ChubbyChecker: Elastos ELA/ESC Blockchain
Blockchain vs Database: 

Executive Summary

Summarising, what you get is a system that enables automated trading using Smart Contracts that are enacted on a private network, and where, due to the ability to share information with supply/health partners, using asymmetric cryptography, and also due to all database clusters acting as Masters in replication procedures, a partner organisation can access the shared data on their own local server. Sharing may also be completely revoked.

You also get a comprehensive Enterprise Application that works on Mobile devices and provides all accounting as part of the package, where the database we use (PostgreSQL) has zero licence fees, yet we can offer a 99.999% uptime guarantee (with Enterprise DB Support), excluding any down time due to the perpetration of “external” fraud (which will be detected by ChubbyChecker within minutes) and the subsequent investigations. The accounts system can be interfaced in a READ-ONLY fashion to your broader system. Or you may choose to convert all accounting to our system – which is quite possible and will be cheaper, and more secure, in all likelihood, than your present systems.

In addition you receive an economical and very security-conscious system, incorporating our ChubbyChecker Ultimate Cross-Checking package, which fills the security gap inherent in stand-alone distributed systems that employ Byzantine Fault Tolerance, as well as all the normal security measures such as client-side end-to-end encryption, together with the absence of risk of Man-In-The-Middle and Denial-Of-Service attacks (with our use of jvm-libp2p, bypassing, as it does, the normal Domain Name System – DNS). The distributed nature of the system is what allows the operation of private-networked Smart Contracts, incorporating unlimited volumes of data per contract (and overall), and also it is what allows the secure sharing of information, as necessary, to enable business/health operations to function efficiently.

But what is the magnitude of the risk against which we are protecting? According to an independent analyst organisation (Analysis) there were 25,949,000 personal records compromised in the healthcare sector
in 2023 alone.
“These are often called ’supply chain attacks.’ In fact, it is not just one
customer that can be attacked, but essentially every customer that uses
that vendor’s services. Thus, a single vulnerability can threaten many
thousands of organizations, such as in the 2023 MOVEit attack where
already over 2,600 companies in more than 30 countries admitted to
being attacked, with more than 80 million individuals’ data being
compromised. In fact, 98% of organizations have a relationship with a
vendor that experienced a data breach within the last two years. In
some studies, the number of data compromises due to supply chain
attacks in 2023 jumped 78% over 2022.”
Stuart Madnick – Harvard Business Review
The problem is no longer a case of “if” but now a case of “when” will your systems be attacked.

There are many vectors by which attacks may be mounted. Our use of jvm-libp2p avoids some, however, still, the most common and “fruitful” means of attack involve targeting individuals using Social Engineering. As an example of Social Engineering, the attackers may use knowledge gained in any fashion about an employee’s vulnerabilities, contacting that employee and using this knowledge to obtain the employee’s cooperation in an attack or in the exfiltration of information from your database. It is very important to have multiple offline data backups in place in the case of an attack, which may also arrive in the form of Ransomware. The basic process involves the attackers accessing your data and re-encrypting the data to prevent your access, then demanding a Ransom for decrypting the data. If you have a good back-up system, and your data is strongly encrypted, this is simply not a problem. Note that the backups need to be kept offline and thus inaccessible to an infiltrator online. Also consider the number of people who send passwords via email to themselves as a record, or to others to access their account in an “emergency”. If these emails are compromised in external third-party attacks outside your system, your system may become compromised by a malicious agent. This touches on the concept of an Attack Surface, meaning the myriad vulnerabilities any system may have.

Thus, there is a multitude of possible attack vectors threatening your system. Sealing it with the use of jvm-libp2p goes a long way towards total security. But there are many other practices that should be used to defend against Hacking and System Penetration. We can only offer advice to be vigilant and aware of the size of the threat, and to take appropriate counter measures (and there are many measures to take). As noted elsewhere our use of client side encryption will assist, as will the frequent, programmed running of our ChubbyChecker. Insider jobs via Social Engineering techniques and third-party breaches are still high on the list of threats. Education of all staff can help here, as can monitoring of database access patterns, and vigilance (automated) against abnormal patterns of use. Also, the use of Artificial Intelligence in this monitoring can make a difference when it comes to detection of “insider jobs”. An AI system can be trained to recognise excursions from normal usage patterns, and its performance is actually enhanced over time as it gains “experience”.

—————————————————————————–