Zero Trust Security System for Hyperledger Fabric - Cryptographic identity verification, code integrity, and secure communication
Project description
wFabricSecurity
Zero Trust Security System for Hyperledger Fabric
Overview
wFabricSecurity is a comprehensive Zero Trust Security System designed for Hyperledger Fabric environments. This library implements cryptographic identity verification, code integrity validation, communication permissions, message integrity checks, rate limiting, and retry mechanisms.
Core Philosophy
In a Zero Trust architecture:
- Never Trust, Always Verify - Every request must be authenticated and authorized
- Least Privilege - Participants only have permissions they explicitly need
- Assume Breach - All communications are encrypted and verified
Key Features
| Feature | Description |
|---|---|
| Code Integrity | SHA-256 hash verification of source code to detect tampering |
| Digital Signatures | ECDSA P-256 cryptographic signatures for message authentication |
| Access Control | Zero Trust communication permissions defining who can communicate with whom |
| Message Integrity | Hash verification for transmission integrity with TTL support |
| Rate Limiting | Token bucket algorithm for DoS protection |
| Retry Logic | Exponential backoff ensures reliable communication |
| Certificate Caching | LRU cache with TTL for performance optimization |
Installation
pip install wFabricSecurity
Requirements
- Python 3.10 or higher
- cryptography >= 41.0.0
- ecdsa >= 0.18.0
- requests >= 2.31.0
- pyyaml >= 6.0.1
Quick Start
from wFabricSecurity import FabricSecurity
# Initialize security system
security = FabricSecurity(
me="Master",
msp_path="/path/to/msp"
)
# Register identity and code
security.register_identity()
security.register_code(["master.py"], "1.0.0")
# Register communication permissions
security.register_communication("CN=Master", "CN=Slave")
# Create and verify signed message
message = security.create_message(
recipient="CN=Slave",
content='{"operation": "process_data"}'
)
if security.verify_message(message):
print("Message verified successfully!")
Architecture
The library follows a layered modular architecture:
┌─────────────────────────────────────────────────────────────┐
│ PRESENTATION LAYER │
│ CLI Tool API Gateway │
└─────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ APPLICATION LAYER │
│ FabricSecurity FabricSecuritySimple │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────────┼─────────────────────┐
▼ ▼ ▼
┌────────────────┐ ┌────────────────┐ ┌────────────────────┐
│ IntegrityVerifier│ │PermissionManager│ │ MessageManager │
└────────┬───────┘ └────────────────┘ └────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ CRYPTOGRAPHIC LAYER │
│ HashingService SigningService IdentityManager │
└─────────────────────────────────────────────────────────────┘
Security Flow
MASTER SLAVE FABRIC
│ │ │
│ 1. Compute SHA-256 hash_a │ │
│───────────────────────────────│ │
│ 2. Sign hash_a (ECDSA) │ │
│───────────────────────────────│ │
│ 3. POST {payload, hash_a, sig} ─────►│ │
│ │ 4. Verify ECDSA signature │
│ │────────────────────────────────│
│ │ 5. Check permission table │
│ │────────────────────────────────│
│ │ 6. Query code_hash ──────────►│
│ │ 7. Get data │
│ │◄────────────────────── 8. Return│
│ │ │
│ ┌──────────┴──────────┐ │
│ │ CODE VALID? │ │
│ └──────────┬──────────┘ │
│ YES │ NO │
│ │ │ │
│◄──────────────────┘ │ 9. Raise CodeIntegrityError │
│ 10. Process task │ │
│──────────────────────────────►│ │
│ 11. Response {result, hash_b} ◄─────────────────────────────│
Components
Security Services
| Service | Description |
|---|---|
IntegrityVerifier |
Verifies code integrity using SHA-256 hashing |
PermissionManager |
Manages communication permissions between participants |
MessageManager |
Handles secure message creation, signing, and verification |
RateLimiter |
Token bucket algorithm for DoS protection |
RetryLogic |
Exponential backoff retry decorator |
Cryptographic Services
| Service | Algorithm | Purpose |
|---|---|---|
HashingService |
SHA-256, BLAKE2 | Code and message integrity |
SigningService |
ECDSA P-256 | Digital signatures |
IdentityManager |
X.509 | Certificate management with caching |
Fabric Integration
| Component | Description |
|---|---|
FabricGateway |
Main Fabric blockchain gateway |
FabricNetwork |
Network abstraction layer |
FabricContract |
Chaincode function interface |
Use Cases
| Industry | Application |
|---|---|
| Healthcare | Secure patient data exchange between hospitals |
| Finance | Regulatory compliance with tamper-proof audit trails |
| Supply Chain | Product tracking with integrity-verified smart contracts |
| Government | Zero Trust architecture for citizen services |
| IoT | Device authentication and secure communication |
Documentation
📚 Complete documentation available at: https://wFabricSecurity.readthedocs.io/en/latest/
Includes:
- Installation guide
- API reference
- Step-by-step tutorials
- Architecture diagrams
- FAQ
License
MIT License - Copyright (c) 2026 William Rodriguez
See LICENSE for details.
Author
William Rodriguez
- GitHub: github.com/wisrovi
- LinkedIn: linkedin.com/in/wisrovi-rodriguez
- Email: william.rodriguez@ecapturedtech.com
Links
| Resource | URL |
|---|---|
| PyPI | https://pypi.org/project/wFabricSecurity/ |
| Documentation | https://wFabricSecurity.readthedocs.io/en/latest/ |
| GitHub | https://github.com/wisrovi/wFabricSecurity/ |
| Issues | https://github.com/wisrovi/wFabricSecurity/issues |
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
wfabricsecurity-1.0.1.tar.gz
(41.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file wfabricsecurity-1.0.1.tar.gz.
File metadata
- Download URL: wfabricsecurity-1.0.1.tar.gz
- Upload date:
- Size: 41.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1d93181492c37ac4cac403e301968d543a4518064dda38589051dae70b35a53b
|
|
| MD5 |
07c94dea9ecd12319bea4d2afdf5a29d
|
|
| BLAKE2b-256 |
6498d4f5a858acc1833b1de959e3f9546aa9bb90e21d21c8a38a191941ec5132
|
File details
Details for the file wfabricsecurity-1.0.1-py3-none-any.whl.
File metadata
- Download URL: wfabricsecurity-1.0.1-py3-none-any.whl
- Upload date:
- Size: 59.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
35cc2bfb7e6467822120211aff16ecab345cdc1c33d34a89661005753f6b750c
|
|
| MD5 |
f6e0f2d89baacc6048e84c8d7e8ddb62
|
|
| BLAKE2b-256 |
bbe61d423427bd86760aac19fc5ca86666d3ebb918ee6c491fd518a09314a29e
|
