Hi, Kurt and Hillary:
I would like to help to lead or co-leader the following groups if needed.
1: Exchange:
We can initially focus on the following areas
1): Minimum Security Architecture for crypto exchanges (for example, multiple tiered architecture, DB security, API security, cold wallet security, Full node sync with user's deposit and withdraw actions, etc)
2): Best Practices and security procedures for exchanges.
3): Testing and security checklist for implementing and operating exchanges.
4): The security considerations will be very different between centralized exchanges and the decentralized exchanges. So, we can start with centralized exchanges (which have well-known security incidents) and decentralized exchanges (which has fewer incidents due to its novelty but will gain the momentum on both usage and security incidents).
2: Cryptography:
we can influentially focus on various aspects of zero knowledge such as ZK-Snark, ZK-Stark,Halo, etc.
We can also look into Homomorphic encryption and secure multiple part computation.
3: Consensus:
We can exam various consensus algorithms and their liveliness and security properties.
Let me know if you have any questions.
Here is my short bio:
Chief Author of the book entitled <<Blockchain Security Technical Controls>> in Chinese, published 2018 by a Chinese prestigious scientific book publisher <<Machinery Industry Press>>. Book is available at Amazon: https://amazon.cn/dp/B07D9K9934
Chair, Blockchain Security Working Group at CSA GCR Chapter
Strong Experience in various security aspects of Blockchain Security
Previously ApplicationSecurity Practise Leader at CGI Federal
Experience in meeting compliance requirements with security standards such as FIPS 199, NIST 800-37 (Risk Management Framework) , NIST 800-53/53A (Security Controls for Federal IS), NIST 800-60, (Guide for Mapping Information Systems to Security Categories), Health Insurance Portability and Accountability Act (HIPAA)
------------------------------
Ken Huang , Chair, Blockchain Security Working Group, CSA GC
------------------------------
Original Message:
Sent: Jul 02, 2020 09:11:30 PM
From: Kurt Seifried
Subject: STICKY: Getting involved in the DLT Security Framework
To signup for a specific subgroup(s):
please see this sheet:
If you don't see a subgroup that you are interested in:
Suggestions for new working groups and discussion of existing working groups:
Work currently in progress:
We have a number of projects in progress, see below:
The initial security checklist:
Please feel free to add items, we will be tidying it up and merging/splitting/updating items as needed but we definitely want to capture all facets of DLT and Blockchain security checklists.
The provisional Table of Contents:
The provisional Table of Contents and major areas of interest is available at:
Again please feel free to suggest new areas/update existing ones, we definitely want to capture all facets of DLT and Blockchain security and get a solid map of the environment.
Getting started on GitHub:
The git repository for documentation is available at:
Please note we will be setting up additional repositories for code and software as they are needed. Currently there are three files of special interest:
- DLT-Attacks-and-Weaknesses-Enumeration.csv
- This is a list of 180+ attacks, it needs a lot of work (additional details, splitting and merging of various attacks, etc.).
- DLT-Security-Incidents.csv
- This is a list of various DLT security incidents, attacks, vulnerabilities, news items, CVEs, etc. Please feel free to suggest additional items as you run across them.
- DLT-Security-Resources.csv
- This is a list of the good papers/sites/questions/etc related to DLT and blockchain, please feel free to add item.
If you have any questions please feel free to ask on Circle or reach out to me via email.
------------------------------
Kurt Seifried
Chief Blockchain Officer and Director of Special Projects
Cloud Security Alliance
[email protected]
------------------------------