(Total Views: 766)
Posted On: 01/09/2018 1:50:09 PM
Post# of 82676
Happy reading lol:
BlockSafe Technologies, Inc.
Confidential for Discussion Purposes
1
Introduction 2 Cybersecurity is failing 2 Crypto currencies are vulnerable 3 Spending on Cybersecurity is growing 5
Blockchains 5 Blockchain overview 5 Blockchain security issues 6
Blockchain Security 7 Private blockchain security 7 Wallet Security 11 Desktop software 11 Mobile app 13 Wallet authentication 14 BSAFE Tokens 15 Token Offering 15 Token Sale 16 Increasing token value post-ICO 16
Team Advisors
Roadmap
16 18 19
2
Confidential for Discussion Purposes
Introduction
Cybersecurity is failing
It’s no secret that cybersecurity is failing. Every day some damaging new data breach is reported. The following table shows the scale of some major hacks.
Company
Records stolen
Yahoo
3 billion
FriendFinder
412 million
LinkedIn
165 million
Equifax
143 million
Heartland Payment Systems
130 million
Even though cybersecurity budgets have gone up, cybercrime has only increased. This is due to several factors, including insecure applications, a shortage of security professionals, an increase in mobile and Internet connected devices, and most importantly, the failure of existing solutions.
Consider Anti-Virus software, the workhorse of security, which detects malware by scanning for signatures. It is estimated that every 4 seconds a new malware specimen is released. By the time the Anti-Virus software vendors release a signature for this specimen (a typical lag time of 30 days), approximately 650,000 new malware specimens will be released. It is safe to say that Anti Virus software cannot keep up with this. Of course, Anti-Virus software vendors use other strategies such as advanced heuristics and increasingly AI techniques to help mitigate the threat but it is nonetheless a losing battle.
The modus operandi of a break in is to use multiple attack methodologies – social engineering, phishing, compromising websites to download exploit kits, etc. to get the user to download the malware. The malware then communicates with a command and control center to download modules that do the actual damage – a keylogger to steal
3
Confidential for Discussion Purposes
the keystrokes, mouse click capture to trigger screen shots, ransomware to encrypt files, webcam and microphone capture to invade privacy, etc. Once these modules are in place the attacker can get the credentials to external websites or internal resources to penetrate further into the network and carry out Advanced Persistent Threat (APT) attacks.
The mobile platform brings a new level of complexity and range of threats. For example, keystrokes are automatically logged by mobile operating systems to help in auto complete operations when a user is typing. It then becomes trivial for an attacker, who has convinced a user to download a malicious app, to steal the keystrokes from the system databases on the mobile device.
The increasing diversity and complexity of cyberattacks has created a fertile market for technologies that can protect against a wide variety of threats.
Cryptocurrencies are vulnerable
Though cryptocurrency proponents have done an admirable job building a distributed, anonymous framework for conducting secure transactions using public key cryptography, they are still not immune to attacks. As cryptocurrencies grow in both value and usage, securing them from a disparate variety of cyberattacks will become increasingly important.
Since 2011, there have been many heists of cryptocurrency exchanges, many of which
were later shut down. In the infamous Mt. Gox hack, nearly 650,000 Bitcoins were
stolen. So called “flash crashes” due to hackers have affected some exchanges such as
Kracken and GDAX.
Blockchain platforms themselves are also vulnerable. The DAO, an Ethereum project,
was the victim of a major hack. The hackers exploited vulnerabilities in smart contracts
and stole nearly $150 million. The money was recovered by doing a hard fork. However,
a faction of the Ethereum community, who believed that the fork went against the
principles of de-centralized control, created a split in the blockchain called Ethereum
Classic.
Hackers have also been attacking ICOs. CoinDash lost $7 million during its ICO after a
hacker altered the address investors were sending funds to so that the money went to
Confidential for Discussion Purposes
4
the hacker’s wallet. Days later, at least three ICOs were affected by a bug in a
cryptocurrency wallet called Parity that allowed crooks to nab $30 million.
Cryptowallets, whether desktop, online or mobile are especially vulnerable to hacking. A hacker can steal login credentials using keyloggers and screenshot capture and gain access to the wallet. Once they have access to the wallet, they can steal the owner’s funds.
According to John McAfee, anti-virus pioneer and Bitcoin cheerleader, security is the biggest problem with cryptocurrencies. In an exclusive interview with IBTimes UK at London's Blockchain: Money event, he claimed that without a major shakeup
in cryptocurrency security, the world of virtual money could crumble. Much of this, he explained, is because there are dangers in how people interact with their online money – namely via smartphone. He said using them to interact with Bitcoin is asking for trouble.
"Some people have hundreds of thousands of dollars on their smartphone wallet. And I tell them – if you give me your phone number, in five minutes I will transfer all of
your Bitcoins into my account," he said. “And I can prove it, its trivial." In this
scenario, McAfee explained how malware, usually a keylogger, can be used to circumvent strong encryption with ease.
