Security

A long word about security….

security


The revolutionary Elastos Smart Web Scheme is the most secure practice currently known to prevent not only unauthorised access to data but also man-in-the-middle, denial of service, and other attacks.


Around 2000 the Chinese Government recognised the same problem as everyone: the inherent insecurity of the internet, despite “patches” in so many ways to close security holes.

They funded the development of what eventually became the Elastos Smart Web System. But it was not until 2008 (with the translation of the BitCoin BlockChain Whitepaper into Chinese) that there was developed a secure and trustworthy format for storage of all the information required by the developing Smart Web System.

Until that point there would have been no more reason to trust the Chinese People than anyone else to not corrupt or otherwise tamper with database information regarding the Smart Web System. In the Smart Web System, every person, every one of the components in devices, each application installed on the device, and any other entities existing and associated with the device, when a device registers with Elastos, is also registered with a unique ID at the same time, and a system of always being able to assure the identity of an originator of a system request (an onboard application for example) is maintained.

This forms a basis to remove any external, unintended, unauthorised or harmful players from communications over the net and internally between apps, etc. This micro-identity system works perfectly to ensure no external (or internal) threats occur. The identification system is automated and may not be tampered with by any individual, as it is recorded on a blockchain.

It is in the nature of a truly Distributed BlockChain that you would have to have personal control over 51% of devices, at once, on the entire Elastos BlockChain globally, to effect a change which could be fraudulent. This would not be impossible, without the Elastos Trusted Computing Hardware Enhancement as a requirement for all Mining Computers that participate. (Please refer to Elastos Enterprise Strength Block Chains).

The entirety of the Elastos code base is publicly verifiable open source code (100%).

The second component of the Elastos Framework ensures communication of data of any sort between Elastos-registered users &/or devices on the internet is safe, private and secure. It is called the Elastos P2P Carrier Network. The Carrier Network cooperates intimately with the Elastos “Runtime” onboard your device to ensure security whilst providing a web-socketless means of connecting to external internet sites.

This means processes occurring within your device and processes requiring communication between Elastos-Registered Devices are entirely safe. An Elastos DApp (or Distributed Application) protects all registered users, whilst keeping all players honest. In this way, the entire Elastos network of people, devices (and ‘Internet of Things’ components) is security-guaranteed.

If Microsoft Windows, Apple Mac OSX, Linux, the iPhone’s iOS, and Android are device-based Operating Systems, which allow networking between devices, Elastos forms a Global Network-Operating-System of which devices – and all the individual components within – are merely parts. Reference to the Elastos Whitepaper will introduce anyone curious, to the new ways Elastos has to offer for security assurance.

Fraud:

There remains, however a threat which plagues Enterprises. It is the internal threat posed by Fraud, including the threat from employees of our own organisation as database administrators. The criminal actions of a person or people otherwise authorised to use an ordering and financial system may be detected and virtually eliminated by imposing certain restrictions, checks and balances in a system. Thus organisations use Internal Auditing to verify transactions, in particular their appropriateness and authenticity. However it has still been the domain of certain Technical Employees and System Administrators to have access to the entire database (Superusers).

The use of Block Chains, an idea originating with Bitcoin, the “crypto-currency”, removes the possibility of anyone at all editing the blockchain of transactions on the “Blocks”. However a financial transaction journal (for example) running on a BlockChain is connected to a database which is not, strictly, immutable. Our systems are designed so that you have to perform any corrections, not by editing records, which would show in automated monthly database-blockchain consistency assessments as a targetable problem, but via the normal (internally and externally auditable) accounting processes accessed in the DApp and recorded on the blockchain as a correcting transaction – fully visible. Elastos is a BlockChain-Based DApp System. A DApp is a Distributed Application (there is strictly no central webserver – it’s all on the devices).

