Introducing Azure Confidential Ledger - a blockchain-powered service designed with security and integrity at its core
Built on the Confidential Consortium Framework (CCF) Microsoft Research project, we are excited to announce the public preview of Azure Confidential Ledger (ACL), a fully managed service that provides the ability to store sensitive data records with integrity and confidentiality protections, all in a highly available and scalable service. Using ACL, customers can store data in an immutable, tamper-protected, and append-only ledger. The service provides these assurances by harnessing the power of Confidential Computing’s hardware-encrypted secure enclaves when setting up the decentralized blockchain network, limiting Microsoft’s access to operating the nodes in the ledger.
Use cases for Azure Confidential Ledger
Azure customers are rapidly adopting ACL for a variety of purposes, including audit logging and tracking of highly sensitive admin operations. In collaborative environments, where multiple parties are involved in the sharing of sensitive data, ACL addresses the requirements to trace access to critical business information. For example:
Healthcare institutes may want to record access to medical devices by technicians performing maintenance on the device. Those medical devices may store private patient data, such as imageries or health measurements.
Financial or retail businesses can track financial transactions that happen on the regular payment circuits and build an immutable log of value transfer between parties at a specific timestamp.
Financial or healthcare organizations interacting with multiple parties will be able to resolve potential disputes or provide insurance services on events that occurred in the line of the business system.
IT departments can apply administrative and control changes, such as grant access permissions to critical resources, and then record security events separately from proprietary line-of-business applications.
Supply chain can also benefit from connected devices and platforms for logging transactions. Microsoft has championed the use of blockchain technology in the supply chain to improve resiliency, traceability, and predictability of the end-to-end process. ACL can be an important ingredient in providing traceability guarantees. You can read more in the Microsoft Industry blog: Improve supply chain resiliency, traceability, and predictability with blockchain.
Any time deeds are exchanged, a proof of authenticity of documents provides assurances that transactions have been completed and accepted by all parties involved; the confidential ledger may contain references to such deeds, and its confidentiality necessary to prevent access by unauthorized parties, including the cloud provider.
Any other need for e-discovery and forensic access to records, which would result in confidential records being disclosed with investigating third parties. While certain solutions exist in the marketplace, ACL can provide stronger guarantees that are easy to verify.
Azure Confidential Ledger use cases
The technology behind Azure Confidential Ledger
Based on a permissioned blockchain model by the Confidential Consortium Framework (CCF), ACL offers unique data integrity advantages. These include immutability, making the ledger write-only, and tamper-protecting to ensure all records are kept intact. The ledger runs exclusively on hardware-backed secure enclaves, a heavily monitored and isolated runtime environment, which keeps potential attacks at bay. Specifically, ACL runs on a minimalistic Trusted Computing Base (TCB) which prevents access to ACL service developers, datacenter technicians, and cloud administrators.
Key features of Azure Confidential Ledger include:
Tamper-protected digital ledger for immutable data storage in a permissioned blockchain; its Merkle-tree architecture ensures that ledger receipts are universally verifiable.
Runs in hardware secured enclaves to provide append-only functionality with strong hardware-rooted confidentiality and integrity protections; data submitted from the client goes directly to the ledger’s enclave.
Tampering verification can be executed by users at any time.
Publicly available governance model where governance logs are part of the ledger and auditable by users at any time.
Managed web service with a REST API for ledger administrative tasks as well as record tracking, read previous records and verify tamper evidence.
Azure Confidential Ledger architecture
Data is sent to ACL over a required TLS 1.2 connection, and the TLS connection terminates inside the hardware backed security enclaves. This ensures that no one can intercept the connection between the customer’s client and the ACL server nodes.
In addition to interacting with the ACL API, it is possible to verify the ACL service integrity via an offline verification tool.
What makes ACL more secure than any other comparable digital ledger solution is that it leverages the Azure Confidential Computing platform. An instance of ACL runs in a dedicated and fully attested hardware-backed enclave. The ledger’s integrity is maintained through a consensus-based blockchain.
Ledgers in ACL are created as blocks in blob storage containers. Transaction data can either be stored as encrypted or in plaintext depending on your needs.
By adopting a Merkle tree-based approach, receipts of data writes include a full tree path to a signed root-of-trust. This means that users can verify transactions without storing or managing any ledger data, thus simplifying the additional burden of managing those receipts in a separate storage facility.
The ACL instance can be managed by administrators using an Administrative API and can be called directly by your application code through a Functional API. The Administrative API supports operations such as create, update, get, and delete of ledgers. The Functional API allows direct interaction with your instantiated ledger and includes operations such as put, get and verify data.
How can you tell whether Azure Confidential Ledger would be useful to your organization? You should consider using ACL if your organization stores records that are valuable enough for a motivated attacker to try and compromise the underlying logging/storage system. This includes “insider” scenarios where a rogue employee might attempt to forge, modify, or remove records.