Tweet
Tweet

Slide 1

Slide 1 text

© Hitachi, Ltd. 2021. All rights reserved. June 10th, 2021 Hitachi, Ltd., Research and Development Group Koshi Ikegawa, and Nao Nishijima Trust Data Sharing and Utilization Infrastructure for Sensitive Data using Hyperledger Avalon Hyperledger Global Forum 2021 Virtual 2 / ●Business

Slide 2

Slide 2 text

© Hitachi, Ltd. 2021. All rights reserved. Contents 1. Introduction 2. Design and Approach 3. Work in Progress 4. Summary 1

Slide 3

Slide 3 text

© Hitachi, Ltd. 2021. All rights reserved. Contents 1. Introduction 2. Design and Approach 3. Work in Progress 4. Summary 2

Slide 4

Slide 4 text

© Hitachi, Ltd. 2021. All rights reserved. Increasing demand for trust data sharing & utilization Market 3 Data Free Flow with Trust (DFFT) is advocated by the World Economic Forum (2019) ❚ Focus on cross border data flows u Blockchain is needed ❚ There are many types of data to share u Open data: map, news, disaster info, etc... u Sensitive data: healthcare, government, personal, etc...

Slide 5

Slide 5 text

© Hitachi, Ltd. 2021. All rights reserved. In our use case, we created an infrastructure to manage and utilize genome data in multiple organizations and has confirmed PoC [1] Background 4 1. Koshi Ikegawa, Nao Nishijima, Yoji Ozawa, Katsuhiro Fukunaka, Hironori Emaru, Masaru Hisada, Akihito Kaneko, Eiichi Araki, Ai Okada and Yuichi Shiraishi. Secure and Traceable System for Genomic Data Sharing Using Hyperledger Fabric Blockchain (in Japanese). IIBMP2020, September 2020. ❚ Multiple organizations are participating in a blockchain network for genome data sharing ❚ Raw genome data must not be passed on to other organizations because the data is sensitive data ❚ Analyze the data on the processor of the data owner org and pass only the results to other orgs Org A Org C Org D Org B Patients Genome Data Storage Data Processer Doctor Doctor Result Request Load store

Slide 6

Slide 6 text

© Hitachi, Ltd. 2021. All rights reserved. Org A Org C Org D Org B Motivation 5 ❚ Personal data, such as genome data needs to be handled with particular care in accordance with the law ❚ Focus on the following three to realize the infrastructure Realize Trust Data Sharing and Utilization Infrastructure for Sensitive Data Genome Data Storage Data Processer Doctor Doctor 1. Trust Encryption 2. Trust Processing 3. Trust Data Load

Slide 7

Slide 7 text

© Hitachi, Ltd. 2021. All rights reserved. Org A Org C Org D Org B Motivation 6 ❚ Personal data, such as genomic information needs to be handled with particular care in accordance with the law ❚ Focus on the following three to realize the infrastructure Realize Trust Data Sharing and Utilization Infrastructure for Sensitive Data Genome Data Storage Data Processer Doctor Doctor 3. Trust Data Load 1. Trust Encryption 2. Trust Processing Hyperledger Avalon Enable to Trust Encryption and Processing

Slide 8

Slide 8 text

© Hitachi, Ltd. 2021. All rights reserved. Org A Doctor What is Hyperledger Avalon 7 Avalon is a Hyperledger project to realize Off-chain Trusted Computing ❚ Avalon is the first and only implementation of EEAʼs1 Off-Chain Trusted Compute Specification ❚ Avalon guarantees a trust execution of a program in the protected area by CPU native secure function (Trusted Execution Environment) Org B Trusted Execution Environment Result Request Peer Avalon Blockchain Connector Avalon Client Peer encrypt decrypt encrypt decrypt Chaincode Simplified Hyperledger Avalon Architectural Diagram Guarantee trust of processing

Slide 9

Slide 9 text

© Hitachi, Ltd. 2021. All rights reserved. What is Trusted Execution Environment (TEE) 8 Trusted Execution Environment is CPU Security Technology ❚ TEE is a CPU security function that generates a protected area called enclave in memory and loads programs and data into the area, enabling programs to be executed while protecting sensitive data u Provided by CPU vendors such as Intel Software Guard Extensions (SGX), ARM TrustZone, AMD Secure Encrypted Virtualization (SEV), etc. ❚ In Hyperledger Avalon, Intel SGX is being used for implementation. u In Intel SGX, the encrypted area in memory is called Enclave.

Slide 10

Slide 10 text

© Hitachi, Ltd. 2021. All rights reserved. Org A Org C Org D Org B Focus Point in This Session 9 Enable to Trust Data Load Genome Data Storage Data Processer Doctor Doctor 1. Trust Encryption 2. Trust Processing 3. Trust Data Load

Slide 11

Slide 11 text

© Hitachi, Ltd. 2021. All rights reserved. Contents 1. Introduction 2. Design and Approach 3. Work in Progress 4. Summary 10

Slide 12

Slide 12 text

© Hitachi, Ltd. 2021. All rights reserved. Unable to verify the correctness of data on private storage Issue 11 Org A Org C Org D Org B Genome Data Storage Avalon Protected Area Doctor Doctor Load Really correct data was loaded?