“There will come one day when everybody’s wallet is emptied,” McAfee said to a gripped packed room.
A Dell SecureWorks report a couple of years back on Bitcoin malware found 150 distinctive malware families that were built to steal crypto currencies. To steal victims' bitcoins, most of the malware that SecureWorks found simply searches out common file types such as "wallet.dat" that might store private keys that control a user's coins. Any keys the malware finds are exfiltrated over FTP or HTTP connections to a remote server, which uses them to transfer the victim's bitcoins to their own wallet.
But some of the malware goes further, the researchers say. To steal the coins of users who encrypt their private keys with passwords, many of the Bitcoin stealing programs also include keyloggers designed to eavesdrop on users' typing. Even more tricky are malware types that wait for users to copy a Bitcoin address they want to send bitcoins to into their clipboard. When the user tries to paste the address, the malware replaces it
5
There are 100 million phones that have spyware or a keylogger, he continued, and
hackers are monitoring these phones. On their systems, they have laid down criteria
such as notify me if someone downloads one of these 20 wallets.
Confidential for Discussion Purposes
with a different string, irreversibly sending the currency to the malware operator's wallet. That last method never sends data to a remote server, so it can be much harder to detect, SecureWorks' researchers say.
Since transactions are anonymous and there is no insurance such as the FDIC in the USA (for bank deposits) if the hacker transfers your funds to their account and cashes out via an exchange, there is nothing you can do about it, and no institution to appeal to. Hence the biggest threat to the cryptocurrency economy is hacking.
Spending on Cybersecurity is growing
In light of the growing data breaches, there has been a dramatic growth in cyber security spending. According to Cybersecurity Ventures, in 2004, the global cyber security market was worth $3.5 B. In 2017, it is expected to be worth $120 B (35X growth) and will exceed $1 trillion cumulatively over the next five years, from 2017 to 2021.
This creates tremendous opportunity for companies that provide groundbreaking products in this space such as ours.
Blockchains
Blockchain overview
A blockchain is a distributed ledger consisting of a list of records. The records are called blocks. These blocks have a specific structure. For example, a block in a bitcoin blockchain has a header, a transaction counter and transactions. The block header is specially designed. It consists of a version number, a time stamp, a hash of the previous block, a hash of the root of the merkle tree of this block’s transactions, a difficulty target and a nonce. The difficulty target and the nonce are used in the proof-of-work protocol which makes it possible to achieve consensus among the nodes in the network and to reward the node which comes up with the nonce first (“the miner”). It also prevents Sybil attacks and solves the double spending problem.
6
Confidential for Discussion Purposes
The cryptographic links make it easy to read the database and to verify its accuracy, but make it extremely difficult for an attacker to alter or change the order of records. Because of these properties, a blockchain is a machine-readable unalterable historical record.
Blockchain 1.0
The first work on a cryptographically secured chain of blocks was described in 1991. In 1992, Merkle trees were incorporated in to the blockchain to enable multiple records in the block. In 1998, Wei-Dai was the first to conceptualize “b-money”. His ideas and the subsequent work by Hal Finney and Adam Back laid the groundwork for Satoshi Nakomoto’s revolutionary Bitcoin cryptocurrency in 2009.
Bitcoin’s success led to a number of alternative applications (coins) either by building a new blockchain or building on top of Bitcoin’s blockchain using a scripting language or building a meta-protocol. Soon the limits of this strategy became apparent. Building a new blockchain is not easy and requires significant development. It is easier to build on top of Bitcoin’s blockchain using its scripting language. But since it is not Turing complete and is not syntax-friendly, it limits its usefulness. However, a number of alt- coins use this approach.
Blockchain 2.0
In 2014, Ethereum, funded by a token crowdsale (ICO), took this a step further. Ethereum is a blockchain complete with a virtual machine called Ethereum Virtual Machine (EVM). The token of the Ethereum blockchain is called ether (ETH). It is traded on cryptocurrency exchanges and also used to pay for transaction fees (called “gas”) on the Ethereum network. The Ethereum platform runs Smart Contracts.
A Smart Contract is an autonomous program that executes itself when a specific condition (terms of a contract) is met. Because smart contracts run on the blockchain, they run exactly as programmed and are immutable and have zero downtime. As a result, Smart Contracts are used to develop a variety of applications such as financial applications, Decentralized Autonomous Organizations (DAOs), identity and reputation systems, digital assets (currencies), smart property, etc. The potential applications are limitless.
Ethereum does have its share of competitors such as Waves, Stratis, Lisk and EOS. However it is by far the most popular platform to develop Smart Contracts and most ICOs have adopted it. Even many enterprises are building private blockchains based on
7
Confidential for Discussion Purposes
the Ethereum platform. For example, J P Morgan’s Quorum blockchain is based on Ethereum.
Blockchain security issues
A Smart Contract is implemented as a set of functions, each one defined by a sequence of bytecode instructions. The contracts can transfer ether to/from users and to other contracts. Users send transactions to the blockchain network in order to create new contracts, invoke functions or transfer ether to other contracts or users. All the transactions are recorded on the blockchain. Since Smart Contracts have an economic value, it is crucial to guarantee that their execution is performed correctly otherwise an attacker can tamper with the execution and send ether to the wrong party.
Several security vulnerabilities in smart contracts have been discovered. These vulnerabilities have been exploited by attacks on Ethereum contracts, causing significant loss of wealth. The most famous of these was the attack on the DAO which resulted in losses of $150 million and resulted in a hard fork in the blockchain in order to recover some of the money.
Some of the vulnerabilities are due to Solidity, the language in which most Ethereum smart contracts are written. Others result from calls to untrusted contracts, re-entrancy, exception handling, etc. The problem is that due to its distributed nature, the source code of a smart contract is publicly visible. This means a hacker has access to modify the smart contract if they can find a vulnerability in the code.
Our goal is to secure the blockchain ecosystem by –
(1) Improving the security of blockchain transactions by providing a transaction authentication service
(2) Improving the security of wallets by providing desktop and mobile security software
Blockchain Security
There are two types of blockchains – public and private. In a public blockchain, anyone can set up a node and become a miner. They have complete access to the distributed
8
Confidential for Discussion Purposes
ledger, can initiate transactions, and can create smart contracts. The Bitcoin blockchain is the largest public blockchain. The main Ethereum network is also a public blockchain.
Private blockchain security
A private blockchain is a permissioned network. Permission is required to read the information on the blockchain and conduct transactions. Nodes that perform the mining are defined by the entity that manages the private blockchain. Private blockchains are run either by consortiums or by a single entity such as an Enterprise.
We plan to secure private blockchains.
Consider a private blockchain setup with Ethereum. A network of Ethereum nodes (called Ethereum Clients) constitute the private network. The network is identified by a specific network id.
A user interacts with an Ethereum client via a dApp. The dApp could be a wallet or custom software (web app, Java app, etc. as long as it incorporates web3.js for interfacing the app with the blockchain) that talks to the Ethereum client via JSON-RPC (remote procedure calls that invoke Ethereum APIs on the Ethereum client). The APIs allow the user to query the blockchain, initiate transactions and create smart contracts. What a user is allowed to do depends upon the permissions granted to a user. For example only specific users should be allowed to access the admin API, and specific users (developers) should be able to create smart contracts, etc.
Figure source – web3j.io
Confidential for Discussion Purposes
9
There are JSON-RPC interfaces to all the popular blockchains – Bitcoin, Ethereum, Eris and Quorum (built on top of Ethereum), Ripple and Hyperledger (implementations – Fabric, Sawtooth and Corda).
Transactions are initiated by a user (Externally Owned Account). The transaction is signed by the user’s private key and relayed to the Ethereum client via JSON-RPC. At the client, the transaction is validated and then relayed to the other clients. At some point in time, the transaction is mined into a block.
Figure source – web3j.io
Our solution involves two parts – (1) Blockchain Security Agent that is located between a dApp and a JSON-RPC client such as the Ethereum client, and (2) Blockchain Security Cloud Service.
Block Chain Security Agent
The Blockchain Security Agent performs number of functions –
● Blockchain Firewall - It acts as a blockchain firewall, shielding the clients on the blockchain network. It examines the traffic flowing between the dApp and the Ethereum network and allows messages that meet the policies of the organization.
Confidential for Discussion Purposes
10
● Authentication - It parses a JSON-RPC message and extracts the user’s account identifier and sends it to the Cloud software to authenticate the user. If the user successfully authenticates themselves, the JSON-RPC message is passed to the blockchain, otherwise it is blocked.
● Policy Enforcement - It acts as a Policy Enforcement Point and allows for granular access. It implements the access policies of the consortium or the enterprise. It enforces user roles and capabilities. The user roles and capabilities are defined in the Cloud software. For example, a user initiates a transaction that requires sending a message to a smart contract on the blockchain. The user is first authenticated then the user’s role is checked against the policy and if the user is allowed to send the message, it is forwarded to the blockchain, otherwise it is blocked.
● Load Balancer - It acts as a load balancer to spread the traffic among the Ethereum clients.
● DDoS mitigation – It mitigates DDoS attacks.
Blockchain Security Cloud Service
The Blockchain Security Cloud Service has the following capabilities –
● Two factor authentication – Multiple methods are supported including - Out-of- Band Phone Number, PIN, OTP, and/or Voice, OTP Delivery to Phone via SMS, Voice, Email, and/or Push, Out-of-Band Push – Accept/Deny, PIN, and/or Fingerprint, Hard Tokens – Key Fob, USB Key, and/or Wallet Cards, Mobile Tokens – iOS and Android, Desktop Tokens – Windows, OS X & MacOS, and/or Linux.
