Cloud
CPU Level TEE Intel SGX - -
Intel SGX
(only metal server)
VM Level TEE - NitroEnclave Confidential VM -

8
2. Motivation

9
Infrastructure for managing, sharing, and utilizing genome data in multiple orgs
❚ Raw genome data must not be passed on to other organizations because the data is sensitive data
❚ Analyze the data on the processor of the data owner org and pass only the results to other orgs
Our use case
Patients
Fabric BC
Network
Org 1
Peer
User (Doctor)
Data
Analyzer
Chaincode
Client
State DB
Ledger
Genome
Data
Storage
Org N
Org 2
Peer
User (Doctor)
Ledger
Data
Analyzer
Chaincode
Client
State DB Genome
Data
Storage
store load
write result
request
result
request
result
State DB
Chaincode
Ledger

10
The unrelated organization (Org N) can access the details of the
transactions of Org 1 and Org 2.
Problem
Patients
Fabric BC
Network
Org 1
Peer
User (Doctor)
Data
Analyzer
Chaincode
Client
State DB
Ledger
Genome
Data
Storage
Org N (Unrelated)
Org 2
Peer
User (Doctor)
Ledger
Data
Analyzer
Chaincode
Client
State DB Genome
Data
Storage
store load
write result
request
result
request
result
State DB
Chaincode
Ledger
request
result

11
Keep transactions and data exchange secret from unrelated orgs using
Fabric Private Chaincode
Motivation
Patients
Fabric BC
Network
Org 2
Peer
User (Doctor)
Client
State DB
Ledger
Org 1
Peer
User (Doctor)
Client
State DB
Ledger
FPC
Private
Chaincode
FPC
Private
Chaincode
Org N (Unrelated)
State DB
Private
Chaincode
Ledger
Data
Analyzer
Genome
Data
Storage
Data
Analyzer
Genome
Data
Storage

12
3. Demonstration

13
❚ Explain our demo system architecture
u Building a demo system for data management, sharing, and utilization involving two
organizations on Azure VM
❚ Explain our chaincode installed in the system and client program in the order
of the following scenarios
u 1. Store data in data storage and metadate in ledger
u 2. Search genome data
u 3. Request for permission to use genome data
u 4. Approve the request
u 5. Request for analysis of genome data
u 6. Execute the analysis of data and write the result
Overview of demonstration

14
Microsoft Azure DC2s Virtual Machine
❚ Location: East US (only East US location can create DC2s series VMs)
❚ Size: Standard DC2s v2 (2 vcpus, 8 GiB memory)
❚ OS: Ubuntu Server 20.04 LTS - Gen2
❚ Disk: 128GiB Fabric BC
Network
Org 1
FPC
Demo system architecture
User (Doctor)
Chaincode
container
Peer
container
Data
Analyzer
Data
Storage
Orderer
Orderer
container
FPC logic
container
(e.g., ercc)
Client
container
Chaincode
Client
State DB
Ledger
Org 2
FPC
User (Doctor)
Chaincode
container
Peer
container
Data
Analyzer
Data
Storage
FPC logic
container
(e.g., ercc)
Client
container
Chaincode
Client
State DB
Ledger

15
Fabric BC
Network
Simplified overview of the demo system
Org 2
Peer
User (Doctor)
Data
Analyzer
Private
Chaincode
Client
State DB
Ledger
Data
Storage
Org 1
Peer
User (Doctor)
Data
Analyzer
Private
Chaincode
Client
State DB
Ledger
Data
Storage
State DB: for genome meta data catalog
Key Owner Patient Consent Meta Data
State DB: for data access permission management
Key Request Permission
State DB: for task management
Key Requester Task Result
Private Chaincode:
• set/get genome meta data
• request/approve data access permission
• request/approve task execution
Client Program:
• Invoke/Query chaincode functions
• Store genome data to storage
• Order analysis of genome data

16
Demo | 1. Store data in data storage and metadate in ledger
Org 2
Peer
User (Doctor)
Data
Analyzer
Private
Chaincode
Client
State DB
Ledger
Data
Storage
Org 1
Peer
User (Doctor)
Data
Analyzer
Private
Chaincode
Client
State DB
Ledger
Data
Storage
①Store raw genome data
②Invoke: set_data()
Client:
① Store raw genome data to data storage
② Invoke set_data function of chaincode
• Write genome meta data
Chaincode: set_data()
• Get owner information (MSPID)
• Write MSPID, patient consent, and meta data into ledger
Key Owner Patient Consent Other Meta Data
001 Org1MSP Agree Hash Value, Other Info

