Security Principles of the Notary Server
The security concept of the NotarySERVER is based on principles that have become the gold standard of secure systems.
Radically Open: Kerckhoffs’s Principle
Named after Dutch cryptographer Auguste Kerckhoffs, this principle could most easily be translated into: Nothing shall be hidden.

Everything will be Open Source, open to scrutiny and therefore subject to peer review. This may often seem counter-intuitive to people who encounter this for the first time. But secrets are impossible to keep. And if the design of a system is built on the assumption that its security relies on a secret, it is only a question of when it will be compromised, not if. It is for good reason that we never trust proprietary, closed technology – and neither should you.

By following this principle, our top engineers will assume that potential attackers have full knowledge of the system, and will design the system to be secure against an adversary that is highly competent and motivated.                 

Collaboration with the best

     Following a radically open approach and being committed to 100% Open Source, we are not only able to choose from, and contribute to the best at the state of the art, thus lifting all boats, creating more opportunity for everyone – including ourselves.

Through this we also avoid a common fallacy in which security gets compromised. Dubbed “Schneiers Law” by Cory Doctorow,  global security icon and expert Bruce Schneier famously wrote: “Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break.”   

No single person or group should assume to be smarter than any other person alive today or in future. And if you encounter such a person: run. Cryptography is a highly complex subject, with a global community of extremely intelligent people as well as highly skilled and motivated adversaries as part of an extremely well financed industry looking for the tiniest possible problem in a protocol or cryptographic design. And for what we are building, the stakes will be high. So we need the best, as determined by the entire global community of cryptographers and security experts.     

Manage the attack surface

     When cryptography is done right, successful attacks never overwhelm the cryptography. Instead, they attack other, weaker components of the solution, and often they rely on human interaction – on the side of the provider as well as on the side of the user.

Keeping this in mind is central in designing the Notary server. That is why for instance we will avoid putting services directly on the public internet. Gaining access to the network that we will be deploying will be the first hurdle to overcome for any would-be attacker. And it will only be the first of many.

Built for the user

     The best security in the world is useless when the user does not like to use the system – and either switches to different, more user-friendly systems, or bypasses security measures in order to gain convenience or productivity. That is why usability, real-life use cases knowledge, and constant dialogue with our users will be central to the development of all our products.

Security starts at control of hardware

     It is often conveniently glossed over, but all software runs on hardware. Whoever has control over that hardware ultimately has control of the software running on it. And control over hardware means both physical as well as virtual control. That is why a physical server in a well controlled location is a fundamental corner stone of security.

Also, the power and efficiency of modern hardware has come at the cost of complexity. As Professor Joseph Weizenbaum, the author of “Eliza”,  pointed out decades ago, complexity and control are diametrically opposed – and complexity that is hidden, proprietary, and often incorporates a specific corporate and political agenda is a problematic base for trustworthy systems. With hidden opcodes and a publicly discussed management engine that has featured in many public discussions, Intel CPUs are a good example of this kind of tension.

That is why NotaryTRADE.IO chose OpenPOWER based systems, the only high performance architecture that is open from the CPU over the firmware and the operating systems that will be running our solution. Working with partners in the OpenPOWER Foundation we will work toward a solution that is secure, efficient, performant and can be deployed in physically controlled locations chosen by our network of server owners.

Security by distribution

Every NotarySERVER in the network is owned by members of the Cooperative, managed through Smart Contracts in their deployment across different secure hosting centres, operated by the most competent managed services companies. No party in this network shall ever have access to more than a small amount of servers at the same time, and there is no controlling central instance of the network. The network belongs to its users, which own the servers. The Notary Consortium is purely responsible for the orchestration of this network of contractual responsibilities.

Verifying the software

Verification of software running in a system, ensuring that what is available publicly is also what is running on the computer, is one of the harder challenges in terms of establishing a secure chain of supply and operations. Even when under your physical control, computers operating on a network may get tampered with from anywhere in the world.

That is why we will pay special attention to the supply chains in Notary Server, starting from what exists today and then improving upon it. All source code is going to be open, built for security, and we’ll build a software supply and deployment chain that is going to be as secure as we can make it. Security monitoring systems and experts shall look for attempts to tamper with our software in development or operation, and protect the security and integrity of the solution and its users.

But we intend to go even further than that. During the closing panel of the OpenPOWER Summit 2016 in Barcelona, Georg Greve put the challenge to the room for users to be able to verify the software that is running their own server to ensure it has not been tampered with, even when run by a third party. Engineers in the room pointed to capabilities available in Power8 that would allow such remote verification of code running.

Once the Notary Server has gotten off the ground, we plan to work with the OpenPOWER Foundation to explore and develop these capabilities for all of OpenPOWER and our Notary Servers.

Security by legislation

Many technologists struggle accepting the influence of governments in all fields, technology included. Truth is, the level of security and trust that technology can deliver is radically dependent upon the legislation affecting companies, individuals, intermediaries. Some legal frameworks protect security, privacy, freedom of speech. Others declare them a bargaining chip to be traded for national interest. The Internet has never been the space devoid of regulation that people assumed it to be, but the revelations of Caspar Bowden and Edward Snowden have put a spotlight on the way in which the United States are subjecting the Internet and all companies within their reach to their political, economic and other interests. Many other countries are doing the same.

Using US cloud services such as AWS, Azure, Google would firmly put our services and servers within reach of the US government. So would choosing US notaries to bootstrap what we are doing, because they are bound by the same national security laws – and blockchain offers no salvation against a compromise above 51% of the system.

Which is why NotaryTRADE has chosen Switzerland, known for political stability, and home of the best privacy and security enabling legal framework, as its base of operation.

NotaryTRADE.IO has been created by the Vereign AG, Zug on behalf of and in trusteeship for the Notary Trade Cooperative in founding.
© 2017 The Notary Trade Cooperative, Crypto Valley, Switzerland. All rights reserved.
About | Privacy