Go Get Hacked, Says Nu-Genesis: The Question Is So What?

We talk to NuGenesis about its freakish obsession with crashing and hacking their own blockchains, using  the best blackhats in the business. In the light of the recent hacks continuing to plague Defi, its an  opportunity to review the developments in security.

With the internet of things (‘IOT’), supply-chain and NFT serialisation of physical items using physical  unclonable functions (‘PUFs’), being a digital fingerprint hardware that service as a unique identifier of  the devices, there is exponential increases in the interaction of data through an increasing number of  data points. Individuals have little or no control over the storage and the access to their information. in  the era of cloud computing and networking systems where many users share the same physical storage  or network. Application developers migrate their storage and computations to the clouds and require  the data privacy to be granted. Moreover, IoT, healthcare, smart grids, and several other popular  networking applications need to process and store a massively large amount of data, generally using  cloud computing.  

NuGenesis uses networks combining private and public networks in a blockchain system that separates  the sensitivity of the data for client needs and consequently uses a vast variety of authentication  systems, privacy services, providence services and integrity assurance services. “The proper integration  for these services in blockchain technologies”, says CEO Hussein Faraj, “has been based around scalability  concerns when using miners. We are increasingly streamlining our services with the removal of  scalability as an issue.”  

Integrity assurance deals with the correctness and the validity of the data stored, accessed, or generated  by the network. It assures that the information has not been changed or corrupted by unauthorized  users. Providing an end-to-end integrity assurance maintains consistency, reliability, accuracy, and  trustworthiness of the information over its entire lifecycle. The integrity is one of the basic components  of the CIA (confidentiality, integrity and availability) triad for information security. The leading  approaches uses the smart contracts to achieve its objectives. This framework is dedicated to IoT  applications that require a producer-consumer architecture. In this architecture, the owner shares the  data with other consumers for specific purposes. The data is generally shared through the use of the  cloud storage services, where the owner posts the data to the cloud and the consumers access the data  from there. Storing the data in the blockchain database provides the integrity service.  

However, the blockchain database are limited in memory and cannot handle the massive amounts of  data. Thus, storing all the cloud data becomes impractical. The idea of this framework is to store  encrypted hash values of the data on the blockchain database and these hash values are then used to  check the integrity. Storj is a blockchain-based peer to peer data storage system that utilizes the  blockchain database to store hash values of the data and verify the integrity. The network validates the  data stored offchain and returns back the metadata needed to retrieve the original data. In this way, the  integrity is provided efficiently; however, the requirement of tracking the intruders in case the data is  changed is still not provided. Ericsson partnered with Guardtime to provide integrity services that  allow the application developers to assure the integrity of their users’ data and assets. They utilize  Keyless Signature Infrastructure (KSI) to generate signatures for the resources. The Ericsson service  verifies that a collection of data has not been altered by storing their signature on a blockchain. 

The limitations come down to the computational power required that nodes generally do not possess.  The industry speculation is the use of specialised application mining nodes with high computational 

power, and with the point of failure involved with greater centralisation. Other proposals involve  decision making from the local blockchain logs without requiring distributed consensus. For example, in  the blockchain-based ACL (Access Control List) mechanisms (the ACL assuring that by defining a set of  rules stating who can access a specific set of data and when), the access decisions are made based on  the local copies of the blockchain database. However, this defeats the technology decentralized  architecture and its consensus as the nodes need to trust the local blockchain database and make  centralized decisions. Many promises have been made to resolve Bitcoin’s time issues in Ethereum and  Hyperledger platforms. However, the time required for mining is still two or three seconds as compared  to the milliseconds requirement. 

NuGenesis chains easily run in the milliseconds needed for the IOT and PUF supply chain rapid and  frequent communication. Rather than looking to store data locally or off-chain etc, NuGenesis prefer  dedicated blockchain storage chains to be readily auditable precisely for their valuable data analytics in  real time. The system validator nodes run on the randomness of the round robin protocol and  monitored by AI and can achieve transaction speeds in the milliseconds. There are no requests from  1000’s of validators and fee actions. The streamlined validation process through the super nodes with  byzantine fault tolerance and randomness via round robin monitored by AI, makes unnecessarily  superfluous broadcasting through validation networks.  

NuGenesis’ current innovation is the use of specially designed load balancers for blockchain. Load  balancers are used on the internet to transact millions of transactions per second. There is no apparent  limitation on the load balancer. All requests from wallets, apps etc come to the load balancer, whose  role it is to send the data to the right chain.  

The load balancers work on both the hardware level (routers, switches and dedicated systems) and  software level. They allocate the data according to the utilisation of the relevant chain at the relevant  time with where the data is supposed to be processed.  

NuGenesis load balancers do not require a continence chain to reconnect the data from the separate  chains because they have a blockchain ledger built into them with a consensus mechanism that records  what is in each block and backs up to a storage chain.  

