Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Trust Data Sharing and Utilization Infrastructure for Sensitive Data using Hyperledger Avalon

Koshi Ikegawa
June 08, 2021
Research
0
31

Trust Data Sharing and Utilization Infrastructure for Sensitive Data using Hyperledger Avalon

Koshi Ikegawa and Nao Nishijima.
Trust Data Sharing and Utilization Infrastructure for Sensitive Data using Hyperledger Avalon.
Hyperledger Grobal Forum 2021 (HLGF 2021). June 08-10 2021. Online.

Koshi Ikegawa

June 08, 2021
Tweet

More Decks by Koshi Ikegawa

See All by Koshi Ikegawa
ブロックチェーンを用いた自己主権型デジタルID管理 (HL Workshop Ver.)
ikegawa
0
28
ブロックチェーンを用いた自己主権型デジタルID管理 (WebX Ver.)
ikegawa
0
68
Demo: Infrastructure for Managing, Sharing, and Utilizing Sensitive Data using Hyperledger Fabric Private Chaincode Running on Microsoft Azure
ikegawa
0
16
Trust Data Sharing and Utilization Infrastructure for Sensitive Data Using Hyperledger Projects
ikegawa
0
13

Other Decks in Research

See All in Research
How to Perform Manual Classification for Deep Learning Using CloudCompare
kentaitakura
0
670
MegaParticles: GPUを利用したStein Particle Filterによる点群6自由度姿勢推定
koide3
1
540
脳卒中患者・家族からみた循環器病対策推進基本計画の進捗に関する調査
japanstrokeassociation
0
540
機械学習と数理最適化の融合-文脈付き確率的最短路を例として-
mickey_kubo
2
450
僕たちがグラフニューラルネットワークを学ぶ理由
joisino
18
7.2k
People Driven Transformation / 人が起点の、社会の変え方
dmattsun
0
160
継続的な研究費獲得のための考え方
moda0
2
440
デフスポーツにおける支援技術 〜競技特性・ルールと技術との関係〜
slab
0
220
Discovering Universal Geometry in Embeddings with ICA
momoseoyama
1
350
媒介分析と疫学
kingqwert
0
100
F0に基づいて伸縮された画像文字からの音声合成 [ASJ2024春]
nehi0615
0
120
Gmail の「メール送信者のガイドライン」強化から 1 ヵ月、今後予想されるメールセキュリティの変化とは
hirachan
1
250

Featured

See All Featured
For a Future-Friendly Web
brad_frost
172
9k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
358
22k
Optimising Largest Contentful Paint
csswizardry
12
2.4k
Optimizing for Happiness
mojombo
370
69k
Mobile First: as difficult as doing things right
swwweet
217
8.6k
What's in a price? How to price your products and services
michaelherold
238
11k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
65
14k
Designing the Hi-DPI Web
ddemaree
276
33k
BBQ
matthewcrist
80
8.8k
The Brand Is Dead. Long Live the Brand.
mthomps
49
29k
10 Git Anti Patterns You Should be Aware of
lemiorhan
649
58k

Transcript

  1. © Hitachi, Ltd. 2021. All rights reserved. June 10th, 2021

    Hitachi, Ltd., Research and Development Group Koshi Ikegawa, and Nao Nishijima Trust Data Sharing and Utilization Infrastructure for Sensitive Data using Hyperledger Avalon Hyperledger Global Forum 2021 Virtual 2 / •Business

  2. © Hitachi, Ltd. 2021. All rights reserved. Contents 1. Introduction

    2. Design and Approach 3. Work in Progress 4. Summary 1

  3. © Hitachi, Ltd. 2021. All rights reserved. Contents 1. Introduction

    2. Design and Approach 3. Work in Progress 4. Summary 2

  4. © Hitachi, Ltd. 2021. All rights reserved. Increasing demand for

    trust data sharing & utilization Market 3 Data Free Flow with Trust (DFFT) is advocated by the World Economic Forum (2019) ❚ Focus on cross border data flows u Blockchain is needed ❚ There are many types of data to share u Open data: map, news, disaster info, etc... u Sensitive data: healthcare, government, personal, etc...

