Securing your cross-domain file transfers with blockchain
As I discussed in a previous article, a Hyperledger Fabric (HLF) blockchain network hosted on a high assurance platform is well suited for secure information exchanges across network security domains — for example, exchanging unclassified information between a classified and unclassified network. However, when the information exchanged includes image, video, audio or other large file content, a crypto-intensive blockchain network takes a huge performance hit. Therefore, when large files are involved, the solution is to pair a blockchain guard with a traditional file-transfer guard to avoid the blockchain performance hit as well as improve the traditional file guard’s control, accountability and provenance.
The problem with files in a blockchain
An HLF blockchain excels at providing a single, assured view of asset-related transactional information to all authorized participants in a secure business network channel — providing complete and assured transactional attribution and provenance. However, computationally-heavy cryptographic operations become too expensive and storage volumes explode when large files are written to each ledger across a distributed blockchain network. Therefore, best practice is to store only a hash or digital signature of a large file in the ledger and keep the file itself off-ledger. In this way, the file’s hash in the immutable ledger provides assurance of the provenance and integrity of the file contents no matter where the actual file is located, and ledger performance and storage remain optimum.
In contrast, traditional file-transfer cross-domain guard solutions are specifically built for securely passing large files within and across network domain boundaries, but they lack the ability to provide a single holistic assured view of each file’s overarching end-to-end provenance. A typical file transfer guard knows where to look for new files, what should and shouldn’t be in a particular type of file, and where to put the file on the far side. It doesn’t really care much about the file outside the scope of its own system accreditation boundary, and the file’s guard-related provenance is limited to uncorrelated high and low side log entries.
The blockchain file transfer solution
An elegant and efficient solution is to employ an HLF blockchain ledger in combination with a traditional file-transfer guard. The security controls of the transactional HLF blockchain ledger bolster the security controls of a traditional file-transfer guard by providing transactional context and accountability. And the traditional file-transfer guard extends and enriches provenance by providing the file-transfer details to the associated asset’s ledger entry.
The general sequence for how these two guards could work together in a multinational cross-domain flow is illustrated in the figure and described in the diagram below.
The diagram shows a cross-domain bi-lateral intelligence sharing information flow between countries A and B. Intelligence findings with supporting evidential files generated by an application such as the IBM i2 Analyst Notebook, are shared between the two country’s intelligence analysts using a combination of a cross-domain private blockchain channel and a traditional file-transfer guard.
After release authorization, an endorsed intelligence transaction and supporting evidence file are submitted to the cross-domain intelligence blockchain channel and the file-transfer cross domain guard, respectively. The blockchain commit event signals the file-transfer guard to verify and move the file. Not shown is the option of also recording the file’s guard-generated movement events in the blockchain ledger to provide a complete picture of the evidential file’s provenance.
This same general information flow is applicable to any cross-domain use case where off-ledger data, such as large files or personally identifying information (PII) needs to be kept synchronized with the on-ledger data.
The value to you
When paired with a traditional cross-domain file transfer guard, the benefits of a blockchain cross-domain solution extends to the traditional guard. Specifically, it provides a single shared view of each asset throughout its lifecycle regardless of the network domain or format, file or ledger-based. The accountability and provenance of file-based information is immutably maintained in context with the other asset data maintained in the transactional ledger. The ledger data for any given channel is identical.
It also provides auditable control and oversight of file-based asset information throughout the lifecycle. The file content hash or digital signature included in the blockchain transaction proposal, endorsement and transaction commit processes, provides auditable accountability of exactly what content has been authorized by whom for sharing and transfer through the file transfer guard.
Using the cross-domain peer-generated transaction commit event as a triggering authorization for the file guard transfer, ensures the transfer occurs only after the other associated asset information has been authorized and shared via the ledger. Updating the ledger with file transfer guard-provided details, provides an immutable record of this phase of a file’s total lifecycle in context with the asset’s other data.
Explore more about how blockchain can be deployed as your cross-domain solution through the IBM Blockchain Dev Center.
I look forward to more great conversations on the advantages of blockchain as a cross-domain solution.