1. How does distributed ledger technology help monitor endpoint device threats that target consumers and enterprises?
Distributed Ledger Technology is used to store healthy hash values for reference during boot up and while actively running, as well as encrypted configuration files customized for each IoT device. These configuration files contain data which tells the IoT device what files or elements of the system state to hash and how often to take these and upload them or compare them to the healthy hashes.
2. The Project is Biomimetic, based upon the human immune system. Under some conditions, the immune system fails and is compromised, such as the existence of autoimmune diseases. Is it possible in your case and what will be your measures to counter them and restore functioning order?
Unlike the human immune system that can be compromised by an autoimmune disease, our Immune System Defense does not have the same fault. Although the Immune System Defense is architected to mimic a biomimicry response within an enterprise network, it is not vulnerable to the infection itself.
The Immune System Defense will be positioned within an enterprises core data center or facility, processing data, connections and a wide range of indicators for malicious action on their connected ecosystem.
3.What were you guys previously involved in prior to NOVAM? What motivated you to switch and get associated with blockchain based technology?
Adam Perschke, Ian Perschke and Brooks McMillin founded Inteligus Solutions in 2016. Our focus was on Identity and Access Management (IAM) solutions. We developed solutions for the largest Hewlett Packard Enterprise (HPE) Original Equipment Manufacturer (OEM) in the digital security and surveillance industry. Their products and services are in 50+ countries and on 50,000+ recording devices for multi-national embassies, international airports, correctional facilities, schools, stadiums, and other critical infrastructures.
In 2016, the Mirai Internet of Things (IoT) botnet occurred which spurred a frenzy among organizations, security experts, and governments. We had internal discussions of the global repercussions for lack of identity and access management and external discussions with telecoms and OEMs.
Mirai accessed IoT devices using default usernames and passwords, essentially bypassing security measures by fully authenticating itself and installing malware onto the device without issue.
Mirai was the inspiration that spurred two years of research to solve the issue of protecting and securing IoT devices and ecosystems using distributed ledger technology.
4. What is Unsupervised Machine Learning? Why did you choose it over Supervised Machine Learning?
Unsupervised machine learning is a variation of machine learning where the system can learn to identify complex processes and patterns without having to have a human provide guidance throughout the learning process. While we initially may have to start our AI analytics system up with supervised machine learning, where our developers will specify pattern of bad behavior for the system to detect, we eventually will migrate the system to unsupervised machine learning so that the human element can be taken out and NOVAM can find malware or other threats that may not match previous methodologies.
5. What role does Probabilistic Mathematics play in the functioning of NOVAM? What is Bayesian framework?
Probabilistic Mathematics is used in the analytics stage of NOVAM to determine how likely a detected change is malicious. For example, the probability of malicious activity is different between a change in a connected network and a change in the number of users on the device. The former may be malicious but can happen often during legitimate use. The latter is more likely to be malicious, but can still occur legitimately. The probability score lets potential changes be ranked to determine which is more severe, as well as letting different devices have different threat thresholds.
The Bayesian framework is the Bayesian statistics that are used in the aforementioned probabilistic mathematics. With Bayesian statistics probability expresses a degree of belief in an event which can change over time versus a permanently fixed probability.
6. Can a transaction be established when a NOVAM node gets disconnected from the main NOVAM network?
Transactions can still be created when a NOVAM node gets disconnected from the main NOVAM network, and if it gets disconnected with a group of other devices, the transaction can propagate amongst the NOVAM nodes that it is still connected to. Regardless, once the connection is reestablished, all transactions that weren’t seen in the rest of the network will get propagated.
7. Your approach to implementing distributed ledger technology is based upon DAG (Directed Acyclic Graph). How is DAG different from blockchain and what advantages do former has over the latter?
On traditional blockchain networks, such as Bitcoin and Ethereum, miners group transactions into blocks. To maintain order in the network, each of these blocks point to the previous block, creating a chain of blocks. In this process it is not uncommon for two miners to create a new block at the same time. In such a scenario one block will end up having to be orphaned, meaning the processing and electrical power spent to validate those transactions goes to waste.
Directed Acyclic Graphs (DAGs) replace the standard concept of a block of transactions with a single transaction. This makes it so that every transaction is directly involved in ordering the network. Multiple transactions can be created simultaneously, which contributes to the stability of the network, rather than being discarded. This also eliminates the need for mining, making the overall network more efficient.
Blockchains can fail when there are too many transactions waiting to be processed because, in this scenario, the blockchain branches faster than the branches can be pruned.
DAGs solve this problem by having each transaction be a self-containing entity that can be created at any time. This combined with low latency and a feeless structure means that DAGs can typically handle thousands of transactions per second. This is optimal for IoT networks where there could be thousands of devices all needing to communicate several times per minute.