  5. © Hitachi, Ltd. 2021. All rights reserved. In our use

    case, we created an infrastructure to manage and utilize genome data in multiple organizations and has confirmed PoC [1] Background 4 1. Koshi Ikegawa, Nao Nishijima, Yoji Ozawa, Katsuhiro Fukunaka, Hironori Emaru, Masaru Hisada, Akihito Kaneko, Eiichi Araki, Ai Okada and Yuichi Shiraishi. Secure and Traceable System for Genomic Data Sharing Using Hyperledger Fabric Blockchain (in Japanese). IIBMP2020, September 2020. ❚ Multiple organizations are participating in a blockchain network for genome data sharing ❚ Raw genome data must not be passed on to other organizations because the data is sensitive data ❚ Analyze the data on the processor of the data owner org and pass only the results to other orgs Org A Org C Org D Org B Patients Genome Data Storage Data Processer Doctor Doctor Result Request Load store

  6. © Hitachi, Ltd. 2021. All rights reserved. Org A Org

    C Org D Org B Motivation 5 ❚ Personal data, such as genome data needs to be handled with particular care in accordance with the law ❚ Focus on the following three to realize the infrastructure Realize Trust Data Sharing and Utilization Infrastructure for Sensitive Data Genome Data Storage Data Processer Doctor Doctor 1. Trust Encryption 2. Trust Processing 3. Trust Data Load

  7. © Hitachi, Ltd. 2021. All rights reserved. Org A Org

    C Org D Org B Motivation 6 ❚ Personal data, such as genomic information needs to be handled with particular care in accordance with the law ❚ Focus on the following three to realize the infrastructure Realize Trust Data Sharing and Utilization Infrastructure for Sensitive Data Genome Data Storage Data Processer Doctor Doctor 3. Trust Data Load 1. Trust Encryption 2. Trust Processing Hyperledger Avalon Enable to Trust Encryption and Processing

  8. © Hitachi, Ltd. 2021. All rights reserved. Org A Doctor

    What is Hyperledger Avalon 7 Avalon is a Hyperledger project to realize Off-chain Trusted Computing ❚ Avalon is the first and only implementation of EEAʼs1 Off-Chain Trusted Compute Specification ❚ Avalon guarantees a trust execution of a program in the protected area by CPU native secure function (Trusted Execution Environment) Org B Trusted Execution Environment Result Request Peer Avalon Blockchain Connector Avalon Client Peer encrypt decrypt encrypt decrypt Chaincode Simplified Hyperledger Avalon Architectural Diagram Guarantee trust of processing

  9. © Hitachi, Ltd. 2021. All rights reserved. What is Trusted

    Execution Environment (TEE) 8 Trusted Execution Environment is CPU Security Technology ❚ TEE is a CPU security function that generates a protected area called enclave in memory and loads programs and data into the area, enabling programs to be executed while protecting sensitive data u Provided by CPU vendors such as Intel Software Guard Extensions (SGX), ARM TrustZone, AMD Secure Encrypted Virtualization (SEV), etc. ❚ In Hyperledger Avalon, Intel SGX is being used for implementation. u In Intel SGX, the encrypted area in memory is called Enclave.

  10. © Hitachi, Ltd. 2021. All rights reserved. Org A Org

    C Org D Org B Focus Point in This Session 9 Enable to Trust Data Load Genome Data Storage Data Processer Doctor Doctor 1. Trust Encryption 2. Trust Processing 3. Trust Data Load

  11. © Hitachi, Ltd. 2021. All rights reserved. Contents 1. Introduction

    2. Design and Approach 3. Work in Progress 4. Summary 10

  12. © Hitachi, Ltd. 2021. All rights reserved. Unable to verify

    the correctness of data on private storage Issue 11 Org A Org C Org D Org B Genome Data Storage Avalon Protected Area Doctor Doctor Load Really correct data was loaded?

  13. © Hitachi, Ltd. 2021. All rights reserved. Unable to verify

    the correctness of data on private storage Design Idea 12 Org A Org C Org D Org B Genome Data Storage Avalon Protected Area Doctor Doctor Load Really correct data was loaded? Data Verify Verifying loaded data in Avalon Protected Area

  14. © Hitachi, Ltd. 2021. All rights reserved. Approach | Step

    1: store raw genome data & metadata 13 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer store raw genome data invoke: genome metadata Chaincode

  15. © Hitachi, Ltd. 2021. All rights reserved. Approach | Step

    2: Access control 14 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer invoke: request access right State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Chaincode

  16. © Hitachi, Ltd. 2021. All rights reserved. Approach | Step

    2: Access control 15 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer invoke: accept access right invoke: request access right State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A Chaincode