Slide 13

Slide 13 text

© Hitachi, Ltd. 2021. All rights reserved. Unable to verify the correctness of data on private storage Design Idea 12 Org A Org C Org D Org B Genome Data Storage Avalon Protected Area Doctor Doctor Load Really correct data was loaded? Data Verify Verifying loaded data in Avalon Protected Area

Slide 14

Slide 14 text

© Hitachi, Ltd. 2021. All rights reserved. Approach | Step 1: store raw genome data & metadata 13 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer store raw genome data invoke: genome metadata Chaincode

Slide 15

Slide 15 text

© Hitachi, Ltd. 2021. All rights reserved. Approach | Step 2: Access control 14 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer invoke: request access right State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Chaincode

Slide 16

Slide 16 text

© Hitachi, Ltd. 2021. All rights reserved. Approach | Step 2: Access control 15 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer invoke: accept access right invoke: request access right State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A Chaincode

Slide 17

Slide 17 text

© Hitachi, Ltd. 2021. All rights reserved. Approach | Step 3: Analyze Task Request 16 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A invoke: analyze task

Slide 18

Slide 18 text

© Hitachi, Ltd. 2021. All rights reserved. Approach | Step 3: Analyze Task Request 17 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A invoke: analyze task check access right

Slide 19

Slide 19 text

© Hitachi, Ltd. 2021. All rights reserved. Approach | Step 3: Analyze Task Request 18 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Genome Data 001 Org A xxxxxxxx write task request

Slide 20

Slide 20 text

© Hitachi, Ltd. 2021. All rights reserved. Approach | Step 3: Analyze Task Request 19 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Genome Data 001 Org A xxxxxxxx query: task

Slide 21

Slide 21 text

© Hitachi, Ltd. 2021. All rights reserved. Approach | Step 3: Analyze Task Request 20 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Genome Data 001 Org A xxxxxxxx Load

Slide 22

Slide 22 text

© Hitachi, Ltd. 2021. All rights reserved. Approach | Step 3: Analyze Task Request 21 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Genome Data 001 Org A xxxxxxxx Load calculate hash value from loaded data Calculated Hash

Slide 23

Slide 23 text

© Hitachi, Ltd. 2021. All rights reserved. Approach | Step 3: Analyze Task Request 22 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Genome Data 001 Org A xxxxxxxx Load query: hash value calculate hash value from loaded data Calculated Hash Managed Hash

Slide 24

Slide 24 text

© Hitachi, Ltd. 2021. All rights reserved. Approach | Step 3: Analyze Task Request 23 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Genome Data 001 Org A xxxxxxxx Calculated Hash Managed Hash Verify hash value

Slide 25

Slide 25 text

© Hitachi, Ltd. 2021. All rights reserved. Approach | Step 3: Analyze Task Request 24 State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Result Genome Data 001 Org A xxxxxxxx yyyyyyy Analyze Return results

Slide 26

Slide 26 text

© Hitachi, Ltd. 2021. All rights reserved. Org A Org C Org D Org B Realize trust infrastructure 25 By using Avalon and implementing our approach, we can realize a trustworthy data utilization infrastructure. Genome Data Storage Data Processer Doctor Doctor 3. Trust Data Load 1. Trust Encryption 2. Trust Processing Our approach

Slide 27

Slide 27 text

© Hitachi, Ltd. 2021. All rights reserved. Contents 1. Introduction 2. Design and Approach 3. Work in Progress 4. Summary 26

Slide 28

Slide 28 text

© Hitachi, Ltd. 2021. All rights reserved. Further improvements 27 Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode We can improve our infrastructure even further State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Result Genome Data 001 Org A xxx yyy Encrypted using Avalon Not encrypted (because processing in on-chain is required)

Slide 29

Slide 29 text

© Hitachi, Ltd. 2021. All rights reserved. Further improvements 28 Org A Org B Genome Data Storage Avalon Protected Area Doctor Doctor Peer Peer Chaincode We can improve our infrastructure even further State DB: Metadata Management Data name Owner Hash Value Genome Data 001 Org B Doctor 00aa11bb22cc... State DB: Access Management Data name Access Request Access Approval Genome Data 001 Org A Org A State DB: Analyze Task Management (Avalon) Data name Requester Task Result Genome Data 001 Org A xxx yyy No need for encryption (Metadata is shared info) Should be encrypted (Information about who requested access should be kept confidential)

Slide 30

Slide 30 text

© Hitachi, Ltd. 2021. All rights reserved. Work in Progress We are trying to use Hyperledger Fabric Private Chaincode! ❚ Hyperledger Fabric Private Chaincode (FPC) enables the execution of chaincodes using Trusted Execution Environment ❚ The combination of Avalon and Fabric Private Chaincode can make both On-chain and Off- chain trustworthy ❚ We have started u try to use FPC u contact FPC community u contribute to FPC

Slide 31

Slide 31 text

© Hitachi, Ltd. 2021. All rights reserved. Contents 1. Introduction 2. Design and Approach 3. Work in Progress 4. Summary 30

Slide 32

Slide 32 text

© Hitachi, Ltd. 2021. All rights reserved. Summary 31 Org A Org C Org D Org B Genome Data Storage Data Processer Doctor Doctor 3. Trust Data Load 1. Trust Encryption 2. Trust Processing Our approach ❚ We introduced one of implementation to realize a trusted infrastructure for sharing & utilizing sensitive data ❚ With Avalon and our approach, we have made the following three points into a trust ❚ We are trying to use Hyperledger Fabric Private Chaincode for make both On-chain and Off-chain more trustworthy

Slide 33

Slide 33 text

No content

Slide 34

Slide 34 text

© Hitachi, Ltd. 2021. All rights reserved. Thursday, June 10th, 2021 Hitachi, Ltd., Research and Development Group Koshi Ikegawa, and Nao Nishijima Trust Data Sharing and Utilization Infrastructure for Sensitive Data using Hyperledger Avalon Hyperledger Global Forum 2021 Virtual 2 / ●Business