Shinichiro Matsuo
bsafe.network
Giving trust by security evaluation and bsafe.network
This is a severe problem. How can we trust the output of blockchain technology? We have several security issues. There was the huge DAO attack from two weeks ago. We also have other problems, such as protocol specification, key management, implementation, operation, and vulnerability handling. Also key renewal and key revocation issues.
- ISO/IEC 27000
- ISO/IEC 15408
- ISO/IEC 29128
- ISO/IEC 29128
- ISO/IEC, NIST
- IETF
We already have several international standards on each layer. Security policy, auditing, transparency, verification, security evaluation, cryptography, etc. We need these efforts for blockchain tech as well.
Myself and Pindar Wong have already started the bsafe.network project. This is basically "NSFNet for Blockchain", which is a neutral, stable and sustainable research test network for blockchain tech by international universities.
All aspects of blockchain tech can be tested over this network. We already started this proect, this year is a bootstrapping phase, we are starting with evaluation of the segregated witness protocol. We will be adding ethereum and hyperledger. In 2017 we will be making the scope of research wider with funding.
From the W3C viewpoint, we should have standardization items on ontology, analysis framework, used tech, operational nevironment, operational policy, interface, message format, protocol, relationship with WebCrypto, Web Application Security, and WebAuthentication.