ALTR delivers cybersecurity platform

ALTR startup pops up to renovate security standards for data monitoring, governance and threat protection
06 June 2018   1394

The first commercial product gets released by ALTR to utilize benefits of blockchain in security area. The platform is backed with ALTRchain - data storage built on enterprise-grade blockchain technology. The ALTR platform is a data-security solution for organizations to monitor, access and store critical information.

The company has raised 15 mln USD in funding. A group of advisors include:

  • Mike Maples, former security executive at Microsoft and IBM;
  • Fred Burton, former deputy chief of the counterterrorism division at US Diplomatic Security Service;
  • Michael Hermus, former CTO of the US Department of Homeland Security

The platform is meant to be deployed between data and applications, pull the information at driver-level and stores it immutably on ALTRchain. The platform consists of ALTR Monitor (provides detailed intelligence on all data-access activities), ALTR Govern (lets users create and apply rules-based locks and access thresholds in real-time) and ALTR Protect (decentralizes sensitive data storing it across a private blockchain).

We have a choice between change or breach. etwork-focused security isn't enough because it never really puts a dent in the sheer number of vulnerabilities. Rather than patching the existing attack surface, ALTR has found a way to significantly reduce it. In fact, with ALTR's full solution in place, the threat vectors for data move to nearly zero. Digital trust can finally be restored.

 

David Sikora

CEO, ALTR

More information can be found here.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   974

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.