● Policy Server – The Policy Server stores the user access policies for the blockchain. It defines user roles and maps the roles to capabilities.
● Rules Engine – The Rules Engine stores rules that will be used by the Agent software to enforce access. For example, a rule might be to invoke two factor authentication if the transaction is over a certain amount.
We will sell this solution to enterprises, government and consortia that are implementing private blockchains. We expect that this market will grow significantly in the future and due to having a first mover advantage we will be positioned to be a major player in the blockchain security marketplace.
11
Confidential for Discussion Purposes
Wallet Security
Wallets are vulnerable to malware that can capture the user’s login credentials via keylogging and screen capture. Anti-Virus software tries to detect the malware using signatures and advanced heuristics. But as discussed earlier, they are oftenineffective.
Rather than trying to identify malware, we take a radical approach. We assume that malware exists on your device and prevent the malware from doing its job – keylogging, screen capture, clipboard spying, web cam spying, microphone spying, etc.
The solution suite comprises desktop software (PC/Mac) and a mobile app (iOS/Android). The desktop software and mobile app prevent the actions of malware.
Desktop software
The desktop software will have the following features –
Confidential for Discussion Purposes
12
Keystroke Protection – Traditional keystroke data flows through a series of steps before it appears on your monitor. Hidden in these steps is an area of vulnerability where cyber criminals try to take advantage using keylogging spyware. This feature bypasses the places keyloggers can reside, helping to eliminate your vulnerability to attack. A kernel component takes control of the keyboard at the lowest possible layer in the kernel. The keystrokes are then secured and sent to the application via an “Out-of-Band” channel bypassing the messaging queue.
Anti-Screen Capture – This feature prevents screen scraping malware from taking screenshots of your information surreptitiously.
Cryptographic Integrity monitoring – This feature constantly monitors the keyboard device driver stack to detect un-trusted drivers (which could potentially be keyloggers). If an un-trusted driver is discovered, it warns the user. It also checks if cryptographic services provided by the OS are operating properly.
Anti-Clickjacking - Clickjacking is a vulnerability that is exploited by hackers to load malware. Our desktop software prevents this from happening.
Trusted Platform Module (TPM) integration – The TPM chip is used to generate cryptographic keys.
All the above features currently exist. The planned enhancements are –
Mouse Capture Prevention - Malware monitors mouse clicks. We will prevent this from happening.
Clipboard Capture prevention - Malware monitors the clipboard to spy on copy and paste. We will prevent thisfrom happening.
Webcam Capture prevention - Malware monitors the webcam to spy on the user. We will prevent this from happening.
Microphone Capture prevention - Malware monitors the microphone to spy on the user. We will prevent this from happening.
The above four features are currently in development.
Defense against ransomware
Confidential for Discussion Purposes
13
Ransomware has been growing rapidly and is now one of the major threats. We are researching novel techniques to defend against this threat and expect to deploy our solution initially on the Windows platform.
Self-healing capability
This consists of ensuring memory and system integrity by periodically checking and removing malware changes automatically. This capability will initially be available on the Windows platform.
Mobile app
The mobile app will have the following features – Password Vault –
Strong Password Generator - This useful feature creates strong passwords based on user-defined preferences, and then stores the strong passwords in the password vault for future usage.
ProtectID® Soft Token - One-Time-Password (OTP) Generator for the industry leading ProtectID authentication platform. Features “one touch” user enrollment.
Support for other OATH compliant Soft Tokens – One-Time-Password Generator for third party OATH compliant soft tokens, such as the Google Authenticator. The provisioning is either manual or via a QR code.
Encrypted Database – Enables the storing of notes and other data in user defined fields in an encrypted database. This is accessible via the Password Vault which allows the user to create custom data fields.
Secure Keypad – Mobile OS’s such as iOS log keystrokes to help in auto-completion. These keystrokes are stored in databases that can be accessed by rogue applications. In
14
The Password Vault enables the secure storage of user credentials
required to access websites or corporate networks. The credentials are stored in
encrypted form. The user can also launch the website into a Secure Browser protected
by a Secure Keyboard.
Confidential for Discussion Purposes
addition, malware may be able to capture the keystrokes entered on the default soft keyboard.
The Secure Keypad is a custom keypad that provides secure input by encrypting keystrokes and preventing the mobile OS from logging the keystrokes.
Secure Browser – The Secure Browser is a custom secure locked-down browser that prevents the storage of cookies and other malware artifacts. The secure environment is reset for every browser session.
All the above features currently exist. The planned enhancements are –
Screen capture protection for mobile devices
This capability is currently present on the Windows desktop version and we want to extend it to mobile devices.
The following figure shows our secure keyboard protecting mobile wallets –
Wallet authentication
Confidential for Discussion Purposes
15
We will work with wallet companies (desktop/mobile or online) to integrate with our authentication cloud service to protect wallet logins with two factor authentication. The following figure shows how desktop and mobile products secure the wallet ecosystem.
