SlideShare a Scribd company logo
1 of 20
Download to read offline
Provable Device Cybersecurity in
Blockchain Transactions
Len Veil
len@rivetz.com
www.rivetz.com
Blockchain Applications Revolutionize
Industries
“The most valuable data is no longer in the NSA,
it’s in your pocket”
- Bradley Rotter, Rivetz Vice Chair
Digital Assets Migrate
• Transition from cloud-based user assets to device-hosted assets
• Cryptographic keys provide direct interaction with the
blockchain
• Access to applications without “login”
• Username/password being enhanced with MFA
Example Digital Assets
• Cryptocurrency keys
• 2FA codes
• Financial account credentials
• Healthcare ID
• Identity / Government ID / License
• Affinity Programs
• eCommerce credentials
• Social media credentials
• Enterprise credentials
Blockchain Trust is Decentralized
• No central computer to trust
• No central entity to trust
• Trust is achieved by incentive rewards and consensus of the
participating nodes.
Blockchain Applications Achieve Trust
• From fintech to healthcare to supply chain management to
identity, blockchain services and business models benefit from
ledgers, immutable data, and decentralized security
• Users and devices participate in transactions on advanced
networks that are secured with cryptography, incentives, and
consensus algorithms
• Service providers desire to ensure correct user and device
permissioned for movement of digital assets and participation
in contracts
• Most business models require strong user and/or device identity
• Authorization
• Audit
Keys (Assets) have no Trust
• Who has the key?
• First thing an HDW wallet does is export key
• Many examples of wallet hacks involving private key
compromise
• Generally, we have no idea where our keys were created, where
they are, and where they have been
Device Identity is Weak
• Devices are commonly identified by MAC Address and IP
Address
• Easily modified
• Take a previously authorized device to a new blockchain network service
provider and why is it identified as a new device?
Trusted Computing Principles Solve
These Challenges
• Device Identity is Rooted in Hardware
• Isolated execution ensures that assets can be generated and
used without disclosure
• Sealed storage ensures that opaque key blobs can only be
accessed in these trusted execution environments
• Keys of different types are generated under this root of trust
• Non-migratable keys
• Migratable Keys
• Certified Migratable Keys
Trusted Execution Environment (GP)
• An execution environment that runs alongside, but isolated
from a Real Execution Environment (REE) of the Application
Processor.
• It has security capabilities and meets certain security-related
requirements
• Non-observable execution ensures operations cannot leak assets
• Sealed storage ensures assets are only available on a particular platform
• One or more Security Domains ensures assets can be fire-walled
• Certified set of security services ensure compliance to industry standards
• It protects TEE assets from general software attacks, defines
rigid safeguards as to data and functions that a program can
access, and resists a set of defined threats.
Strong Key Properties in Edge Devices
• Non-migratable keys
• Ensure that the digital asset is never allowed out of a trusted
environment.
• Any change to the device identity makes the key unusable
• Migratable Key
• May be migrated to any other device under control of the device owner
• Certified Migratable Key
• May be migrated to any other device under control of the device owner
• May be escrowed to an Escrow Authority under control of the device
owner
• Number of migrations and devices where asset has been migrated to is
tracked
• Controlled replication and destruction can be enforced
Root of Trust (RoT)
• A set of unconditionally trusted functions on a compute platform
• Must work properly each time executed, independent of any other
software that is executing on the platform
• Should be immune to (modest) physical attack
• May support the following security services:
• Authentication
• Confidentiality
• Identification
• Integrity
• Measurement
• Authorization
• Reporting
• Update
• Verification
Attesting to TEEs and Keys
1. Ability for unique instance of an immutable image (boot ROM) to
measure and verify the code it is about to launch
• Enhanced RoT services
• Boot Loader
• TEE
• Other critical security services
2. Ability for a RoT to assert provenance on a key
3. Includes information such as device identity, boot integrity, OS
versions, and other relevant platform security posture information
4. Access control policies
• User authentication
• Geolocation
• Time based
• Service Provider Whitelist/Blacklist
Example Transitive Trust
3. Execute
Extended
ROM
4.Execute
POST
&
BOOT
1.Execute
TEE
9. Execute
5. eRoT Verification
Crypto
Module(s)
8. Record
7. eRoT Verification
6. Record
eRoT Reporting
Root of Trust
2. Verification Checks
Security Domains
• Multi-tenancy allows Service Providers to co-exist without data
compromise
• Profiles within Security Domains allow key sets to exist in one
and only one context
• Personal, Enterprise
• Mom, Dad, Alice, Bob
• Owner, Service Personnel
rSD-1
TA-211 TA-212
TA-111
TA-112
Factory
Installed
SD-21
SD-11TA-11
Asserting Policy on Keys
1. Individual keys can have policy applied to them, and enforced
locally within the trusted execution environment
2. Policy can be simple or complex
• Did my platform change since the last time I used this key?
• Is the address I intend to transact with on a whitelist?
• Has an external oracle authorized my use of a specific service?
• Is my other device within Bluetooth range of this key?
• Can another one of my devices provide a second signature for a multi-key
operation?
• Has a user performed a biometric authentication to release the use of
this key?
Certified Key Containers and Operations
1. Cryptographic modules are specified by organizations such as
NIST and certified according to FIPS standards
2. Secure Elements are documented and certified by Common
Criteria Labs to meet protection profiles and corresponding
standards
3. Software products are documented and certified by Common
Criteria Labs to meet protection profiles and corresponding
standards
4. We must transition protection and use of digital assets to
certified containers, and ensure that users have the option to
choose safety and quality.
Auditable by Recording on the Ledger
With RoT, Trusted Execution, Key Types, and Security Domains, we
can record information on the blockchain within the transaction
• Strong Device Identity
• Integrity of Key
• Posture of Device
• Certifications on Key Containers
• Policies enforced locally
• Policies enforced remotely
• Remote policy entities
Applications Become Trusted with
Provable Keys
• Exchange Trading – authenticate device instead of
username/password/2FA
• Cryptocurrency Wallet – escrow key with central trust authority
(without disclosure) or decentralized contract to enable
recovery
• Cryptocurrency wallet – provably move key from one device to
another
• Trading Desk – enforce multi-sig transactions on specific
terminals
• Securities Trading – enforce KYC/AML
Known
User
Known
Device
Known
Condition
Assured
Instruction
The Rivetz Network
Provable Cybersecurity Controls
• Protection of Digital Assets with Policy Control
• Attestation and Recording of Device and Asset Quality as part of
Transaction
• Collections of User Devices Simplify and Safeguard the
Experience
Visit us at Booth #27
www.rivetz.com
t.me/Rivetz_Corp
@Rivetz
/r/Rivetz
@RivetzCorp