With parallel processing of infinite blockchains running as para-networks, scaling up to 1,000 chains  parallel processing data is efficient. Data is sent through the load balancer which keeps track of the  database and storage of where data is sent in the storage chains. Data can be readily searched from the  explorer on the load balancer.  

With NuGenesis’ implementation of load balancers and consensus before packing on the load balancer,  the more parallel network chains that are added, the more data is injected into block creation of the  connected chains. Without a validation delay (validation occurring within a 100th of a microsecond), and  accordingly there are more dramatic increases in the speed of transactions. The more chains that  connect to the NuGenesis blockchain system with their own sovereign systems, they claim there is no  extraneous pressure on any particular system. With parallel processing, the more systems, the faster the  transactions processing.  

The simplicity of storage chains to provide comprehensive ACL updates and modify providence  information in milliseconds, may be better appreciated at each stage of the security service process. The  primary security service commences with authentication. Public Key Infrastructure (‘KPI’) involved  centralised certificate authorities (‘CA’) or decentralised web of trust (‘WoT’) to create, manage, use,  store, and distribute the public encryption keys. Whilst CA require trust and have a single point of  failure, WOT-based KPI also has the problem that they are unable to provide identity retention. That is, it  is possible for a user to impersonate the identity or the public key of an already registered user.

Blockchain based KPI solutions include Pemcor which uses the hash-value of the certificate being stored  in the blockchain. Others include Blockstack ID that uses Namecoin to build a distributed PKI system.  Namecoin is a fork of Bitcoin that allows data storage within the blockchain transactions. It is  implemented by defining a name-value pair that is used to store usernames and can be recorded in the  transactions. Namecoin was originated to store the DNS names, allowing users to register their  humanreadable name and associating names with the corresponding public keys. Blockstack modifies  Namecoin by adding another namevalue pair dedicated for the public keys. The advantage of using  Namecoin is that it already supports the name-value pairs in its transactions. Thus, the public key is the  value and the name is the identity of the owner. Blockstack implementation binds the user identity to an  elliptic curve public key which is one of the strongest public key cryptography mechanisms to date.  

Where the limitations of storage, efficiency and scalability with these solutions become insurmountable  are with privacy services. One approach used by NuGenesis for those private blockchains within public blockchains configurations is to completely hide the user’s identify within the trustworthy environment  of permissioned users. Data anonymization and differential privacy mechanisms hide the identity of the  user and make it difficult to link the data to its owner. Another approach used by NuGenesis is to utilise  smart contracts to define the access control policies and make authorisation decisions. The is their IOT  solution for allowing users to register their new resources and define their access policies through the  smart contract associated with these resources.  

“our social media platform will revolutionise privacy” says NuGenesis CEO Hussein Faraj: 

“users will be able to set their own policies, through our smart contract upgrade to Digital  Notarised Contracts (“DNC’s”), to control the rules of what the platform, advertisers and users in  general get to see and do with their personal data, including setting immediate and perpetual  micropayments for that use”.  

Another approach to privacy is to utilise utilize the blockchain technology to verify access control logs  for clouds in a federated cloud environment. The key idea is to use the smart contracts in defining the  access rights and collecting the access logs from different clouds. The blockchain miners compare the  access rights to the access logs. If a violation is detected, an alert is raised to be further handled by the  

system.  

This approach was implemented on top of the Ethereum platform. Results show that the system is  resilient to many threats, including compromising the communication channel to modify the access  rights, compromising the policy evaluation to allow unauthorized accesses, and compromising the logs  to alter or delete them. However, latency, cost and scalability are the challenges that need to be  considered for this platform to become practical. These problems disappear on the NuGenesis’ own  layer 1 chains.  

Data provenance security services deal with the auditability of the metadata that tracks and reports the  originality of the data and the operations associated with them. In the age of social networking, cloud  computing, IoT, and other distributed applications, data is an acute resource that is open and vulnerable  to intrusions. The owners need to know not only the data originality, but also the manipulations and the  accesses to the data along its lifecycle. For example, in IoT applications, the sensor data has to be  tracked so that they get to the consumers without any unauthorized modification. Further, the  consumers need to know how accurate the information is and what time it was sent. This can be  achieved only by proper data provenance techniques. The same provenance requirements are applied to  the healthcare data, the financial data, the governmental resource, or even scientific applications. Such  applications are worldwide, generating massive amounts of data that need to be tracked. Hence, the  provenance guarantees are crucial for these applications. 

ProvChain, Data Prov, Provenance and BlockVerify excel in this field using blockchain based tracking  systems, particularly for specialised use cases. Data Prov is used for drug trials and wheat production.  BlockVerify tracks counterfeit products and its best uses are in pharma, luxury products, diamonds and  electronics. For more general application says NuGenesis CEO, Hussein Faraj says “you need two things.  Firstly smart contracts that are more robust, such as DNCs, in checking data originality, validity and  timing of all changes and an unlimited storage chain with dedicated node for analytics”.