BSAFE Tokens
Token Offering
The Company will issue its tokens (called BSAFE) on the Ethereum blockchain at a price of $1 each. The tokens will abide by the ERC20 standard and will be fully compatible with all Ethereum wallets that have the ERC20 token standard. The tokens will be created with a total supply of 100 million BSAFEs.
The following table represents the distribution of tokens -
Description
Amount of BSAFEs
Total Supply
100 million (100 %)
Seed round
2 million (1.5 %)
Confidential for Discussion Purposes
16
Pre-ICO
15 million (15 %)
Bounties
3 million (3 %)
Team/ Advisers / Other contributors
20 million (20%)
ICO
50 million (50.5 %)
Reserve
10 million (10 %)
Promotion
We will start a bounty campaign so participants can help spread the word to the community and receive BSAFE tokens as a bounty reward. Details of the bounty program will be available on our website in the near future.
Legal Governance and Compliance
We strongly recommend that all Contributors should seek their own legal advice as compliance may vary depending on their own status, nationality, the country they are resident / tax resident in, etc.
In the US, we will comply with all SEC laws regarding token issuance.
Token Sale
BSAFE tokens will initially be distributed in the form of a pre-sale at a discounted rate, more details will follow on our token sale website. The crowd sale will start a few days after the completion of the presale. A total of 50.5 million tokens will be available for purchase. Tokens will be made available on all major exchanges sometime after the crowd sale ends.
Increasing token value post-ICO
To increase the token value post-ICO, the company will use a portion of its revenue to buy back tokens. The tokens can also be used to buy the desktop/mobile products at a
17
Confidential for Discussion Purposes
discount over fiat currency, lending them a clear utility in helping purchasers improve their cybersecurity.
Team
Chris Henry
Chris Henry is an experienced Regulatory Compliance and Cybersecurity executive with over 15 years of experience in Bank Compliance, Governance and Risk Management. He has led many diverse and complex projects for major international financial institutions. Chris’ experience includes a blend of analytical and compliance advisory techniques, corporate governance revamping, enhance risk assessment protocols and expanding information technology skills. He has advised senior managers, directors, partners and C-suite executives responsible for critical internal audit, legal and compliance, governance and regulatory matters.
Recent engagements include reviewing cybersecurity technology framework solutions to assess the adequacy of and to mitigate internal and external controls in preventing hacking and data breaches. Additionally, Chris is an advisor to clients’ on litigation strategies in New York courts and tax compliance mitigations with the Internal Revenue Service and New York State Tax Authority. Chris holds a Bachelors from Columbia University, School of Engineering and Applied Science. He is a member of the Information Systems Audit and Control Association (ISACA) and other professional organizations. Chris is a speaker at banking and technology forums.
James Grundvig
James Grundvig is the author of three (3) published books, two investigative non- fiction works and one novel. Over the past dozen years, James has published more than one hundred articles in the Huffington Post, Financial Times Foreign Direct Investment magazine, Law.com, the Epoch Times, Autism Spectrum News, among other media outlets. His stories have covered a broad range of issues, from the BP Oil Spill, terrorism, health, the limited resources of food, energy and water, to technology, climate change, and the autism epidemic. In 2013, he interviewed the then CTO of the CIA and its migration to the “cloud.”
18
Confidential for Discussion Purposes
James has worked more than twenty years in construction management on projects of scale in New York, New Jersey, Philadelphia, and Norway, estimating hundreds of millions of dollars in budgets, researching and negotiating change orders, and writing technical reports, including project forensics and change management. In 2011, James founded a mobile/SaaS platform to manage the workflow on construction projects between multiple parties and the supply chain. For that startup he executed the writing of the Request For Proposal (RFP), the competitive analysis, the business proposition, and designed the data flow diagrams and schematics for the software.
Recently, James has co-founded an offshore company in the Blockchain space, called Myntum Ltd. Myntum will create a “hot” vault for storing data—cryptocurrency “coins,” ICO tokens, contacts lists, digital files—and protecting those digital assets. James majored in Civil Engineering at the University of Hartford, Hartford, CT., and attending the Bennington Writers Workshop at Bennington, Vermont. He is project- centric, lives and works in New York City.
Peter Simon
Peter Simon is founder of OneForce Technologies in 2007 with the vision of bringing enterprise cybersecurity solutions to small and midsized organizations. OneForce has focused on providing a comprehensive yet simple-to-use platform for the organizations to manage their data security protocols and help mitigate data breaches. Peter advises on the implementation of a comprehensive cybersecurity strategy that includes appropriate communications for internal and external incident response planning and paperwork to ensure the highest level of resolution and mitigation data breaches.
Peter has broad knowledge of security and authentication related technologies. They include hardware, software and networking technologies. He also has experience in providing cybersecurity and data privacy solutions for administration, analysis and compliance, as well as being able to protect confidentiality, integrity of data, and the availability of information and systems. Peter also advises on creating business continuity plans, disaster recovery strategies and data security policy strategies. Peter’s college studies include computer science, CCNA and CISSP. He has also published articles in Cyber Defense Magazine and with the Identity Theft Resource Center.
