Hyperledger Fabric provides protection against some of the most common security threats, and assumes a shared responsibility model for addressing others. In the following table, we will summarize the most common security threats, whether Hyperledger Fabric addresses them and how or whether it is the responsibility of a node/network operator to address them:
|
Threat |
Description |
Hyperledger Fabric |
Network/Node Operator |
|
Spoofing |
Use of a token or other credential to pretend to be an authorized user, or compromise a user's private key. |
Fabric certificate authority generates X.509 certificates for its members. |
Manage certificate revocation list distribution among network participants to ensure that revoked members can no longer access the system. |
|
Tampering |
Modify information (for example, an entry in the database). |
Use of cryptographic measures (SHA256, ECDSA) make tampering infeasible. |
Derived from Fabric. |
|
Repudiation |
An entity cannot deny who did what. |
Tracks who did what using digital signatures. |
Derived from Fabric. |
|
Replay attacks |
Replay the transactions to corrupt the ledger. |
Hyperledger Fabric uses read/write sets to validate the transaction. A replay of transactions will fail due to an invalid read set. |
Derived from Fabric. |
|
Information disclosure |
Data exposed through intentional breach or accidental exposure. |
Hyperledger Fabric provides support for using TLSv1.2 for in-transit encryption. It does not encrypt ledger data at rest (the operator's responsibility). Information about all peers in the system and their transactions is exposed to the ordering service. |
It is the operator's responsibility to prevent information disclosure by following information security best practices as well as at-rest encryption. |
|
Denial of service |
Makes it difficult for legitimate users to access the system. |
It is the operator's responsibility. |
It is the operator's responsibility to prevent denial of service to the system. |
|
Elevation of Privileges |
Gain high level access to the application. |
Issued identities cannot upgrade their access (for example, create an identity) without manual review of access. |
Hyperledger Fabric runs chaincode in Docker containers. It is the responsibility of the network/node operator to limit access and run chaincode containers with appropriate restrictions. |
|
Ransomware |
Using cryptographic or other means to prevent access to data on the file system.
|
It is the operator's responsibility. |
It is the operator's responsibility to ensure that ransomware cannot prevent access to a node's ledger. |