17
Demo | 2. Search genome data
Org 2
Peer
User (Doctor)
Data
Analyzer
Private
Chaincode
Client
State DB
Ledger
Data
Storage
Org 1
Peer
User (Doctor)
Data
Analyzer
Private
Chaincode
Client
State DB
Ledger
Data
Storage
①Query: get_data
Client:
① Query get_data function of chaincode
• Search for the data you want to utilize
Chaincode: get_data()
• Read genome metadata
• Search for the data
• Returns a list of metadata to which the patients agrees

18
Demo | 3. Request for permission to use genome data
Org 2
Peer
User (Doctor)
Data
Analyzer
Client
State DB
Ledger
Data
Storage
Org 1
Peer
User (Doctor)
Data
Analyzer
Client
State DB
Ledger
Data
Storage
①Invoke: request_permission
Client:
① Invoke request_permission function of chaincode
Chaincode: request_permission()
• Get Requester information (MSPID=Org2MSP)
• Write Requester MSPID into ledger
001 Org2MSP
Private
Chaincode
Private
Chaincode

19
Demo | 4. Approve the request
Org 2
Peer
User (Doctor)
Data
Analyzer
Client
State DB
Ledger
Data
Storage
Org 1
Peer
User (Doctor)
Data
Analyzer
Client
State DB
Ledger
Data
Storage
①Invoke: Approve_permission
Client:
① Invoke approve_permission function of chaincode
Chaincode: approve_permission()
• Get approver information (MSPID=Org1MSP)
• Check that the approver MSPID and the data owner
MSPID are equal
• Approve request
• Write Permission user MSPID into ledger
• Remove Requester user MSPID
001 (Removed) Org2MSP
Private
Chaincode
Private
Chaincode

20
Demo | 5. Request for analysis of genome data
Org 2
Peer
User (Doctor)
Data
Analyzer
Client
State DB
Ledger
Data
Storage
Org 1
Peer
User (Doctor)
Data
Analyzer
Client
State DB
Ledger
Data
Storage
①Invoke: request_task
Client:
① Invoke request_task function of chaincode
Chaincode: request_task()
• Write Requester MSPID and Analysis conditions into
ledger
001 (Empty) Org2MSP
001 Org2MSP Analysis conditions
Private
Chaincode
Private
Chaincode

21
Demo | 6. Execute the analysis of data and write the result
Org 2
Peer
User (Doctor)
Data
Analyzer
Client
State DB
Ledger
Data
Storage
Org 1
Peer
User (Doctor)
Data
Analyzer
Client
State DB
Ledger
Data
Storage
④Invoke: result
③Analyze task
Client:
① Query the request and order execution.
④ Invoke write_result function of chaincode
Chaincode: write_result()
• Check the data owner MSPID and above MSPID are equal
• Write Analysis Result into ledger
②Load genome data
①Order Execution
001 (Empty) Org2MSP
001 Org2MSP Analysis conditions Analysis Result
Data Analyzer:
② Load genome data
③ Analyze task
Private
Chaincode
Private
Chaincode

22
4. Summary

23
❚ Background and Introduction
u explained some background on the market needs
u explained introduction that includes what we are doing with FPC
❚ Motivation
u explained the motivation for this demonstration
❚ Demonstration
u explained our demo system architecture
u explained our chaincode and client installed in the system
Summary

24
Special Thanks to...
❚ All Hyperledger Fabric Private Chaincode community members!!!
u Many thanks to the following people for their advice!!
l Marcus Brandenburger @mbrandenburger
l Bruno Vavala @bvavala
l @munapower
Acknowledgement

25
❚ Hyperledger, Hyperledger Fabric, and Hyperledger logs and any related marks are
trademarks of the Linux Foundation or Hyperledger Foundation
❚ Intel, Intel SGX and Intel logs and any related marks are trademarks of the Intel
Corp.
❚ Other brand names and product names used in this material are trademarks,
registered trademarks, or trade names of their respective holders.
Trademarks

Demo: Infrastructure for Managing, Sharing, and Utilizing Sensitive Data using Hyperledger Fabric Private Chaincode Running on Microsoft Azure

Demo: Infrastructure for Managing, Sharing, and Utilizing Sensitive Data using Hyperledger Fabric Private Chaincode Running on Microsoft Azure

Recommended

Recommended

More Related Content

Similar to Demo: Infrastructure for Managing, Sharing, and Utilizing Sensitive Data using Hyperledger Fabric Private Chaincode Running on Microsoft Azure

Similar to Demo: Infrastructure for Managing, Sharing, and Utilizing Sensitive Data using Hyperledger Fabric Private Chaincode Running on Microsoft Azure (20)

Recently uploaded

Recently uploaded (20)

Demo: Infrastructure for Managing, Sharing, and Utilizing Sensitive Data using Hyperledger Fabric Private Chaincode Running on Microsoft Azure