Ripping the Fabric: Attacks and Mitigations on Hyperledger Fabric

Dabholkar, Ahaan; Saraswat, Vishal

doi:10.1007/978-981-15-0871-4_24

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1116))

Included in the following conference series:

International Conference on Applications and Techniques in Information Security

950 Accesses
19 Citations

Abstract

In this paper, we take a closer look at the attack surface of permissioned blockchains by focusing on Hyperledger Fabric and present scenarios where the assumptions of trust could lead to possible attacks on an organization’s ledger. We systematically examine each participant and treating it as a malicious entity look at the attacks possible on the system as a whole. With the global shift in adopting blockchains as vehicles of trust, a collection of such scenarios would be useful to organizations using Fabric to implement their own Distributed Ledger Technologies (DLT), as it would highlight the possible misuse cases of the platform. It would also help fellow researchers by presenting a primitive idea of the possible attacks and promote further research in preventing them.

The first author carried would like to thank Robert Bosch Engineering & Business Solutions Pvt. Ltd. (RBEI/ESY), Bangalore, where he was a summer intern when this work was carried out.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Apache CouchDB. http://couchdb.apache.org/
Sybil Attack. https://en.wikipedia.org/wiki/Sybil_attack
Open Blockchain (2016). https://developer.ibm.com/open/projects/open-blockchain/
Androulaki, E., et al.: Hyperledger fabric: a distributed operating system for permissioned blockchains. In: EuroSys, pp. 30:1–30:15. ACM (2018)
Google Scholar
Avan-Nomayo, O.: Iran developing national blockchain platform on hyperledger fabric (2019). https://cointelegraph.com/news/iran-developing-national-blockchain-platform-on-ibm-hyperledger-fabric
Back, A.: Blockstream (2014). https://blockstream.com/
del Castillo, M.: Blockchain 50: billion dollar babies (2019). https://www.forbes.com/sites/michaeldelcastillo/2019/04/16/blockchain-50-billion-dollar-babies/#39a73cc657cc
Hyperledger: Hyperledger.org. https://www.hyperledger.org/
Intel: Sawtooth (2016). https://www.hyperledger.org/projects/sawtooth
Kfir, S., Rooz, Y., Saraniecki, E.: Digital asset (2014). https://digitalasset.com/
Li, Z., Lu, S., Myagmar, S., Zhou, Y.: CP-Miner: finding copy-paste and related bugs in large-scale software code. IEEE Trans. Softw. Eng. 32(3), 176–192 (2006)
Article Google Scholar
Marlinspike, M.: sslstrip. https://moxie.org/software/sslstrip/
Potter, J.: The unfortunate rise of permissioned blockchains (2018). https://blog.xtrabytes.global/technology/the-unfortunate-rise-of-permission-blockchains/
Riedesel, S., Hakimian, P., Buyens, K., Biehn, T.: Tineola: taking a bite out of enterprise blockchain (2018). https://github.com/tineola/tineola/raw/master/docs/TineolaWhitepaper.pdf
Sanders, C.: SSL stripping. http://techgenix.com/understanding-man-in-the-middle-attacks-arp-part4/
Sarai, A.: Bugzilla bug report: CVE-2018-15664. https://bugzilla.redhat.com/show_bug.cgi?id=1714722 (2019)
Torvalds, L.: The Linux foundation. https://www.linuxfoundation.org/
Vukolić, M.: The quest for scalable blockchain fabric: proof-of-work vs. BFT replication. In: Camenisch, J., Kesdoğan, D. (eds.) iNetSec 2015. LNCS, vol. 9591, pp. 112–125. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39028-4_9
Chapter Google Scholar
Wei, J., Pu, C.: TOCTTOU vulnerabilities in UNIX-style file systems: an anatomical study. In: FAST. USENIX (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science and Engineering, Indian Institute of Technology, Bhilai, Raipur, India
Ahaan Dabholkar
Robert Bosch Engineering & Business Solutions Pvt. Ltd. (RBEI/ESY), Bangalore, India
Vishal Saraswat

Authors

Ahaan Dabholkar
View author publications
You can also search for this author in PubMed Google Scholar
Vishal Saraswat
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vishal Saraswat .

Editor information

Editors and Affiliations

School of Computing, SASTRA University, Thanjavur, India
V. S. Shankar Sriram
School of Computing, SASTRA University, Thanjavur, India
V. Subramaniyaswamy
School of Computing, SASTRA University, Thanjavur, India
N. Sasikaladevi
School of Information Technology, Deakin University, Geelong, VIC, Australia
Leo Zhang
School of Information Technology, Deakin University, Geelong, VIC, Australia
Lynn Batten
School of Information Technology, Deakin University, Geelong, VIC, Australia
Gang Li

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Dabholkar, A., Saraswat, V. (2019). Ripping the Fabric: Attacks and Mitigations on Hyperledger Fabric. In: Shankar Sriram, V., Subramaniyaswamy, V., Sasikaladevi, N., Zhang, L., Batten, L., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2019. Communications in Computer and Information Science, vol 1116. Springer, Singapore. https://doi.org/10.1007/978-981-15-0871-4_24

Download citation

DOI: https://doi.org/10.1007/978-981-15-0871-4_24
Published: 15 November 2019
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0870-7
Online ISBN: 978-981-15-0871-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics