Blockchain technologies provide the possibility to store data in immutable set of records called blocks and distribute them among different peers of the networks. Considering the railway field in particular, such aspects assume an important role, due to the criticality of data stored and the distributed nature of the connection systems.
Like a traditional public ledger, blockchain is a series of blocks that carry a comprehensive list of transaction information. In a blockchain system, a block has just one parent block, if the block header contains a preceding block hash. The genesis block is the initial block in a blockchain that has no parent block. In what follows, the internals of blockchain are explained in further detail.
A block comprises of a block header and a block body. The block header, in particular, contains the following information:
- The block version specifies which set of block validation criteria should be used.
- The hash value of all the transactions in the block is the Merkle tree root hash.
- Since January 1, 1970, the current time has been expressed in seconds in universal time.
- nBits: a valid block hash’s target threshold.
- Nonce: a four-byte field that starts with 0 and rises with each hash calculation.
- A 256-bit hash value that points to the previous block is called the parent block hash.
A transaction counter and transactions make up the block body. The maximum number of transactions that can be stored in a block is determined by the block size and the transaction size. To validate transaction authentication, Blockchain employs an asymmetric cryptography approach. In an untrustworthy environment, a digital signature based on asymmetric cryptography is used.
Key features of blockchain systems
Decentralization. Each transaction in traditional centralized transaction systems must be certified by a central trusted agency (e.g., the central bank), which invariably results in cost and performance bottlenecks at the central servers. In contrast to the centralized option, blockchain does not require the use of a third party. Consensus algorithms are employed in blockchain to keep data consistent across a distributed network.
Persistency. Transactions can be validated fast, and honest miners would not accept invalid transactions. Once a transaction is incorporated in the blockchain, it is nearly hard to erase or rollback the transaction. Blocks containing incorrect transactions should be found right away.
Anonymity. Each user interacts with the blockchain using a randomly generated address that hides the user’s true identity. Due to the inherent restriction, blockchain cannot ensure full privacy preservation.
Auditability. The Unspent Transaction Output (UTX-O) model is used to hold data on user balances on the Bitcoin blockchain: Any transaction must include a reference to previously unspent transactions. The state of those referred unspent transactions changes from unspent to spent once the present transaction is recorded into the blockchain. As a result, transactions could be easily tracked and validated.
Available blockchain systems
Public blockchain, private blockchain, and consortium blockchain are the three types of blockchain systems now in use. Everyone can participate in the consensus process in a public blockchain because all records are visible to the public. A consortium blockchain’s consensus process, on the other hand, would involve only a small number of pre-selected nodes. Only nodes from a single organization would be permitted to participate in the consensus process in a private blockchain.
Because it is totally controlled by one company, a private blockchain is considered a centralized network. Because just a small percentage of nodes are chosen to decide the consensus, the consortium blockchain created by numerous organizations is partially decentralized. The three types of blockchains are compared one by one.
Consensus-based decision. Each node on a public blockchain could participate in the consensus process. In a consortium blockchain, only a limited number of nodes are responsible for validating the block. In the case of a private chain, it is entirely controlled by one entity, which can decide on the ultimate consensus.
Read permissions. A public blockchain’s transactions are visible to the public, but a private blockchain or a consortium blockchain’s transactions are not.
Immutability. It is practically hard to tamper with transactions on a public blockchain because records are maintained on a wide number of participants. Transactions in a private blockchain or a consortium blockchain, on the other hand, could be readily tampered with because the number of participants is limited.
Efficiency. Because there are so many nodes on the public blockchain network, it takes a long time for transactions and blocks to propagate. As a result, transaction throughput and latency are both limited. Consortium blockchain and private blockchain could be more efficient with fewer validators.
Centralized. The major distinction between the three types of blockchains is that public blockchains are decentralized, consortium blockchains are partially centralized, and private blockchains are completely centralized because they are managed by a single entity.
Consensus algorithms. The public blockchain’s consensus process is open to everyone on the planet. Both consortium blockchain and private blockchain are permissioned, unlike public blockchain.
Because public blockchain is accessible to the entire world, it can attract a large number of users and communities. Every day, new public blockchains arise. The consortium blockchain could be used in a variety of business applications. Hyperledger is now working on business consortium blockchain frameworks. Ethereum has also made tools available for creating consortium blockchains.
The most relevant algorithms are reported in the following.
Proof of Work
The Bitcoin network employs a consensus mechanism known as PoW (Proof of Work). Someone must be chosen to record transactions in a decentralized network. Random selection is the simplest method. Random selection, on the other hand, is open to attacks. As a result, if a node wishes to publish a block of transactions, it must first establish that it is unlikely to attack the network. In most cases, the work entails computer computations. Each network node calculates a hash value for the block header in PoW. A nonce is contained in the block header, and miners would change the nonce regularly to obtain different hash values.
The estimated value must be equal to or less than a specific value, according to the consensus. When one node reaches the target value, it broadcasts the block to all other nodes, who must all mutually validate that the hash value is correct. Other miners will attach this new block to their own blockchains if the block is validated. Miners are nodes that calculate hash values, and the PoW technique is known as mining in Bitcoin.
Proof of Stake
PoS (Proof of Stake) is a more energy-efficient version of PoW.
In a Proof-of-Stake (PoS) system, miners must demonstrate that they hold the money in question. People with more currencies are thought to be less likely to assault the network. Because the single richest person is certain to be prominent in the network, the selection based on account balance is highly unjust. As a result, a variety of solutions are presented using a mix of stake size to determine which block to forge next. Blackcoin, in particular, employs randomness to forecast the next generation. It employs a formula that considers the lowest hash value as well as the stake size.
Practical Byzantine Fault Tolerance
PBFT (Practical byzantine fault tolerance) is a byzantine fault tolerance replication method. Because PBFT can handle up to 1/3 malicious byzantine replicas, Hyperledger Fabric uses it as its consensus method. In each round, a new block is determined. A primary would be chosen according to some rules in each round. It is also in charge of the transaction’s ordering. Preparation, preparation, and commitment are the three phases of the procedure. In each step, a node advances to the next phase if it receives votes from more than two-thirds of all nodes. As a result, PBFT necessitates the network’s knowledge of each node. Stellar Consensus Protocol (SCP) is a Byzantine agreement protocol similar to PBFT.
Delegated proof of stake:
DPOS (Department of Public Safety Operations) (Delegated proof of stake). The main distinction between PoS and DPOS is that PoS is a direct democratic system, whereas DPOS is a representative democratic system. Stakeholders choose who will generate and validate blocks. Because there are fewer nodes to validate the block, it can be verified rapidly, resulting in faster transaction confirmation. Delegates can adjust network characteristics like block size and block intervals in the meanwhile.
Ripple is a consensus mechanism that makes use of collectively trusted subnetworks in a larger network. Nodes in the network are classified into two types: those that participate in the consensus process and those that merely transfer payments. Each server has its own list of nodes (UNL). The importance of UNL to the server cannot be overstated. When deciding whether to pack a transaction into the ledger, the server queries the UNL nodes, and if the received agreements reach 80%, the transaction is packed into the ledger.
Relevant features for the Safety4Rails project
In particular, the following characteristics are considered relevant for our scenario:
- The use of a permissioned blockchain
- The ability to implement custom applications, not just related to crypto-currencies
- The adoption of open-source software
- The possibility to deploy private networks in private environments
- Good blockchain fork issues management
Given the requirements, the adopted system is represented by Hyperledger Fabric, an open-source enterprise-grade permissioned distributed ledger technology supported by IBM.
A proof-of-concept of the blockchain system has been tested by CuriX, a project partner not involved in the implementation of the blockchain. CuriX used the blockchain APIs provided, ad-hoc implemented for the context of the project, to upload the hash values of a set of data, used to train a model of normal behavior with the tool CuriX and use the stored hash values for verifying the integrity of that data.
Such tests demonstrated that the implemented approach could eventually be integrated into the S4RIS platform, to provide added value to the whole system, guaranteeing integrity and security of stored data. Indeed, as evidenced during the executed tests, it is possible to quickly identify data tampering activities affecting specific source of data, by querying the blockchain to spot potential anomalies on the stored data and/or to validate data hashes.
June 2022 – Alpha Cyber