51. Private and Trustworthy Distributed Lending Model Using Hyperledger Besu
- Author
-
Robin Doss, Purathani Praitheeshan, and Lei Pan
- Subjects
Smart contract ,business.industry ,Computer science ,Intrusion detection system ,Computer security ,computer.software_genre ,Encryption ,Transparency (behavior) ,Node (computer science) ,Distributed transaction ,business ,Key management ,computer ,Transaction data - Abstract
Financial systems are rapidly becoming decentralized for fulfilling requirements, such as distributed transactions, security, trustworthiness and elimination of third-party authorizations. As a fast-growing decentralized platform, blockchain thrives in enterprise application development on permissioned and private environments. Unfortunately, the transparency nature on most of the blockchain platforms allows all the participants to view the transaction data unless the blockchain is a private chain. This practice has limited the potential developing blockchain-based applications, especially for public chains like Ethereum. This paper attempts to provide a technical solution to ensure the privacy and trustworthiness of transaction data on Ether-eum. To illustrate how a real-world system works, we design and implement a distributed lending model for handling private transactions between the participants of any loan agreement. Specifically, the privacy of the loan transactions is protected by customizing Hyperledger Besu and Orion transaction manager with the privacy group feature. However, current versions of Hyperledger Besu and Orion fail to provide necessary features for securing the entire Decentralized Application (DApp), including key management and intrusion detection, and the privacy group ID is unprotected by default. Therefore, we propose a multi-user level encryption scheme to securely share the privacy group ID among the privacy group members. Furthermore, we deployed a smart contract to monitor and alert the malicious activities from any external nodes with the intention to guess the privacy group ID. Our multi-user level encryption and intrusion detection methods worked seamlessly with the Hyperledger Besu and Orion on our prototype lending system. Our empirical results showed that the privacy needs of the privacy group ID are fulfilled with good system efficiency. The smart contract programs and the source code of the NodeJs application are available at https://www.github.com/ppraithe/besu_malicious_node_detector .
- Published
- 2021