Examining the Behaviour of Hyperledger Fabric when World State is Tampered

Overview

When we say “immutability” in blockchain, our general perception is that everything in the blockchain system is immutable, that is, no one can modify it. In fact, in a blockchain network, each node is maintaining both the state and the transaction logs. When things are running normally, the consensus mechanism ensures the state maintained in every node is identical, which makes blockchain a robust and trustworthy environment for business use.

Review: Ledger in Hyperledger Fabric

Data immutability is always one of the major features when we talk about blockchain. That is, no one can modify the data once it is written in the blockchain. To be more precise, the data written in the data structure (called blockchain) cannot be easily modified, and any attempt of modification should be easily detected.

Setup of Testing Environment

As we are simulating the data tampering, we need a fabric network of multiple organizations. Here we first build a fabric network with three organizations (Org1, Org2 and Org3). Each organization has one peer (peer0.org1, peer0.org2 and peer0.org3). Each peer has one CouchDB as its world state database. Besides, we will have an orderer (in OrdererOrg) and a CLI for accessing to the peer nodes.

A three-org setup with CouchDB as world state database.
Eight containers running. Note the three CouchDB, corresponding to the peer node of three organizations
The peer of each organization joins mychannel

Baseline: A Normal Operation

We first perform a normal operation where data is not tampered. This serves as a baseline with which we can compare test scenarios later when data is tampered.

Chaincode fabcar installed in three peer nodes
Chaincode fabcar instantiated on mychannel with endorsing policy
Per fabcar chaincode design, initLedger() is executed to predefined dataset.
All peer nodes have the same state in their own ledger.
The data is updated in all the three peer nodes in normal operation.

Data Tampering

In our setup, CouchDB is running in as a separate container. That means we can use the built-in utility to access and even modify the data written on it.

Accessing CouchDB directly
“Tampering” the data: modify it directly on CouchDB

Test Scenario 1: Endorsing Policy requires endorsement from ALL peers (i.e., AND)

Step 1: Chaincode installation in all peers (same Step 1 in baseline)

Transaction fails. Transaction invoker receives mismatched responses.

Test Scenario 2: Endorsing Policy requires endorsement just from ONE peer (i.e., OR)

Step 1: Chaincode installation in all peers (same Step 1 in baseline)

Tampered data gets propagated to other peer nodes.

Observation

From these tests we see the importance of endorsing policies. Besides business reasons (for example, it makes sense that certain transactions should be endorsed by various organizations), endorsing policy also has security effect, in particular when data tampering happens.

  • use >1 OutOf specified or all organizations
  1. If a normal node invokes transaction on the same piece of data being tampered in another node, it is interesting that the normal data will “fix” the tampered data in that tampered node. That is, the tampered data is changed back to normal data from that normal node.

How to Fix the Data Tampering

When we are on the Test Scenario 1, using AND(org1, org2, org3) as the endorsing policy. When data tampering on Org1 happens, the fabric network is unable to process transactions involving this tampered data.

Tampered node peer0.org1 unable to invoke transaction

Summary

The purpose of this article is to examine what happens if the world state is tampered. With proper endorsing policy we can somehow protect the fabric network from tampered data propagation. We also see how bad it will be in case a weak endorsing policy is applied to the network, in which the tampered data may get propagated. This ruins the fabric network as a trust system. Finally, by bringing down the tampered peer node and bringing it up again, the node recommitting back the blocks on the fabric network and can resume working.

Visit http://www.ledgertech.biz/kcarticles.html for all my works. Reach me on https://www.linkedin.com/in/ktam1/ or follow me @kctheservant in Twitter.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store