More Related Content

What's hot

CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementSam Bowne
 
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017Micro Focus
 
Iot secure connected devices indicthreads
Iot secure connected devices indicthreadsIot secure connected devices indicthreads
Iot secure connected devices indicthreadsIndicThreads
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsMaxim Salnikov
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration TestingSurabaya Blackhat
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyAdeel Ahmed
 
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingDSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingAndris Soroka
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCCHARGE Anywhere
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
 
Inside the Wire - thotcon 0x9
Inside the Wire - thotcon 0x9Inside the Wire - thotcon 0x9
Inside the Wire - thotcon 0x9Mike Kelly
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonGreg Stone
 
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEUnderstanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEGreg Stone
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
Ch 7: Attacking Session Management
Ch 7: Attacking Session ManagementCh 7: Attacking Session Management
Ch 7: Attacking Session ManagementSam Bowne
 

What's hot (19)

CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access Management
 
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
SUPPORTING SECURITY THROUGH NEXT GEN IDENTITY GOVERNANCE - #MFSummit2017
 
Iot secure connected devices indicthreads
Iot secure connected devices indicthreadsIot secure connected devices indicthreads
Iot secure connected devices indicthreads
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration Testing
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
 
Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
 
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & LoggingDSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
DSS ITSEC 2012 Balabit_Security_Shell_Control_Box & Logging
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWC
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
 
Inside the Wire - thotcon 0x9
Inside the Wire - thotcon 0x9Inside the Wire - thotcon 0x9
Inside the Wire - thotcon 0x9
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, Boston
 
Understanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PEUnderstanding the Role of Hardware Data Encryption in EMV and P2PE
Understanding the Role of Hardware Data Encryption in EMV and P2PE
 
National Digital ID Platform Technical Forum
National Digital ID Platform Technical ForumNational Digital ID Platform Technical Forum
National Digital ID Platform Technical Forum
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Java zone ASVS 2015
Java zone ASVS 2015Java zone ASVS 2015
Java zone ASVS 2015
 
Ch 7: Attacking Session Management
Ch 7: Attacking Session ManagementCh 7: Attacking Session Management
Ch 7: Attacking Session Management
 
Authentication
AuthenticationAuthentication
Authentication
 

Similar to Provable Device Cybersecurity in Blockchain Transactions

IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Rivetz - A blockchain smartphone's secret sauce
Rivetz - A blockchain smartphone's secret sauceRivetz - A blockchain smartphone's secret sauce
Rivetz - A blockchain smartphone's secret sauceRivetz
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
2017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f022017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f02Shawn Wells
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 
Dncybersecurity
DncybersecurityDncybersecurity
DncybersecurityAnne Starr
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsLibbySchulze
 