IT Cloud Solutions Australia also employs other standard methods such as ensuring separation of Order and Requisitions functions from Accounts Payable functions, as well as other safeguards against internal fraud.
~

Distributed Bulk Data Storage (IPFS – InterPlanetary File System) &

Online Relational Database Data Storage (with PostgreSQL. postgres secure database )

In general, Off-Device Data Storage itself and Cloud Operations, in combination with Device-Based Blockchains, are neither particularly restrictive in terms of (authorised) accessibility, nor expensive. It is, in fact, very safe and secure when done properly. In terms of file storage, the unique “hash” signature (.. the ‘signature’ only, not the volume of data) of each data file (eg Documents, Images, Audio, Video), is recorded (together with the other auditable data) on the Blockchain (Sidechain), and may be compared to the hash computed from the file, whenever retrieved, to check for tampering. The actual data files are stored on a distributed network of Elastos-enabled IPFS community-supplied Servers (where providers of Disk Space are rewarded in ELA), a business expense of ours.

Nevertheless the main transactional database needs of enterprises are provided by a central cloud based installation accessed via the “socketless” Elastos P2P Carrier Network. We employ Postgres databases. Because it is true that Database Superusers in our organisation could conceivably corrupt stored data, we employ a monthly automated sidechain based check for consistency on the state of the database comparing end of last month’s state to end of this month’s state. The difference must be computed as consistent with the immutable evidence on the sidechain. We also log every access to the database of any type, so all superusers’ actions are audited.

Basic Principle:

“One of the keys to Computer Security is to assume that every connecting device is potentially hostile to your system.”

ITCSA undergoes full and independent database and file storage system Security Audits yearly, as well as monthly automated consistency tests of the database against the audit trails on the sidechains, reported to the Board. Our databases are backed up every 30 minutes with copies stored at multiple sites, which means that in the event of a data crisis (very unlikely), the latest “clean” backup can be restored and the system written forward from that point by re-running ‘WAL’ logs (Write Ahead Logs) to the latest ‘WAL’ file. This would restore the database to the backup just before the point of take down, so possibly up to 30 minutes work could be lost. Therefore we remain vigilant but confident.

We develop on Ubuntu Linux Machines (hosts) with Alpine Linux containers (on Docker, on the hosts) for compact image size.

ubuntu alpine

and on Apple Mac: For Android and iOS Front End (D)Apps

Our standard meets or exceeds ISO 27001 and ISO 27002 (Information Security Management Systems, including Best Practice Recommendations).




Thanks to:

Elastos Global Network Operating System, (since 2003) .. “Agnostic” to Device Operating System Brand

the Unix Device Operating System (since it began to escape from AT&T’s Bell Laboratories in the early 1970’s); Ken Thompson, Dennis Ritchie and the ‘C’ programming language.

and the Open Software Foundation (1984 – 1996), whose members helped set it free

and The creators of O.O.P. (Object Oriented Programming – from late 1950’s), especially Bjarne Stroustrup (from 1979) the inventor of C++, which saved the developers’ world.

and the IBM and Intel Companies for introducing the x86 PC Architecture.

also, Apple Inc, particularly for the quality .. and for switching to a Unix Operating System for their own computers

unix

the Free Software Foundation (since 1985)

(not forgetting) .. The Android developers. And Java!

also, of course Linus Torvalds,

who originally licensed and studied an educational version of the Unix Operating System for PC’s (or “Microcomputers”) called “Minix” from Prof Andrew S Tanenbaum in the form of a book with included source code – on Floppy Disks – (published by Prentice Hall) for $US69, based on the 1980’s series IBM/Intel-XT Personal Computer Architecture. (Unix, more a set of Standards now than “code”, was written originally for Minicomputers and Mainframes in networked multi-user environments, but there is no reason it can’t run – when the source code is written to the Unix Standards and compiled for the IBM/Intel Architecture – in multi-user fashion on a PC, which is the same class of electronic device as any other – non ‘Quantum !!‘ – computer). On January 5, 1991 he purchased an Intel 80386-based (“80386” CPU or processor) IBM PC XT/AT “clone” computer before obtaining his MINIX copy, which in turn enabled him to begin work on Linux. He commenced work on Linux in mid-March, 1991 (see below “Tanenbaum” link).