  17. © Hitachi, Ltd. 2021. All rights reserved. Approach | Step

    3: Analyze Task Request 16 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A invoke: analyze task

  18. © Hitachi, Ltd. 2021. All rights reserved. Approach | Step

    3: Analyze Task Request 17 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A invoke: analyze task check access right

  19. © Hitachi, Ltd. 2021. All rights reserved. Approach | Step

    3: Analyze Task Request 18 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Genome Data 001 Org A xxxxxxxx write task request

  20. © Hitachi, Ltd. 2021. All rights reserved. Approach | Step

    3: Analyze Task Request 19 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Genome Data 001 Org A xxxxxxxx query: task

  21. © Hitachi, Ltd. 2021. All rights reserved. Approach | Step

    3: Analyze Task Request 20 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Genome Data 001 Org A xxxxxxxx Load

  22. © Hitachi, Ltd. 2021. All rights reserved. Approach | Step

    3: Analyze Task Request 21 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Genome Data 001 Org A xxxxxxxx Load calculate hash value from loaded data Calculated Hash

  23. © Hitachi, Ltd. 2021. All rights reserved. Approach | Step

    3: Analyze Task Request 22 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Genome Data 001 Org A xxxxxxxx Load query: hash value calculate hash value from loaded data Calculated Hash Managed Hash

  24. © Hitachi, Ltd. 2021. All rights reserved. Approach | Step

    3: Analyze Task Request 23 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Genome Data 001 Org A xxxxxxxx Calculated Hash Managed Hash Verify hash value

  25. © Hitachi, Ltd. 2021. All rights reserved. Approach | Step

    3: Analyze Task Request 24 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Result Genome Data 001 Org A xxxxxxxx yyyyyyy Analyze Return results

  26. © Hitachi, Ltd. 2021. All rights reserved. Org A Org

    C Org D Org B Realize trust infrastructure 25 By using Avalon and implementing our approach, we can realize a trustworthy data utilization infrastructure. Genome Data Storage Data Processer Doctor Doctor 3. Trust Data Load 1. Trust Encryption 2. Trust Processing Our approach

  27. © Hitachi, Ltd. 2021. All rights reserved. Contents 1. Introduction

    2. Design and Approach 3. Work in Progress 4. Summary 26

  28. © Hitachi, Ltd. 2021. All rights reserved. Further improvements 27

    Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode We can improve our infrastructure even further State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Result Genome Data 001 Org A xxx yyy Encrypted using Avalon Not encrypted (because processing in on-chain is required)

  29. © Hitachi, Ltd. 2021. All rights reserved. Further improvements 28

    Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode We can improve our infrastructure even further State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Result Genome Data 001 Org A xxx yyy No need for encryption (Metadata is shared info) Should be encrypted (Information about who requested access should be kept confidential)

  30. © Hitachi, Ltd. 2021. All rights reserved. Work in Progress

    We are trying to use Hyperledger Fabric Private Chaincode! ❚ Hyperledger Fabric Private Chaincode (FPC) enables the execution of chaincodes using Trusted Execution Environment ❚ The combination of Avalon and Fabric Private Chaincode can make both On-chain and Off- chain trustworthy ❚ We have started u try to use FPC u contact FPC community u contribute to FPC

  31. © Hitachi, Ltd. 2021. All rights reserved. Contents 1. Introduction

    2. Design and Approach 3. Work in Progress 4. Summary 30

  32. © Hitachi, Ltd. 2021. All rights reserved. Summary 31 Org

    A Org C Org D Org B Genome Data Storage Data Processer Doctor Doctor 3. Trust Data Load 1. Trust Encryption 2. Trust Processing Our approach ❚ We introduced one of implementation to realize a trusted infrastructure for sharing & utilizing sensitive data ❚ With Avalon and our approach, we have made the following three points into a trust ❚ We are trying to use Hyperledger Fabric Private Chaincode for make both On-chain and Off-chain more trustworthy
  33. None

  34. © Hitachi, Ltd. 2021. All rights reserved. Thursday, June 10th,

    2021 Hitachi, Ltd., Research and Development Group Koshi Ikegawa, and Nao Nishijima Trust Data Sharing and Utilization Infrastructure for Sensitive Data using Hyperledger Avalon Hyperledger Global Forum 2021 Virtual 2 / •Business