Homeland security's Report - substantial in context and scope

GOING DARK, GOING FORWARD a primer on the encryption debate.

These 25 pages are enough to make me speechless - with only 3 exceptions:

1. There is so much happening in cyber security. There are so many opinions, facts, options and directions. WOW! If I think so, I can't imagine who among my friends and associates will actually read this report.
   
2. The article posted on engadget.com entitled Homeland Security's big encryption report wasn't fact-checked is another interesting read. Again, so many facts, counter facts, opinions and directions.
   My only thought here is that, I appreciate all that our governments and professionals are doing to safeguard our security, rights, and freedoms.
   The fact that there is accountability and free speech, speaks volumes about those of us who are fortunate to live in a free, safeguarded and educated society.
   
3. The first point on page 6 of this report states:

Encryption plays a vital role in modern society, and increasingly widespread use of encryption in digital communications and data management has become a “fact of life.”

In regards to 'data management', sadly encryption has fallen short. The massive loss of more than 400 billion dollars per year is clear evidence of this fact, rather than the opinion.

Sooner or later (and I am betting on sooner) CORA will be recognized as the standard for data security. Unlike encryption, CORA is capable of producing "unbreakable data security".

Soon the CORAcsi Challenge 2016 will be launched to the global community. While this challenge is admittedly 'unfair', it will announce and validate this bold statement about "unbreakable data security". Stay tuned and spread the word.

IoT needs unbreakable

http://
ZDNet just published an article “The first big Internet of Things security breach is just around the corner”.

The IoT is projected to be worth in excess of 3 trillion dollars by 2020. Therefore, it should be obvious that it isn’t going away. Smart devices and chips will be everywhere. Yes, this is a security risk.

The challenge to the cyber security industry is to become “unbreakable”. 

Imagine the hundreds of thousands of hackers and unscrupulous employees who are spending ungodly numbers of hours and days trying to steal what doesn’t belong to them. Next imagine how many would continue to do so if they weren’t getting a piece of the $400,000,000,000 being stolen from you and me each and every year.

Unbreakable - the concept - is simple. 

Make it too costly and time intensive to “risk failing at the hack”! 

Risk money, time and potential criminal consequences, without getting “the prize” – who is going to do it? Ok, maybe the odd duck, but that is far better than the hundreds of thousands globally attempting to, and succeeding at stealing “our money”. Yes, it is our money, even if we don’t realize it. The big boys and girls aren’t going to lose 400 + billion a year without passing those losses onto the rest of us – not if they want to keep their jobs.

This is exactly why CORAcsi is unbreakable. Is it conceivable that someone might discover where all the CORA packages are stored throughout the Cloud, then breach each of the servers and networks involved, within a short window – say 5 minutes? 
Perhaps it is conceivable – and if they did, CORA would be no better than encryption. This may be conceivable, however, it is totally improbable, and will reduce the numbers attempting to succeed significantly, as failures clutter their landscape. 

Unbreakable = too costly and time intensive to risk failing at - the hack.

Unbreakable = leaving a trail (such as an employee who has access to “the catalog”).

Unbreakable = too many networks and servers to violate before a single package has been deleted.

Unbreakable = too many unknowns to warrant the cost while risking the consequences.

PELE - Practice Excellence and Live Excellence

Preamble

I would like to think there is a fundamental principle that defines CORAcsi’s corporate culture and Mission Statement. Allow me to take you on a journey behind the scenes, to a love of learning, and teaching, that spans decades.
What is life without passion? What is work without passion? I love talking about technology, innovation, teaching, learning, the love of learning, principles, integrity, commitment, physics, math... and yet, there is a foundation to all of these passions that I have identified through years of teaching, and that is excellence.

"Excellence is to Perfection as the Journey to the Destination."

He looks over a sea of faces. Some have boredom stamped upon their irises (irides). Others are evidently excited to be back at school, though history has proven that this excitement diminishes over time, especially with respect to "work".

The Challenge – motivate these young men and woman to ‘choose excellence’ daily.

He begins with a question:
“With a show of hands, how many want to live a life of… mediocrity?”
  Not a single hand!

After a short pause, another question follows:
“How many want to live a life of excellence?”
  Everyone raises their hand without exception – every year!

The pitch:

Aristotle so many millennia ago realized that ‘Excellence is not an act but a habit’. 

Let’s translate – if you want a life of excellence, then you must choose it by practicing excellence daily. If excellence is your habit, one that you have built daily, even when you didn’t ‘feel like it’, then you will have chosen success, chosen a life of excellence.

Over the course of a semester the students will often hear:

“Practice Excellence – Live Excellence.”

Practice Excellence – Live Excellence.