MINIX:

Relationship with Linux

Linus

Early influence “…The design principles Tanenbaum applied to MINIX greatly influenced the design decisions Linus Torvalds applied in the creation of the Linux kernel…. Torvalds used and appreciated MINIX, but his design deviated from the MINIX architecture in significant ways, most notably by employing a monolithic kernel instead of a microkernel. This was disapproved of by Tanenbaum in the Tanenbaum–Torvalds debate. Tanenbaum explained again his rationale for using a microkernel in May 2006…” (Wikipedia)

[ Nevertheless Tanenbaum (see the above link) admits that the demand for performance, in terms of computational process-speeds, but also in terms of speed in progress of the development effort, from users of Linux, outweighed the capacity of a microkernel system and militated in favour of developing a monolithic kernel, for practical reasons. The reasons for Tanenbaum’s preference for a “microkernel” lie in its security advantages. -Ed.]

“..Early Linux kernel development was done on a MINIX host system, which led to early Linux inheriting various features from MINIX, such as the MINIX file system.

Samizdat claims.
In May 2004, Kenneth Brown of the Alexis de Tocqueville Institution made the accusation that major parts of the Linux kernel had been copied from the MINIX codebase, in a book called Samizdat. These accusations were rebutted universally—most prominently by Andrew Tanenbaum himself, who strongly criticised Kenneth Brown and published a long rebuttal on his own personal Web site, also pointing out that Brown was funded by Microsoft. [At one stage Brown was also a Presidential “hopeful”! – ed]

Licensing
At the time of its original development, the license for MINIX was considered to be rather liberal. Its licensing fee was very small ($69) compared to those of other operating systems. Although Tanenbaum wished for MINIX to be as accessible as possible to students, his publisher was not prepared to offer material (such as the source code) that could be copied freely, so a restrictive license requiring a nominal fee (included in the price of Tanenbaum’s book) was applied as a compromise. This prevented the use of MINIX as the basis for a freely distributed software system.

When free and open-source Unix-like operating systems such as Linux and 386BSD (386BSD is an ancestor of Apple’s MacOSX -Ed.) became available in the early 1990s, many volunteer software developers abandoned MINIX in favor of these. In April 2000, MINIX became free/open source software under a permissive free software license, but by this time other operating systems had surpassed its capabilities, and it remained primarily an operating system for students and hobbyists….” Wikipedia (see “MINIX” link above).    

+ The Unix/Linux open-source ecosystem (since 1991), All contributors, under the various open source based licences, past and present.



linux



Thanks to: Rong Chen and Elastos
Rong Chen

In 2000, Rong Chen, a senior alumnus of Tsinghua University’s Computer Science department, returns to China from Microsoft USA and begins research and development for the first-generation Elastos network Operating System.
In 2003, Rong Chen was received by Jin-Tao Hu, the former CPC General Secretary.

In 2006, Rong Chen completed the kernel and graphics systems.

In 2007, Rong Chen built a complete smartphone and massively produced it.

In 2009, China Unicom used Elastos’ middleware as a fertile phone operating system framework.

In 2013, Foxconn invests in the Elastos open source project to build a distributed, cross-internet industrial Internet of Things and a smart home network operating system.

In May 2017, Rong Chen co-founded the Elastos Foundation with Feng Han to support Elastos – a blockchain-driven Internet project, attempting to create a new digital smart economy model that turns numbers into wealth.
In 2017, Sunny Feng Han and Ji-Han Wu started running the Bitcoin Investment Elastos Blockchain Community and an alliance with Bitmain and NEO started to take shape.

Currently the Elastos DApp development system is still progressing to Beta stage.




and thanks to our own Risk Management Practices
@IT CloudSolutions Australia