Understanding BFT

What is the Byzantine Generals Problem?

• A classic problem in distributed computing that illustrates the challenges of achieving
consensus in a system with unreliable nodes.
• Imagine a group of Byzantine generals surrounding a city, each commanding their own
army.
• The generals must decide whether to attack the city or retreat, but they cannot
communicate directly with each other.
• The problem arises when some generals receive faulty or malicious messages, leading
to contradictory information and potential chaos.

What is Byzantine Fault Tolerance (BFT)?

• A concept in distributed computing that enables a system to continue operating
correctly even when some nodes are faulty or malicious.
 Understanding Blockchain Technology

What is Blockchain Technology?

• A decentralized, distributed ledger technology that records transactions in a secure and
transparent manner.
• Blockchain is made of blocks and blocks have several key information suchas index,
transactions, hash values, nonce stored.

• Key Features of Blockchain:

▪ Decentralization: No single entity controls the network.
▪ Immutability: Once recorded, data cannot be altered or deleted.
▪ Transparency: All transactions are visible to participants on the network.
Understanding Blockchain Technology
 Understanding Blockchain Technology

Blockchain Ecosystem and Components

• Blockchain Network: The network of interconnected computers that maintain the

blockchain ledger.
• Nodes: Individual computers that participate in the network and validate transactions.
• Miners: Nodes that compete to solve cryptographic puzzles and add new blocks to the
blockchain.
• Wallets: Software or hardware applications that store and manage cryptocurrencies or
tokens.
 Methods to solve BFT problem

•Commander and Lieutenant Method: In this method, there's a leader (the commander)
who sends orders to several lieutenants. The commander collects the responses from all
lieutenants and makes a decision based on the majority response. It's like a general
directing multiple officers and making a choice based on what most of them agree on.

•Unforgeable Signatures: Imagine a scenario where each message sent has a special,
unique signature attached to it. These signatures are like personalized stamps that only
the authorized sender possesses. When a message arrives, everyone can verify if it's
genuine by checking the sender's signature. If the signature matches the expected one,
the message is considered authentic and unaltered.
 Data regulations & security

• Standards and Regulations: These are guidelines and rules that define how data
should be handled, stored, and protected. They're necessary to ensure data is secure
and handled responsibly. For example, PCI DSS (Payment Card Industry Data Security
Standard), HIPAA (Health Insurance Portability and Accountability Act), and GDPR
(General Data Protection Regulation) are some regulatory frameworks ensuring data
security in specific sectors.

• HIPAA protects health information, PCI DSS secures cardholder data, GDPR safeguards personal data,
and others like NIST 800-53, ISO 27001, and Sri Lanka's Personal Data Protection Act regulate data
handling.

• Data Classification: This is a method of categorizing data based on specific criteria to

protect it effectively. It's essential for compliance, governance, and security purposes.
Data can be classified based on types, sensitivity, and how it's used.
 Data regulations & security

Data Classification Methods

•Content-Based Classification: Analyzes the content of files to identify sensitive

information.
•User-Based Classification: Relies on manual selection by users to classify data.
•Context-Based Classification: Considers factors like application, location, and user
interactions to categorize data.
 Data regulations & security

HIPAA (Health Insurance Portability and Accountability Act) and GDPR (General Data Protection Regulation):
Purpose:
• HIPAA: Specifically focuses on safeguarding Protected Health Information (PHI) within the healthcare industry
in the United States.
• GDPR: Aimed at protecting personal data and privacy rights of individuals within the European Union (EU) and
European Economic Area (EEA).
•Scope:
• HIPAA: Targets healthcare-related data and applies primarily to healthcare providers, health plans, and
healthcare clearinghouses.
• GDPR: Covers all industries and organizations that handle personal data of EU/EEA residents, extending beyond
healthcare.
•Geographical Reach:
• HIPAA: Primarily applies within the United States.
• GDPR: Specifically governs the processing of personal data within the EU/EEA but has global implications for
organizations handling EU/EEA residents' data.
•Data Types:
• HIPAA: Primarily focused on health-related data (PHI and ePHI).
• GDPR: Covers a broader range of personal data.
•Enforcement and Penalties: Both regulations have strict penalties for non-compliance, but GDPR penalties can be
significantly higher.
 Data regulations & security

GDPR vs HIPAA

•GDPR vs HIPAA comparison Link

 Data regulations & security

NIST 800-53 and ISO 27001:

Purpose:
• NIST 800-53: A set of guidelines and security controls developed by the National Institute of Standards and
Technology (NIST) to secure federal information systems within the United States.
• ISO 27001: An international standard providing a framework for establishing, implementing, maintaining, and
continually improving an information security management system (ISMS).
•Scope:
• NIST 800-53: Primarily focuses on securing federal information systems and does not specifically target a
particular industry.
• ISO 27001: Applies to any organization, regardless of industry or sector, seeking to establish an ISMS to protect
information assets.
•Applicability:
• NIST 800-53: Typically used within U.S. federal agencies and organizations dealing with federal systems.
• ISO 27001: Widely adopted globally by organizations to establish and maintain information security best
practices.
•Comprehensive Frameworks:
• Both NIST 800-53 and ISO 27001 provide comprehensive frameworks and guidelines for securing information
systems and data. They encompass various security controls, risk management, and continuous improvement.