1 / 58

Smart Blockchain Security System Design

Smart Blockchain Security System Design. Akshay Goyal Manil Puri Mukul Mahajan Rachit Goel. Precision Farming

JasminFlorian
Télécharger la présentation

Smart Blockchain Security System Design

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smart Blockchain Security System Design Akshay Goyal Manil Puri Mukul Mahajan Rachit Goel

  2. Precision Farming The first wave of the precision agricultural revolution will come in the forms of satellite and aerial imagery, weather prediction, variable rate fertilizer application, and crop health indicators. The second wave will aggregate the machine data for even more precise planting, topographical mapping, and soil data.

  3. Proposed IDEA ‹#›

  4. Smart Blockchain Security System Design • Network Creation It has been established with the help of :- • Docker • Hyperledger Fabric • Kubernetes 2. Data Fusion (IC 61499) Necessary to fuse data to predict and peer any transaction with in a ledger.

  5. What is Blockchain? • Using cryptography to keep exchanges secure, blockchain provides a decentralized database, or “digital ledger”, of transactions that everyone on the network can see. • This network is essentially a chain of computers that must all approve an exchange before it can be verified and recorded.

  6. How we implement this architecture? 1. Put the Peers, orderer, etc. in separate Docker Containers. 2. Create a network of these containers 3. Manage and scale the distributed network using Kubernetes

  7. Hyperledger Fabric It’s intended as a foundation for developing blockchain distributed ledger applications with a modular architecture. It allows components, such as consensus and membership services, to be plug-and-play. It covers key features of blockchain and distributed ledger technologies, current Hyperledger projects and common use cases, and the differences between various types of Hyperledger projects in the fields of finance, banking, Internet of Things, supply chains and manufacturing technologies. See how to install Hyperledger ‹#›

  8. Hyperledger Fabric core concepts • FABRIC CA (Certificate Authority) • MSP (Membership Service Provider) • PEERS • ORDERER • CHANNELS • CHAINCODE • ENDORSEMENT POLICY

  9. FABRIC CA (Certificate Authority) Every operation inside HLF must be signed with cryptographic certificate. Fabric CA generates certificates for all users. These certificate is the way of tracking & identifying Users.

  10. MSP (Membership Service Provider) This is how we define the organizations (peers & orderers) in a network. MSP ID is the name that we define set of certifications that defines who you are and which network you are in.

  11. PEERS Place where the blockchain (ledger) is stored. Requests are sent to peers. According to the ordering service appending to the ledger happens. All the peers find each other and synchronize automatically.

  12. ORDERING SERVICE (heart of consensus algorithm) Role: to provide order of operation. Before anything is committed to ledger, it must pass through the ordering service. Types: SOLO -Used for only development (Single Instance) Apache KAFKA -Used in production (Distributed)

  13. CHANNELS Role: Communication path for nodes. Separate independent instance of Hyperledger fabric. Each node must be associated with some channel. Provides way for nodes to interact and perform operations. Has its own ledger.

  14. CHAINCODE (Smart Contract) Role: All business logic in inside chaincode. Written in go language. For every transaction peer execute the chaincode. Only thing that can read & update the ledger. Must be part of a channel. Chaincode is installed in every peer which are part of a channel.

  15. Work related to chaincode Data structure of the chaincode:

  16. Invocation function:

  17. Applying pesticide to crop function:

  18. Commands for initialization and invocation:

  19. Chaincode Deployment screenshots: Installing chaincode Instantiating chaincode

  20. Querying chaincode:

  21. ENDORSEMENT POLICY Role: Gives the logic for consensus. Used to instruct a peer on how to decide whether a transaction is properly endorsed. Can create any boolean logic using AND and OR as a policy

  22. LEDGER Channel HYPERLEDGER FABRIC • - - - PEER 1 PEER 2 PEER 3 CHAINCODE CHAINCODE FIG: RELATIONSHIP OF FABRIC COMPONENTS POLICY POLICY

  23. How it Works • The client creates a transaction and sends it to endorsing peers of its choice • The endorsing peer simulates a transaction and produces an endorsement signature • The submitting client collects an endorsement for a transaction and broadcasts it through ordering service • The ordering service delivers a transactions to the peers

  24. Overall Architecture

  25. How we implement this architecture? 1. Put the Peers, orderer, etc. in separate Docker Containers. 2. Create a network of these containers 3. Manage and scale the distributed network using Kubernetes

  26. Docker A container image is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings. Available for both Linux and Windows based apps, containerized software will always run the same, regardless of the environment. Containers isolate software from its surroundings, for example differences between development and staging environments and help reduce conflicts between teams running different software on the same infrastructure. How to install docker

  27. DOCKER FEATURES • Domain-specific language for building containers • Each container has a single start process • Union filesystem to conserve I/O when cloning containers • Simple networking defaults—comparable to host-only networking in VMware • Private registry for sharing images

  28. Dockerfile -[build]-> Image -[run]-> Container Creation of IMAGES Three ways to acquire Docker images: 1. Docker Hub - 2. Build your own images via Dockerfile 3. Private registry - registry.hub.docker.com github.com/docker/docke

  29. Docker File $ cat DockerfileFROM ubuntu:12.04# Update repo index and install ApacheRUN apt-get updateRUN apt-get install -y apache2# Set Apache environment variablesENV APACHE_RUN_USER www-dataENV APACHE_RUN_GROUP www-dataENV APACHE_LOG_DIR /var/log/apache2# Expose ports for container linkingEXPOSE 80# Run apache by default when starting the containerCMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]