“Good Habits lead to success. Bad Habits lead to failure.”

Good Habits lead to success. Bad Habits lead to failure.

I imagine a school, team, corporation, country and world in which these principles are realized. I believe we are closer today, than they were in Aristotle's day. I aspire to call forth this foundation of excellence through my words, actions and creative works. I enjoy connecting with like minded people.

BlockChains and CORA

Allow me to briefly illuminate the similarities, and differences between BlockChains and CORA.

BlockChains are incredibly resilient, and beyond the control of any “one”. This makes BlockChains ideal for online currency, which was the apparent rationale that drove its creation.

CORA on the other hand was originally developed with a single purpose – to provide unbreakable data security – which encryption alone cannot deliver. 

While CORA has surprised us at CORAcsi.com with additional applications, such as securing one’s online, digital footprint, this is a byproduct of its primary mandate – security.

Hence I targeted a “distributed methodology”, but more than “just a distributed methodology”. I insisted upon the following characteristics:

Points B and D above are pivotal to understanding the difference between BlockChains and CORA as a means of securing data and protecting one's online digital footprint.

For online currency, I personally cannot imagine a better technology than BlockChains.

decentralized, peer-to-peer

The BlockChain is a decentralized implementation. Decentralized, peer-to-peer implementations have been around for years - "bitTorrents" that utilize many duplicates: seeds (files) and catalogs (routing tables).
The design of the BlockChain is beautiful; it is persistent, independent and versatile.

Regarding security, decentralized peer-to-peer systems violate requirement “B” above, by removing the requirements that:

1. The data can be quickly and permanently “shut down”.
2. The fragments are highly controlled and secured by professionals (not seeded to unknown computes, perhaps even home computers).

CORA must remain “centralized” so that it can be controlled and if necessary, shut down to prevent unauthorized individuals, teams, companies, or countries from viewing data that belongs to another. Moreover, CORA will not place packages (seeds) in multiple locations, nor on personal computers.

As stated in my earlier blog, executables in a BlockChain should make the global community extremely uncomfortable!

Executables violate requirement “D”, namely that each fragment must be inactive. Perhaps sterile is a better word! 

CORA is committed to using packages that inactive and can be shut down permanently if required.

Blockchains - Concepts and Connections

BitCoin

I often reflect about, well just about anything and everything. As I mused about BlockChains, I imagined that the paper accredited to Satoshi Nakamoto's gave rise to the BlockChain frenzy. An incredible concept and implementation that is ideal for the online currency that is "BitCoin":

1. redundant
2. decentralized
3. robust
4. a natural propensity towards security (as the number of blocks increase).
5. global

The following video can be found in IEEE SPECTRUM's article entitled "The Future of the Web Looks a Lot Like Bitcoin"

As with every pathfinder who proves a new concept, others are quick follow. Near the end of this article the author talks about the push to include executables in BlockChains. There are many articles and blogs that can be found about BlockChains, in particular I would like to draw your attention to the following:

BlockChain executable

O'REILLY's "Understanding the blockchain"

Blockchains and Online Dispute Resolution: Smart Contracts as an Alternative to Enforcement

Mike Hearn's blog "Developing apps for block chains"

---

itnews reports "Ransomware uses blockchains for decoder delivery"

In Ethereum landing page (as of June 5, 2016) one doesn't have to look far to read "Build unstoppable applications".

I know it sounds good, or great, however, we need to slow down for a moment and think about it! In a perfect world, we would all accept the same definitions for honor and integrity.. We would all know the difference between right and wrong, good and evil.

In a perfect world, I doubt that anyone would understand or care about a virus, worm, Trojan or malware. In a perfect world, a zero-day attach or vulnerability would only be found in the popular writings of a science fiction author with an incredible imagination.

Caution

Our world is not perfect - not yet! A zero-day vulnerability is "by definition" one that hasn't been considered or planned for! Do you see the danger in building "unstoppable applications"? Allow me to rephrase this:

Do you recognize the danger in an environment that allows for the building of:

• unstoppable viruses
• unstoppable worms
• unstoppable zero-day attacks

Yes, I know, we will build in safeguards, just like we do with Computers and Servers, and yet, someone always finds a way (sounds a lot like Jurassic Park).

Bottom line: Blockshains are ideal for an online currency that is decentralized. Once this moves to anything that can be "executed", there must be a "centralization" - a way to control these "seeds" of "potential disaster".

Upcoming Blog

Stay tuned for one of my upcoming blogs which contrasts this "decentralized distributed environment" with CORA, a Context Ordered Replacement Algorithm from CORAcsi that allows for the implementation of a centralized distributed environment.