Advisors
Confidential for Discussion Purposes
19
Mark L. Kay
Mark joined Strikeforce Technologies in May 2003. Previously, he was an established
leader, CIO and Managing Director at JPMorganChase over the past 25 years. During his
employment at JPMC he led strategic and corporate business groups with global teams
up to 1000 people. His responsibilities also included Chief Operating Officer and Global
Technology Auditor during his tenure. His business concentrations were Securities
(Fixed Income and Equities), Proprietary Trading & Treasury, Global Custody Services,
Audit, Cash Management (including Money Transfer and Demand Deposit), Corporate
Business Services and Web Services. Prior to JPMC, Mark was a Systems Engineer at
Electronic Data Services (EDS) for over five years, where he developed his technical and
people skills. He holds a B.A. in Mathematics from CUNY.
Ram Pemmaraju
Ram is one of the original founders of Strikeforce Technologies and the inventor of the
ProtectID product. Ram has several years experience in security systems and
telecommunications. Ram’s prior job was at Coreon, where he developed OSS systems
for DSL carriers. Ram was the founder and Chief Engineer of Digitech
Telecommunications, a Network Security systems company that manufactured data
encryptors (certified by NSA), callback systems, access control and voice scramblers. He
was employed at Computer Sciences Corporation, Synergy Systems, Bellcore and Bell
Labs amongst other technology companies typically as a chief architect or systems
engineer. Ram has an M.S.E.E from Rutgers University and a B.E. in Electrical
Engineering from Stevens Tech. He holds several patents in computer security.
George Waller
George is a founder and the prior CEO of Strikeforce Technologies for which his strong
leadership, sales and technology experience well positioned him. Previously he was a VP
at Connexus Corporation, a software integrator. He successfully managed several
software integration firms such as TeachMeIT, Incubation Systems and HealthSCOUT.
Confidential for Discussion Purposes
20
Roadmap
February – April 2018
▪ Pre-ICO funding
▪ ICO marketing
May – June 2018
▪ ICO crowd sale
3Q 2018
▪ List tokens on exchanges
▪ Product development starts
▪ Marketing efforts start for the desktop and mobile products
4Q 2018
▪ Screen capture feature is completed for the mobile product
▪ Mouse, clipboard, audio and camera protection features are completed for the desktop product
1Q 2019
▪ Anti-ransomware and self-healing features are completed for the desktop product
2Q 2019
▪ Development of Blockchain Security Agent is completed
▪ Development of Blockchain Security Cloud Services is completed
▪ Marketing efforts start for the Blockchain Security offering.
Confidential for Discussion Purposes
BlockSafe Technologies, Inc.
Confidential for Discussion Purposes
1
Introduction 2 Cybersecurity is failing 2 Crypto currencies are vulnerable 3 Spending on Cybersecurity is growing 5
Blockchains 5 Blockchain overview 5 Blockchain security issues 6
Blockchain Security 7 Private blockchain security 7 Wallet Security 11 Desktop software 11 Mobile app 13 Wallet authentication 14 BSAFE Tokens 15 Token Offering 15 Token Sale 16 Increasing token value post-ICO 16
Team Advisors
Roadmap
16 18 19
2
Confidential for Discussion Purposes
Introduction
Cybersecurity is failing
It’s no secret that cybersecurity is failing. Every day some damaging new data breach is reported. The following table shows the scale of some major hacks.
Company
Records stolen
Yahoo
3 billion
FriendFinder
412 million
165 million
Equifax
143 million
Heartland Payment Systems
130 million
Even though cybersecurity budgets have gone up, cybercrime has only increased. This is due to several factors, including insecure applications, a shortage of security professionals, an increase in mobile and Internet connected devices, and most importantly, the failure of existing solutions.
Consider Anti-Virus software, the workhorse of security, which detects malware by scanning for signatures. It is estimated that every 4 seconds a new malware specimen is released. By the time the Anti-Virus software vendors release a signature for this specimen (a typical lag time of 30 days), approximately 650,000 new malware specimens will be released. It is safe to say that Anti Virus software cannot keep up with this. Of course, Anti-Virus software vendors use other strategies such as advanced heuristics and increasingly AI techniques to help mitigate the threat but it is nonetheless a losing battle.
The modus operandi of a break in is to use multiple attack methodologies – social engineering, phishing, compromising websites to download exploit kits, etc. to get the user to download the malware. The malware then communicates with a command and control center to download modules that do the actual damage – a keylogger to steal
3
Confidential for Discussion Purposes
the keystrokes, mouse click capture to trigger screen shots, ransomware to encrypt files, webcam and microphone capture to invade privacy, etc. Once these modules are in place the attacker can get the credentials to external websites or internal resources to penetrate further into the network and carry out Advanced Persistent Threat (APT) attacks.
