Rivetz, an embedded, decentralised cybersecurity vendor, and Sentinel Protocol (Sentinel), a crowdsourced threat intelligence platform built on blockchain technology, have announced a partnership. This will incorporate the Sentinel Protocol threat intelligence platform into The Rivetz Network.
“Digital currencies’ decentralized nature has placed the responsibility of security on individual users,” said Steven Sprague, founder and CEO of Rivetz. “Rivetz and Sentinel Protocol share a vision to solve this issue this by enabling users to take control of their data and digital assets through seamless decentralized security solutions.”
The Rivetz Network
The Rivetz Network includes a collection of cybersecurity tools and services available for deploying ‘safe’ applications. Integration of Sentinel’s threat intelligence system will strengthen the cybersecurity policies within The Rivetz Network. The advantage comes because the pairing complements Sentinel’s blockchain-based cybersecurity ecosystem.
Rivetz established The Rivetz Network with the ability of third parties to become ‘Service Providers’. This enables it to integrate third-party providers via its system Registrar (which has a Service Provider registration process. After submission of an application, a short KYC check occurs with validation of a Service Provider’s credentials. Once there is an approval, Service Provider on the Rivetz Network can use smart contract-based automated settlements within the RvT token-based ecosystem.
The significance is that assets are available to asset owners and approved service providers via blockchain technology. Interactions with service providers become more efficient, more visible, and less costly because of the exploitation of the blockchain.
Rivetz’s security solutions depend on access to the Trusted Execution Environment (TEE), an isolated, measured computer environment separate from the operating system. By provisioning all digital transactions through the TEE, Rivetz ensures users’ private keys cannot be altered or stolen if the someone tampers with the operating system or there is a malware infection.
Securing the Rivetz Network uses secure enclaves in devices – such as the Trusted Execution Environments, Intel SGK, and IoT Secure Elements. These establish an open-source set of APIs which allows for an interoperable set of capabilities that provide the trustworthy experience for users. Sentinel’s Threat Reputation Database (TRDB) enhances secure provision.
“Digital currencies have become an increasingly attractive target for cyber criminals,” said Patrick Kim, CEO of Sentinel Protocol. “Sentinel Protocol and Rivetz are committed to raising security awareness. Together we are taking the steps to deliver blockchain innovations and provide a more seamless customer experience in securing digital assets and sensitive information.”
The Threat Reputation Database (TRDB)
Sentinel’s blockchain-based Threat Reputation Database (TRDB) collects data from distributed sources including:
- cryptocurrency exchanges
- payment services
- security companies.
The TRDB also crowdsources threat data procured from ‘collective intelligence’. In addition, its UPPward extension products – for Chrome and Firefox – protect individual users by allowing them to verify the authenticity of:
- wallet addresses
- social media accounts
- web addresses.
Sentinel has also launched the Uppsala Security Forum. This acts as a:
- community space to provide educational information about blockchain security
- a technical forum for an exchange of knowledge on security related insights.
The TRDB tackles two problems in existing cybersecurity. The first concerns the centralised nature of most databases in the security firms. Keeping threat information in one place makes it vulnerable to information manipulation and abuse. Such databases become an obvious target, like for the Sybil attack, or server hacking and service interruption. This is a fundamental problem of the centralised ‘client-server’ model across the Internet. In October 2017, for example, Russian state hackers stole NSA materials using Kaspersky’s antivirus software. Basically, hackers used the security tools to find vulnerabilities of their target.
The decentralised nature of blockchain mitigates the centralisation. Blockchain immutability makes it difficult to tamper with the data. The effect is to increase the security stability of servers which provide the data.
The second problem addressed is low propensity of knowledge workers in security vendors to share information. The greater the collected information (about risks), the greater the chance of preventing cybercrimes. Unfortunately, most security vendors compile threat information in isolation, as if this is a ‘winner take’ all game. There is minimal incentive to collaborate and create one comprehensive database.
TRDB uses incentive scheme to encourage security professionals (and vendors) to contribute to building the threat database under the consensus mechanism, with feedback from participants. Through this ‘collective intelligence’, the Sentinel TRDB can collect:
- hackers’ wallet addresses
- malicious URIs
- phishing addresses
- malware hashes
Enterprise Times: what does this mean
Rivetz and the Rivetz Network depend on trust and trustworthy communications. Devices, and people, must be capable of carrying confidential conversations. Devices must be able to associate with one another. Devices must protect secrets. The same properties apply to the owners of these devices and communication – people (owners).
In this light the partnership between the Rivetz Network and Sentinel, using blockchain, makes sense. Anything which increases security should be good (so long as an owner’s main objectives remain usable). The TRDB falls into this category.
What is less clear is the extent to which the TRDB adds value. Essentially this is unknowable. So another way of looking at this partnership might be to argue that Rivetz is turning to outsiders to shore up what it fears is a weakness. It is difficult to decide.