Certification Body and a complaint Ecosystem
*Trustless Computing?! What do you mean?!
By “trustless computing”, we mean computing without the need or assumption of unverified trust in anything or anyone, except in the intrinsic resistance of the organizational processes critically involved, as recognizable by moderately informed and educated citizens. By “radically-unprecedented” IT security, we mean resistant to sustained attacks of tens of millions of euros to the life-cycle or supply-chain, subversive and economic, by actors with very low liability and high plausible deniability.
Why do we need a new Certification Body?
Why do we need a new standard-setting and certification body, and related open target architecture, that achieves levels of trustworthiness that are radically beyond state-of-the-art, while increasing public safety and cyber-investigation capabilities?!
Todays’ commercially available IT technologies – even those meant for the most societal critical use cases – are radically below the level of trustworthiness that is desired, remanded or required by its users. Current standards and certifications are not strong nor comprehensive enough to deliver such levels of trustworthiness. This produces enormous societal costs and risks of hampered economic and social progress, especially given their impact on our democratic institutions and on the future of artificial intelligence.
Current IT security standards, standard setting and certification processes like NIST, ISO, ETSI – even those of the highest levels of security, such as Common Criteria, FIPS, SOGIS, EU Top Secret, NATO Top Secret – have one or more of the following severe shortcomings:
- do not certify any complete end-to-end computing experience and device service and lifecycle, but just parts of devices, server-side service stacks or components;
- include only partially, if at all, critical hardware designs and fabrication phase, and when they are included the requirements and very inadequate and incomplete to resist a determined attacker;
- are developed in opaque ways by standard organizational processes that are only very indirectly (and inadequately) user- or citizen-accountable, and subject to various undue pressures;
- make dubious crypto requirements, such as “national crypto standards”, including custom elliptic cryptographic curves, that leave substantial doubts about the ability of certain national agencies (and potentially others) to bypass them;
- certify devices that are embedded into or critically connected to other devices that are not subject to the same certification processes;
- have very slow and costly certification processes, due to various organizational inefficiencies and to the fact that they mostly certify large (and often new) proprietary target architectures, rather than an extension of certified and open ones.
Wikileaks recent revelations, about the widespread availability of CIA hacking tools in the deep web, has made it clear that large corporate, financial and public institutions – and of course simple citizens – are much more exposed to scalable and targeted endpoint attacks by an ever larger number of competitors, criminals, and abusive states, than previously thought.
What is often unreported – but well known in top boardrooms – is the impressively low cost and high scalability of carrying out such attacks. State tools like NSA Turbine and NSA FoxAcid, or their private equivalents like Hacking Team RCS, are capable of the automated or semi-automated exploit and remote management of up to hundreds of thousands of exploited mobile devices.
Unique Concepts of Trustless Computing
An excerpt from the Summary Position Paper:
- Assumes that extremely skilled attackers are willing to devote even tens of millions of dollars to compromise the lifecycle or supply chain through legal and illegal subversion of all kinds, including economic pressures; and many tens of thousands to compromise of the individual end-user.
- All and every software, hardware and processes that are critically involved in the IT service provisioning or lifecycle – from CPU design to fabrication, to hosting room access to standard setting – are subject to extreme verification relative to complexity, or to extremely resilient socio-technical oversight, based on offline citizen-witness or citizen-jury processes.
- includes only Free and Open Source software, from the operating system upwards. Strongly minimizes the inclusion of non-Free and Open Source Software, including updatable and non-updatable firmware. Makes extensive reuse of existing Free/Open Source Software components – through extreme stripping down, hardening and re-writing. It strongly aims at realizing the computing device with the least amount of non-free software and firmware in security-critical hardware components;
- Reconceptualizes IT Security as not a product – nor a process or service – but the by-product of the intrinsic resilience, accountability, and proficiency of all organizational processes that are critically-involved in the entire life-cycle and supply-chain.
- The current state-of-the-art high-assurance IT paradigms epitomized by Trusted Computing would be replaced by the model of Trustless Computing, where zero-trust is assumed in any person, organization or technology involved in the offering of a given IT service (or system), and trustworthiness ultimately relies in extremely technically-proficient and user-accountable organizational processes that underlie its operation, lifecycle and certification governance, whose quality can be assessed by moderately educated and informed citizens.
- Recognizes that the trustworthiness of critical computing systems is ultimately fully dependent from the user or citizen accountability and competency of any and all organizational processes critically involved in its entire lifecycle and operation. Vice-versa, it recognizes that key to assessing and improving the competency and accountability of critical societal organizations is to rely on the user-trustworthiness and user-control of the IT systems used in its governance, consensus formation and operations; reconceptualizing both critical human institutions and critical IT systems highly interdependent as permanently-constituent cyber-social systems.
Ecosystem and Certification Architecture
of the Trustless Computing Certification Body and the
TC-compliant CivicNet and CivicChain platforms and ecosystems
As soon as Trustless Computing will get public, equity and/or token funding in excess of $5M, our non-profit arm (Trustless Computing Association) will build a standard setting and certification body (Trustless Computing Certification Body), while our spin-off startup (TRUSTLESS.AI) will build an initial compliant open general-purpose computing base (CivicBase) and initial complaint IT services (CivicNet and CivicChain) that include compliant endpoint computing devices, in the form of a 2mm-thin touch-screen e-ink screen handheld device (CivicPods) and anonymization and network nodes (CivicNode) running on CivicPod desktop docking stations (CivicDocks) that includ an HDMI switch to connect the CivicPod to the user desktop monitor.
All security and privacy-sensitive data and services – of the provider and the users – will be hosted in dedicated hosting room (CivicRoom), whose access at any time requires 5 randomly-selected citizen-jurors and only utilize dedicated servers (CivicServers). The same base HW&SW base will run CivicDevices and CivicRoom locks. A CivicStore, managed by TRUSTLES.AI will offer additional client and server apps available in a (CivicStore), while anyone will be able to offer dApps on our semi-permissioned blockchain (CivicChain)running on CivicDocks
Fabrication and design of all critical hardware components will be subject to oversight processes (CivicFab) that will substantially exceed in end-user-trustworthiness those of NSA Trusted Foundry Program, at substantially lower costs; by adding to state of the art process the exclusive use of compliant monitoring equipment and the presence of 5 trained citizen-witnesses, during the 6-8 critical phases of the chip fabrication process. All CivicDevices are assembled, verified, flashed and shipped to their users by a compliant electronics manufacturing plant/service (CivicEMS), applying monitoring processes similar to the CivicFab.
After an initial exclusivity for TRUSTLESS.AI, anyone will be able to become a certified provider (TC Provider) by taking advantage of the CivicBase, whose components are all available under open source license and its HW design available under clear, long-term and low royalty costs. CivicProvider service is regularly and continuously verified and certified by the Certification Body), which will be extremely citizen-accountable and technically proficient and formally bound by paradigms (Trustless Computing Paradigms), in their final version.