Due to their blockless nature, DAGs can run the transactions directly instead of having to wait for a block to fill up and be processed. Instead of the 10 minute block time of Bitcoin, or the 15 – 30 second block time of Ethereum, the only limit on transaction speed in a DAG is bandwidth. This makes the network much faster than traditional Proof of Work or Proof of Stake networks.
While being fee-less is not a default property of DAGs, DAGs give the opportunity for transactions to directly confirm other transactions, cutting out the need for a fee-paid middleman. NOVAM takes advantage of this attribute to make transactions and informational tasks free. DAGs also lower the cost for distributed ledger hardware as expensive mining rigs are no longer needed to keep the system running.
8. How is validation processed in NOVAM?
NOVAM nodes must work to approve two other transactions before they can transmit their own.This approval process ensures that nodes that issue transactions are contributing to the security of the network. If a node finds that a transaction is in conflict with NOVAM’s history, the node will not approve the conflicting transaction.
When a transaction is created:
- Two previous transactions must be approved
- These approvals are represented by directed edges
If a directed edge between transaction A and transaction B doesn’t exist, but there are at least two directed paths from A to B, then it is understood that A has indirectly approved B. Every transaction must approve the genesis transaction through this process – either directly, or indirectly.
There are no strict rules for how a node chooses which transactions to approve. With that said, if a large number of nodes follow the same reference rule, then for any fixed node, consistency is most prudent and therefore preferred.
As a transaction receives additional approvals, it is accepted by the system with a higher level of confidence. This increases the difficulty of trying to make the system accept a double spending transaction.
In practice, it may be impractical to wait until every current tip has approved a transaction to consider it verified. Different vendors and/or systems can set their own specifications: 95 percent of tips, 99 percent of tips, etc. Similarly to other DLT solutions, it’s impossible to determine with 100 percent certainty whether young transactions are legitimate or not. If referenced by the majority of the tips returned by the Monte Carlo Random Walk, there is a high probability that older transactions are legitimate.
9. What is your approach to monitoring threats through NOVAM’s device health check systems?
The NOVAM System Health Check will enable an enterprise to automatically mitigate threats by re-installation of firmware or software bundles on IoT devices, if the firmware differs from its original state on the initial health check. This reduces the cost associated with automatically mitigating IoT threats while decreasing the time to mitigate an attack and ensure accurate and immutable attestation.
How it works –
1. Enterprise can initiate a health check for an individual or group of devices. This can occur both in the boot process and during runtime, and include the entire Chain of Trust or an individual statistic like firmware, operating system or applications.
2. The state of a device is recorded on an enterprise-specific CDN. This can be used as an external element for future device health checks.
3. Subsequent health checks compare the internal and external state of a device with NOVAM stored internal and external states, signed by the vendor, to determine if the device is healthy or compromised.
4. When a device is considered healthy and unmodified, no mitigation occurs.
5. If a device is considered unhealthy and compromised, based on the system health check, autonomous mitigation will occur.
10. What is the process to mitigate threats through NOVAM’s Immune System and autonomous threat mitigation?
NOVAM mitigates sophisticated cyber attacks aimed at enterprise networks and connected devices, as well as unintentional incidents, by leveraging Distributed Ledger technology to offer businesses and organizations an automated approach to protection.
A baseline of the system and connected devices is taken. Anything that the system deems out of this baseline is flagged for investigation. Abnormalities and threats are then recorded on the DLT to ensure each threat is investigated.
Mitigation can be automated entirely through the system, removing a threat entirely or quarantining a threat for a cyber professionals forensic investigation and manual removal.
11. How does NOVAM provide Audit and Regulatory compliance with Distributed Ledger Technology?
Distributed Ledger Technology provides a digital fingerprint against data tampering for attestation purposes in cybersecurity. NOVAM’s DLT solution provides an accurate and immutable audit trail of actions taken on an IoT device. We can directly provide an auditing for an enterprise or integrate into current cybersecurity products and services to ensure immutability within a device or network for compliance requirements. We intend to develop a dashboard for auditing and compliance needs as well as API integrations for cybersecurity integrators.
12. Currently, you do not have an MVP for the project. When do you plan to release one and how will it be audited?
We currently have a developed prototype of our IoT health check solution for firmware and software attestation. We will be showcasing the prototype to OEM, software developers and enterprise clients for future pilots and partnerships. The health check solution using DLT is a key factor in starting a conversation with the enterprise and to start securing individual devices and ecosystems worldwide.
Our current roadmap indicates we will be holding private testing of the health check solution with partners in early 2019. We will be rapidly developing the NOVAM Network TestNet for testing in 2019 as well.
Our future plans are to develop the Enterprise Network AI (Immune System Defense & Response) once we have established enterprise cooperation for individual IoT devices and ecosystems.
13. Do you have any proposition for fund allocations for further development of the project?
We will be allocating funds based on our roadmap, partnerships, and development lifecycles. All of this information can be found at our site.