Cryptography in user authentication
Cryptography in user authenticationCryptography in user authentication
Cryptography in user authenticationRishikesh Jha
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionPrecisely
 
Public key infrastrucure and its uses.pptx
Public key infrastrucure and its uses.pptxPublic key infrastrucure and its uses.pptx
Public key infrastrucure and its uses.pptxGayathriSanthosh11
 
How to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedHow to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedArash Ramez
 
Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...David Wallom
 
Trust and Cloud Computing, removing the need to trust your cloud provider
Trust and Cloud Computing, removing the need to trust your cloud providerTrust and Cloud Computing, removing the need to trust your cloud provider
Trust and Cloud Computing, removing the need to trust your cloud providerDavid Wallom
 
IoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureIoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureVinod Wilson
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
BlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overviewBlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overviewPad Kankipati
 
Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...David Wallom
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Security Innovation
 

Similar to Provable Device Cybersecurity in Blockchain Transactions (20)

IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
 
Rivetz - A blockchain smartphone's secret sauce
Rivetz - A blockchain smartphone's secret sauceRivetz - A blockchain smartphone's secret sauce
Rivetz - A blockchain smartphone's secret sauce
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
 
2017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f022017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f02
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
 
Shifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environmentsShifting security left simplifying security for k8s open shift environments
Shifting security left simplifying security for k8s open shift environments
 
Cryptography in user authentication
Cryptography in user authenticationCryptography in user authentication
Cryptography in user authentication
 
Securing Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-MotionSecuring Sensitive IBM i Data At-Rest and In-Motion
Securing Sensitive IBM i Data At-Rest and In-Motion
 
Public key infrastrucure and its uses.pptx
Public key infrastrucure and its uses.pptxPublic key infrastrucure and its uses.pptx
Public key infrastrucure and its uses.pptx
 
How to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewedHow to do right cryptography in android part 3 / Gated Authentication reviewed
How to do right cryptography in android part 3 / Gated Authentication reviewed
 
Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...
 
Trust and Cloud Computing, removing the need to trust your cloud provider
Trust and Cloud Computing, removing the need to trust your cloud providerTrust and Cloud Computing, removing the need to trust your cloud provider
Trust and Cloud Computing, removing the need to trust your cloud provider
 
IoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architectureIoT mobile app device cloud identity and security architecture
IoT mobile app device cloud identity and security architecture
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
BlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overviewBlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overview
 
Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...Trust and Cloud computing, removing the need for the consumer to trust their ...
Trust and Cloud computing, removing the need for the consumer to trust their ...
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
 
Unit 5
Unit 5Unit 5
Unit 5
 

Recently uploaded

COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 

Recently uploaded (20)

COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 

Provable Device Cybersecurity in Blockchain Transactions

  • 1. Provable Device Cybersecurity in Blockchain Transactions Len Veil len@rivetz.com www.rivetz.com
  • 2. Blockchain Applications Revolutionize Industries “The most valuable data is no longer in the NSA, it’s in your pocket” - Bradley Rotter, Rivetz Vice Chair
  • 3. Digital Assets Migrate • Transition from cloud-based user assets to device-hosted assets • Cryptographic keys provide direct interaction with the blockchain • Access to applications without “login” • Username/password being enhanced with MFA
  • 4. Example Digital Assets • Cryptocurrency keys • 2FA codes • Financial account credentials • Healthcare ID • Identity / Government ID / License • Affinity Programs • eCommerce credentials • Social media credentials • Enterprise credentials
  • 5. Blockchain Trust is Decentralized • No central computer to trust • No central entity to trust • Trust is achieved by incentive rewards and consensus of the participating nodes.
  • 6. Blockchain Applications Achieve Trust • From fintech to healthcare to supply chain management to identity, blockchain services and business models benefit from ledgers, immutable data, and decentralized security • Users and devices participate in transactions on advanced networks that are secured with cryptography, incentives, and consensus algorithms • Service providers desire to ensure correct user and device permissioned for movement of digital assets and participation in contracts • Most business models require strong user and/or device identity • Authorization • Audit
  • 7. Keys (Assets) have no Trust • Who has the key? • First thing an HDW wallet does is export key • Many examples of wallet hacks involving private key compromise • Generally, we have no idea where our keys were created, where they are, and where they have been
  • 8. Device Identity is Weak • Devices are commonly identified by MAC Address and IP Address • Easily modified • Take a previously authorized device to a new blockchain network service provider and why is it identified as a new device?
  • 9. Trusted Computing Principles Solve These Challenges • Device Identity is Rooted in Hardware • Isolated execution ensures that assets can be generated and used without disclosure • Sealed storage ensures that opaque key blobs can only be accessed in these trusted execution environments • Keys of different types are generated under this root of trust • Non-migratable keys • Migratable Keys • Certified Migratable Keys
  • 10. Trusted Execution Environment (GP) • An execution environment that runs alongside, but isolated from a Real Execution Environment (REE) of the Application Processor. • It has security capabilities and meets certain security-related requirements • Non-observable execution ensures operations cannot leak assets • Sealed storage ensures assets are only available on a particular platform • One or more Security Domains ensures assets can be fire-walled • Certified set of security services ensure compliance to industry standards • It protects TEE assets from general software attacks, defines rigid safeguards as to data and functions that a program can access, and resists a set of defined threats.
  • 11. Strong Key Properties in Edge Devices • Non-migratable keys • Ensure that the digital asset is never allowed out of a trusted environment. • Any change to the device identity makes the key unusable • Migratable Key • May be migrated to any other device under control of the device owner • Certified Migratable Key • May be migrated to any other device under control of the device owner • May be escrowed to an Escrow Authority under control of the device owner • Number of migrations and devices where asset has been migrated to is tracked • Controlled replication and destruction can be enforced
  • 12. Root of Trust (RoT) • A set of unconditionally trusted functions on a compute platform • Must work properly each time executed, independent of any other software that is executing on the platform • Should be immune to (modest) physical attack • May support the following security services: • Authentication • Confidentiality • Identification • Integrity • Measurement • Authorization • Reporting • Update • Verification
  • 13. Attesting to TEEs and Keys 1. Ability for unique instance of an immutable image (boot ROM) to measure and verify the code it is about to launch • Enhanced RoT services • Boot Loader • TEE • Other critical security services 2. Ability for a RoT to assert provenance on a key 3. Includes information such as device identity, boot integrity, OS versions, and other relevant platform security posture information 4. Access control policies • User authentication • Geolocation • Time based • Service Provider Whitelist/Blacklist
  • 14. Example Transitive Trust 3. Execute Extended ROM 4.Execute POST & BOOT 1.Execute TEE 9. Execute 5. eRoT Verification Crypto Module(s) 8. Record 7. eRoT Verification 6. Record eRoT Reporting Root of Trust 2. Verification Checks
  • 15. Security Domains • Multi-tenancy allows Service Providers to co-exist without data compromise • Profiles within Security Domains allow key sets to exist in one and only one context • Personal, Enterprise • Mom, Dad, Alice, Bob • Owner, Service Personnel rSD-1 TA-211 TA-212 TA-111 TA-112 Factory Installed SD-21 SD-11TA-11
  • 16. Asserting Policy on Keys 1. Individual keys can have policy applied to them, and enforced locally within the trusted execution environment 2. Policy can be simple or complex • Did my platform change since the last time I used this key? • Is the address I intend to transact with on a whitelist? • Has an external oracle authorized my use of a specific service? • Is my other device within Bluetooth range of this key? • Can another one of my devices provide a second signature for a multi-key operation? • Has a user performed a biometric authentication to release the use of this key?
  • 17. Certified Key Containers and Operations 1. Cryptographic modules are specified by organizations such as NIST and certified according to FIPS standards 2. Secure Elements are documented and certified by Common Criteria Labs to meet protection profiles and corresponding standards 3. Software products are documented and certified by Common Criteria Labs to meet protection profiles and corresponding standards 4. We must transition protection and use of digital assets to certified containers, and ensure that users have the option to choose safety and quality.
  • 18. Auditable by Recording on the Ledger With RoT, Trusted Execution, Key Types, and Security Domains, we can record information on the blockchain within the transaction • Strong Device Identity • Integrity of Key • Posture of Device • Certifications on Key Containers • Policies enforced locally • Policies enforced remotely • Remote policy entities
  • 19. Applications Become Trusted with Provable Keys • Exchange Trading – authenticate device instead of username/password/2FA • Cryptocurrency Wallet – escrow key with central trust authority (without disclosure) or decentralized contract to enable recovery • Cryptocurrency wallet – provably move key from one device to another • Trading Desk – enforce multi-sig transactions on specific terminals • Securities Trading – enforce KYC/AML Known User Known Device Known Condition Assured Instruction
  • 20. The Rivetz Network Provable Cybersecurity Controls • Protection of Digital Assets with Policy Control • Attestation and Recording of Device and Asset Quality as part of Transaction • Collections of User Devices Simplify and Safeguard the Experience Visit us at Booth #27 www.rivetz.com t.me/Rivetz_Corp @Rivetz /r/Rivetz @RivetzCorp