The mobile platform brings a new level of complexity and range of threats. For example, keystrokes are automatically logged by mobile operating systems to help in auto complete operations when a user is typing. It then becomes trivial for an attacker, who has convinced a user to download a malicious app, to steal the keystrokes from the system databases on the mobile device.
The increasing diversity and complexity of cyberattacks has created a fertile market for technologies that can protect against a wide variety of threats.
Cryptocurrencies are vulnerable
Though cryptocurrency proponents have done an admirable job building a distributed, anonymous framework for conducting secure transactions using public key cryptography, they are still not immune to attacks. As cryptocurrencies grow in both value and usage, securing them from a disparate variety of cyberattacks will become increasingly important.
Since 2011, there have been many heists of cryptocurrency exchanges, many of which
were later shut down. In the infamous Mt. Gox hack, nearly 650,000 Bitcoins were
stolen. So called “flash crashes” due to hackers have affected some exchanges such as
Kracken and GDAX.
Blockchain platforms themselves are also vulnerable. The DAO, an Ethereum project,
was the victim of a major hack. The hackers exploited vulnerabilities in smart contracts
and stole nearly $150 million. The money was recovered by doing a hard fork. However,
a faction of the Ethereum community, who believed that the fork went against the
principles of de-centralized control, created a split in the blockchain called Ethereum
Classic.
Hackers have also been attacking ICOs. CoinDash lost $7 million during its ICO after a
hacker altered the address investors were sending funds to so that the money went to
Confidential for Discussion Purposes
4
the hacker’s wallet. Days later, at least three ICOs were affected by a bug in a
cryptocurrency wallet called Parity that allowed crooks to nab $30 million.
Cryptowallets, whether desktop, online or mobile are especially vulnerable to hacking. A hacker can steal login credentials using keyloggers and screenshot capture and gain access to the wallet. Once they have access to the wallet, they can steal the owner’s funds.
According to John McAfee, anti-virus pioneer and Bitcoin cheerleader, security is the biggest problem with cryptocurrencies. In an exclusive interview with IBTimes UK at London's Blockchain: Money event, he claimed that without a major shakeup
in cryptocurrency security, the world of virtual money could crumble. Much of this, he explained, is because there are dangers in how people interact with their online money – namely via smartphone. He said using them to interact with Bitcoin is asking for trouble.
"Some people have hundreds of thousands of dollars on their smartphone wallet. And I tell them – if you give me your phone number, in five minutes I will transfer all of
your Bitcoins into my account," he said. “And I can prove it, its trivial." In this
scenario, McAfee explained how malware, usually a keylogger, can be used to circumvent strong encryption with ease.
“There will come one day when everybody’s wallet is emptied,” McAfee said to a gripped packed room.
A Dell SecureWorks report a couple of years back on Bitcoin malware found 150 distinctive malware families that were built to steal crypto currencies. To steal victims' bitcoins, most of the malware that SecureWorks found simply searches out common file types such as "wallet.dat" that might store private keys that control a user's coins. Any keys the malware finds are exfiltrated over FTP or HTTP connections to a remote server, which uses them to transfer the victim's bitcoins to their own wallet.
But some of the malware goes further, the researchers say. To steal the coins of users who encrypt their private keys with passwords, many of the Bitcoin stealing programs also include keyloggers designed to eavesdrop on users' typing. Even more tricky are malware types that wait for users to copy a Bitcoin address they want to send bitcoins to into their clipboard. When the user tries to paste the address, the malware replaces it
5
There are 100 million phones that have spyware or a keylogger, he continued, and
hackers are monitoring these phones. On their systems, they have laid down criteria
such as notify me if someone downloads one of these 20 wallets.
Confidential for Discussion Purposes
with a different string, irreversibly sending the currency to the malware operator's wallet. That last method never sends data to a remote server, so it can be much harder to detect, SecureWorks' researchers say.
Since transactions are anonymous and there is no insurance such as the FDIC in the USA (for bank deposits) if the hacker transfers your funds to their account and cashes out via an exchange, there is nothing you can do about it, and no institution to appeal to. Hence the biggest threat to the cryptocurrency economy is hacking.
Spending on Cybersecurity is growing
In light of the growing data breaches, there has been a dramatic growth in cyber security spending. According to Cybersecurity Ventures, in 2004, the global cyber security market was worth $3.5 B. In 2017, it is expected to be worth $120 B (35X growth) and will exceed $1 trillion cumulatively over the next five years, from 2017 to 2021.
This creates tremendous opportunity for companies that provide groundbreaking products in this space such as ours.
