RO weekly report
Nov 16th 2018
Recently, we have built a proof of concept solution of a host intrusion detection solution which eliminates several single-point-of-failures types of security weaknesses (such as network man-in-the-middle attacks, malware and even most attack vectors of through ring-1/-2/-3) in traditional centralized and networked security systems. Our solution leverages the power of a combination of public and private blockchain ledgers which serve as an immutable truth to the correct system state.
The initial PoC performs a system wide scan and output to the private ledgers to ensure confidentiality of the confidential security information and combines it with certain master information available through a public ledger.
The host-intrusion detection solution is an important step in delivering a new generation blockchain-enabled security solutions and will be further expanded in the coming months with dead-man-triggers to eliminate denial-of-service type of attacks, whitelists and adhoc targeted scans to enable integrity verification of remotely installed updates, patches and new features.
We have completed an initial state-of-the-art kernel, userspace and configuration hardening on Ubuntu Server 16.04 LTS with a long list of security patches, which are one of the key foundations for application runtime security. These measures will help us defend our core infrastructure against various classes of zero-day exploits, APTs, kernel bugs and even application bugs, thus large reducing possible attack vectors against applications running on our trusted infrastructure. This is an important step in providing a passive runtime security and we will continue working on fine-tuning certain kernel flags, documentation and manuals.
Our development priorities for the upcoming week are enhancing the features of the host-intrusion detection system and starting deployment of our uniquely-designed hybrid network of isolate, private hyperledger deployments (blockchain-as-a-service) and a public hyperledger.
The hardened VM is one of the most powerful protections in cyber security, which can prevent 90-99% of kernel zero day exploits, vulnerabilities and bugs. However, it’s also one of the least used security measures, because it represents challenges to developers. Having the hardened VM is important building step for us to in create a system architecture where all security is separated into a distinct layer and connected to applications via service-like interfaces.
For SECC wallet, we have completed the Beta test in June and released the v1.0 in July. In September, v2.0 has been released. The SECC wallet is compatible with Ethereum ERC 20 Token Standard and up to no limitation on number of digital cryptocurrency.
Given the initial progress, we are getting a clearer picture about the go-to-market product strategy. We aim to iterate fast and gather market feedback through a 2-step product launch.
We currently aim to launch our blockchain-backed host-intrusion detection solution together a private hyperledger-as-a-service by the end of 2018 or in first half of 2019. This MVP will test both the blockchain-as-a-service and the host intrusion detection solution for product-market-fit as well as commercialization potential. The intrusion detection tool will actually be a cornerstone technology for several other security components so while the MVP should be finished by Q1 2019, the development will continue throughout the 2019.
We aspire to launch a simplified of our core security-platform in the Q1-Q2/2019. The core of the platform will consist of:
1. a customer private & isolated hyperledger-as-a-service. These private ledgers will also be used by security components for a data security.
2. a hyperledger-based marketplace for security components (and possibly services) with tokens for payment integrity, escrow and other smart contract features
3. blockchain-backed software update and new component installation solution, which will verify that all new code is secure.
4. the intrusion detection tool, which will be the foundation for the security verification for the update.
5. a fortified VM (ubuntu 16.04) with state-of-the-art hardening for secure application runtime and passive security protections.
Building the team:
We are building a global team of experts in security and blockchain. In the past one month, we have already established and active cooperation with an expert hyperledger developer from the South Asia and are in discussion with other experts in security around the world.
This week,we have been joined by a server hardening expert with public recognition from Red Hat. He is working with us on the linux hardening and Linux kernel customizations but we are in discussion in extending the cooperation into more Linux related security work.
We are also in the final round of interviews for a new security architect and we are actively looking for English speaking interns with tech background to kickstart our public documentation library and sample applications. More hiring will be decided after the security architect is selected in order to balance skill sets with our roadmap requirements.
In May 2018, we participated in the TRON programming contest and selected into the“ Incentive Plan List”.In June 2018, we participated in the “2018 cnmaker China" for Guangdong Province Innovation and Entrepreneurship Competition,we won the "cnmaker Guangdong" Competition with the Third Award.
This week, we participated in the Bytom global development competition held in Hangzhou China and we has been selected unto the final Top 16. The final roadshow will be held on 17th November.
In addition, We will attend the RBWC 2018 in Shenzhen on 23th November and have more communication with the project parties, to know the latest trend of blockchain industry.
We have been reached out to by several contributors from Colombia, China, Iran and Pakistan. An software development expert with Google background has shown interest in our platform and mission. After a short discussion, he decided to support us and to look into possible technical solution and architecture of how our host intrusion detection solution could be further enhanced via Intel TXT and Intel SGX technologies, which provide an extra layer of hardware protection to private keys, pseudo- random number generators and other cryptographic primitives on which the whole security stands.
We will continue providing support to this and other contributors and we plan to start publishing more of our code and documentation online to ease access of the contributors. A contributor from Pakistan has made a review of the distributed identity threat model for us and we are taking that insight into our long-term vision for the truly distributed, non-repudiated, accountable identity security component which will service as a core for both our next-gen distributed-ledger-technology and as a component for applications running on our platform.
Next Week Planning:
1.Enhancing the features of the host-intrusion detection system and starting deployment of our uniquely-designed hybrid network of isolate, private hyperledger deployments (blockchain-as-a-service) and a public hyperledger.
2.Take part in the final round of Bytom global development competition.
3.Take part in RBWC 2018.