  30. Build an Image # docker build -t mattkaar/apache .Uploading context 2.56 kBUploading contextStep 0 : FROM ubuntu:12.04Pulling repository ubuntu9cd978db300e: Download complete511136ea3c5a: Download complete6170bb7b0ad1: Download complete---> 9cd978db300e Step 1 : RUN apt-get update---> Running in 34e4139f2edeIgn http://archive.ubuntu.com precise InReleaseIgn http://archive.ubuntu.com precise-updates InReleaseIgn http://archive.ubuntu.com precise-security InReleaseHit http://archive.ubuntu.com precise Release.gpg

  31. Running a Container • Run a container in the background $ docker run -d -name apache mattkaar/apache be09d6f98fcc54ade5696b757b0509423240a17ac9458688960f74c735 • Run a container interactively with Bash$ docker run -i -t -name apache mattkaar/apache /bin/bashroot@428707fdc19b:/#

  32. Container Management Show running containers $ docker psCONTAINER ID IMAGE COMMAND CREATED f6bd9843c073 mattkaar/apache:latest /usr/sbin/apache2 -D 14 minutes Stop a container $ docker stop apache Apache Remove a container $ docker rm apache apache

  33. How we implement this architecture? 2. Create a network of these containers 3. Manage and scale the distributed network using Kubernetes 1. Put the Peers, orderer, etc. in separate Docker Containers.

  34. Kubernetes It is an open source platform that automates Linux container operations. It eliminates many of the manual processes involved in deploying and scaling containerized applications. In other words, you can cluster together groups of hosts running Linux containers, and Kubernetes helps you easily and efficiently manage those clusters. These clusters can span hosts across public, private, or hybrid clouds. See how to install Kubernetes ‹#›

  35. Implementation

  36. Network Topology Represents physical network

  37. Network Topology Kubernetes has one or more master and worker nodes. Besides that, we have a CMD machine as a client to issue the deployment commands. An NFS server is used as a shared file system for configuration files and other data. All these nodes are connected by a physical network (e.g. 140.123.105.171/22). Kubernetes connects all pods to the Flannel network, allowing containers of those pods to communicate with each other properly.

  38. Mapping Fabric Components to Kubernetes Pods

  39. Mapping Fabric Components to Kubernetes Pods ( Continued…… ) In Kubernetes, namespace is an important concept. It is used to divide cluster resources between multiple users. In the case of Fabric, organizations can be mapped into namespaces so that they have their dedicated resource. After this mapping, peers of each organization can be distinguished by domain name. Furthermore, we could isolate different organizations by setting network policy.

  40. Pod A pod is a deployment unit in Kubernetes, it consists of one or more containers. We can bundle Fabric containers of each organization into several pods. These pod types are as follows: • Peer Pod: including Fabric peer, couchDB , representing the organization’s peer node. Each organization could have one or more peer pods. • CA Server Pod: Fabric CA Server node of the organization. Usually one pod is needed in an organization. • CLI Pod: Provides an environment for command-line tools to manipulate the nodes of the organization. Fabric’s peer environment variables are configured in this pod.

  41. Pod Peer and Organization

  42. Some of work samples and files we are Implementing • Cluster-config.yaml • Configtx.yaml • generateALL.sh • Fabric_1_0_template_pod_ca.yaml • Fabric_1_0_template_pod_cli.yaml • Fabric_1_0_template_pod_orderer.yaml • Fabric_1_0_template_pod_peer.yaml • Config.py • Generate.py • delete.py

  43. Some of work samples and files we are Implementing ( Continued…. ) • cluster-config.yaml

  44. Some of work samples and files we are Implementing ( Continued…. ) 2. run.py

  45. Smart Blockchain Security System Design • Network Creation It has been established with the help of :- • Docker • Hyperledger Fabric • Kubernetes 2. Data Fusion (IC 61499) Necessary to fuse data to predict and peer any transaction with in a ledger.

  46. IEC 61499 The specification of IEC 61499 defines a generic model for distributed control systems and is based on the IEC 61131 standard. Part 1 of the IEC 61499 Standard defines an implementable reference architecture for the development,reuse and deployment of Function Blocks in distributed and embedded industrial control and automation systems. Part 2 of the Standard defines requirements for software tools to support the required engineering tasks.

  47. Why IEC 61499…. The qualities are defined as: ● Portability: the extent to which software elements (FB types, data types, resource types, device types, and system configurations) can be accepted and correctly interpreted by multiple software tools ● Configurability: the extent to which a system can be configured via selection of functional units (FBs, resources, and devices), assigning their locations and parameters and establishing their data and event interconnections ● Interoperability: the extent to which functional units in a system are able to operate together to perform the required set of automation, control, and data processing functions

  48. Software Tools • 4DIAC-­IDE This software tool, a product of the 4DIAC open source project, is distributed as a set of plug­ins for the Eclipse Integrated Development Environment (IDE). 4DIAC­-IDE supports the specification of function block types as well as the development of system configurations including the application model and the device configurations, as well as deployment of the application to distributed devices. • nxtSTUDIO An interesting feature is its use of Compound Automation Types (CATs) which include control engineering via IEC 61499; HMI/SCADA visualization including symbols, operating dialogues, etc; interconnection of hardware­specific inputs/outputs; and documentation. • ISaGRAF Workbench ISaGRAF announced the certification of its IEC 61499 solution compliance by TÜV Süd . The TÜV Compliance Report does not confirm portability of IEC 61499 library elements produced by the ISaGRAF Workbench to or from any software tool other than itself, not does it confirm configurability by the Workbench of any runtime platform other than the ISaGRAF runtime.

More Related