Page tree
Skip to end of metadata
Go to start of metadata

Overview: This page outlines tasks and milestones in order to manage and achieve goals that are set for the "X.509 Certificate Transparency using Hyperledger Fabric Blockchain" project.


Project tasks and milestones 

  • Week 1-3
  • Broader Goals for first Evaluation 
    • Understanding CTB design (https://eprint.iacr.org/2018/1232)
    • Running the existing proof-of-concept code for Hyperledger based CTB (HLCTB) network
    • Building a proof-of-concept client/server application supporting HLCTB-assisted SSL/TLS connection


  • Work done
    • May 27 - June 2

      • Meeting with Prof. mahavir jhawar - Introduction and understanding the project 
      • Premier on using openssl for generating certificates and signing certificates by certificate authority.
      • Read paper on CTB by mahavir jhawar: https://eprint.iacr.org/2018/1232.pdf
      • Revisit Hyperledger key concepts: https://hyperledger-fabric.readthedocs.io/en/release-1.4/key_concepts.html
      • Understand the structure of crypto-config folder where certificate for identity management are stored.  (WIP)
      • Run CTB network with two CA and browser organisations. Able to add certificate and query them.
      • Reissue certificate while the previous one is active. I have gone through the go chaincode, VerifyPKCS1v15  is at heart of reissuing certificate. But I am not able to understand what the signCert exactly is? Whether it is sign of newcertstring or newcertfile or sha256 of newcert using the current public key. 
      • openssl dgst -sha256 -sign currentCert.key -out sign.txt newCert.crt , but this produces binary output and VerifyPKCS1v15 is returning false.

      June 3 - June 9

      • Create a github repository with POC of CTB network using hyperledger
      • Reported issue related Wrong port number in build your first network  FAB-15602 - Getting issue details... STATUS
      • Understanding and running the basic-network, first-network and fabcar application of fabric-samples
      • Write a blog on structure of crypto-config and how different keys are related

      June 10 - June 16

      • Monday - Meeting with deva madala on progress till now and technical guidance
      • Testing the HLCTB network POC written by deva madala (fabric 1.1) and understood how to connect to HLCTB network and executing the chaincode  
      • Modifying the HLCTB network by adding CA to each org and couchDB for each peers for fabric 1.4
      • Besides the main goal, started with switching from direct container management to orchestration of containers using kubernetes
      • Create the project timeline and meeting regarding the same
      • Change in existing chaincode for proper revocation of certificates

      June 17 - June 23

      • Tuesday - meeting with Prof. mahavir jhawar regarding preparation for demo and current progress
      • Create an application(SDK) for connecting to the network and executing chaincode functions
      • Create a demo for server/client SSL PKI verification using HLCTB network
      • Thursday - show the demo to deva madala
      • Write a readme on how to run demo server/client application for testing HLCTB network
      • Friday-  show the final step by step demo to Professor and deva madala and discussion of the second quarter plans
  • Week 4-6
  • Broader Goals for second Evaluation 
    • Hosting the HLCTB over cloud
    • FireFox Extension to support HLCTB-assisted https connections 
    • Development of an interface allowing registration of Certification Authorities to HLCTB network
  • Work Done
    • June 24 - June 30

      • Trying to add Yeasy/blockchain-explorer:0.1.0-preview to the hlf network.
      • Added blockchain-explorer for fabric 1.4 on the HLF CTB network for easy monitoing of the transactions and the ledger.
      • Created a script for automatic testing of network. Using this we can generate multiple ca, domains cerificates , push them to the network, renew the certs for domains and also revoke them. It uses the CA server as a proxy.
      • Tested for serial processing of transactions for 100 domains and 5 times renewal of certificates and revoking them in the end. The network handled that, and blocks produced had one transaction each. Achieved a processing rate of 20-30 transactions per minute.
      • Tested for parallel processing with the same settings as serial processing. Each blocks had upto 10 transactions and achieved a processing rate of 200 transactions per minute.
      • Create a docker image of blockchain-explorer . It has two images , one for server and other for client.

      July 1 - July 7

      • Raised issue on `Explorer not able to connect orderer from docker.` -  BE-676 - Getting issue details... STATUS
      • Attending mentors and mentees meet call.
      • Adding caliper to network
      • Testing using caliper for different number of transactions and tps while changing block size and batch timeout in configtx.yaml
      • Adding swagger interface to ca server
      • Adding authentication to ca server
      • Deploying whole network on cloud with blockchain-explorer, ca server and caliper
      • Making  chrome extension

      July 7 - July 14

      • Make firefox extension
      • Add script for generating crypto-material and docker files for new CA organisation
      • Adding new CA organisation to current HLCTB network(locally)
      • Fixing queryCertificateHistory and adding creation of affiliation for orgs if not present
      • Create pm2 process file for CA server, reports server and channel Config API.
  • Week 7-9
  • Broader Goals for third Evaluation 
    • Scaling up of HLCTB: Simulation of https connections to sufficiently many HLCTB-registered domains 
    • Bench-marking HLCTB-assisted handshake overhead (on top of SSL/TLS handshake)
    • Fine tuning of HLCTB operations for better efficiency and security


  • Work Done
    • July 15 - July 21 

      • Monday meeting on caliper, firefox extension, CA server api and discussed further plan.
      • Deploy network on cloud and joining new organisation to network present on different server(whole network contains of 2 server)
      • Patching TLS certificates of orderers and peers for including IP SANs and documenting the errors faced
      • Documenting how to add new CA organisation
      • Create transfer_asset script for transfer TLS certificate for CA server
      • Documenting how to connect CA server to CA organisation in HLCTB network 

      July 22 - July 28

      • Presentation on CTB and work done
      • Reading paper on scaling hyperledger handle order of 4 tps. 
      • Adding demo for ctb-testing.ml using self-signed CA

      July 29 - Aug 4

      • Meeting with mentor showing the work done and changes needed.
      • Adding demo for hfctb.ml using lets encrypt as CA


  • Week 10-12
  • Broader Goals for last Evaluation
    • Prepare report explaining completed tasks
    • Certificate revocation 
    • Present your work done to hyperledger community
    • Wrapping up and organising the codebase


  • Work Done
    • Aug 5 - Aug 11

      • Meeting with mentors on created presentation and suggested changes in it for better understanding
      • Create more interactive presentation and also a demo video
      • Looked into certificate revocation part and studied current methods CRL, OCSP, OCSP stapling and Must-Staple   

      Aug 12 - Aug 18

      • Attended Hyperledger internship presentation of other students
      • Started working on report
      • Setup a OCSP responder, webserver for handling OCSPERQUEST using ocsp npm package

      Aug 19 - Aug 25

      • Meeting with mentors-- different ways of integrating currently available revocation models in HFCTB network
      • Wrapping up and organizing the codebase
  • No labels