Blockchains
Blockchain overview
A blockchain is a distributed ledger consisting of a list of records. The records are called blocks. These blocks have a specific structure. For example, a block in a bitcoin blockchain has a header, a transaction counter and transactions. The block header is specially designed. It consists of a version number, a time stamp, a hash of the previous block, a hash of the root of the merkle tree of this block’s transactions, a difficulty target and a nonce. The difficulty target and the nonce are used in the proof-of-work protocol which makes it possible to achieve consensus among the nodes in the network and to reward the node which comes up with the nonce first (“the miner”). It also prevents Sybil attacks and solves the double spending problem.
6
Confidential for Discussion Purposes
The cryptographic links make it easy to read the database and to verify its accuracy, but make it extremely difficult for an attacker to alter or change the order of records. Because of these properties, a blockchain is a machine-readable unalterable historical record.
Blockchain 1.0
The first work on a cryptographically secured chain of blocks was described in 1991. In 1992, Merkle trees were incorporated in to the blockchain to enable multiple records in the block. In 1998, Wei-Dai was the first to conceptualize “b-money”. His ideas and the subsequent work by Hal Finney and Adam Back laid the groundwork for Satoshi Nakomoto’s revolutionary Bitcoin cryptocurrency in 2009.
Bitcoin’s success led to a number of alternative applications (coins) either by building a new blockchain or building on top of Bitcoin’s blockchain using a scripting language or building a meta-protocol. Soon the limits of this strategy became apparent. Building a new blockchain is not easy and requires significant development. It is easier to build on top of Bitcoin’s blockchain using its scripting language. But since it is not Turing complete and is not syntax-friendly, it limits its usefulness. However, a number of alt- coins use this approach.
Blockchain 2.0
In 2014, Ethereum, funded by a token crowdsale (ICO), took this a step further. Ethereum is a blockchain complete with a virtual machine called Ethereum Virtual Machine (EVM). The token of the Ethereum blockchain is called ether (ETH). It is traded on cryptocurrency exchanges and also used to pay for transaction fees (called “gas”) on the Ethereum network. The Ethereum platform runs Smart Contracts.
A Smart Contract is an autonomous program that executes itself when a specific condition (terms of a contract) is met. Because smart contracts run on the blockchain, they run exactly as programmed and are immutable and have zero downtime. As a result, Smart Contracts are used to develop a variety of applications such as financial applications, Decentralized Autonomous Organizations (DAOs), identity and reputation systems, digital assets (currencies), smart property, etc. The potential applications are limitless.
Ethereum does have its share of competitors such as Waves, Stratis, Lisk and EOS. However it is by far the most popular platform to develop Smart Contracts and most ICOs have adopted it. Even many enterprises are building private blockchains based on
7
Confidential for Discussion Purposes
the Ethereum platform. For example, J P Morgan’s Quorum blockchain is based on Ethereum.
Blockchain security issues
A Smart Contract is implemented as a set of functions, each one defined by a sequence of bytecode instructions. The contracts can transfer ether to/from users and to other contracts. Users send transactions to the blockchain network in order to create new contracts, invoke functions or transfer ether to other contracts or users. All the transactions are recorded on the blockchain. Since Smart Contracts have an economic value, it is crucial to guarantee that their execution is performed correctly otherwise an attacker can tamper with the execution and send ether to the wrong party.
Several security vulnerabilities in smart contracts have been discovered. These vulnerabilities have been exploited by attacks on Ethereum contracts, causing significant loss of wealth. The most famous of these was the attack on the DAO which resulted in losses of $150 million and resulted in a hard fork in the blockchain in order to recover some of the money.
Some of the vulnerabilities are due to Solidity, the language in which most Ethereum smart contracts are written. Others result from calls to untrusted contracts, re-entrancy, exception handling, etc. The problem is that due to its distributed nature, the source code of a smart contract is publicly visible. This means a hacker has access to modify the smart contract if they can find a vulnerability in the code.
Our goal is to secure the blockchain ecosystem by –
(1) Improving the security of blockchain transactions by providing a transaction authentication service
(2) Improving the security of wallets by providing desktop and mobile security software
Blockchain Security
There are two types of blockchains – public and private. In a public blockchain, anyone can set up a node and become a miner. They have complete access to the distributed
8
Confidential for Discussion Purposes
ledger, can initiate transactions, and can create smart contracts. The Bitcoin blockchain is the largest public blockchain. The main Ethereum network is also a public blockchain.
Private blockchain security
A private blockchain is a permissioned network. Permission is required to read the information on the blockchain and conduct transactions. Nodes that perform the mining are defined by the entity that manages the private blockchain. Private blockchains are run either by consortiums or by a single entity such as an Enterprise.
We plan to secure private blockchains.
Consider a private blockchain setup with Ethereum. A network of Ethereum nodes (called Ethereum Clients) constitute the private network. The network is identified by a specific network id.
A user interacts with an Ethereum client via a dApp. The dApp could be a wallet or custom software (web app, Java app, etc. as long as it incorporates web3.js for interfacing the app with the blockchain) that talks to the Ethereum client via JSON-RPC (remote procedure calls that invoke Ethereum APIs on the Ethereum client). The APIs allow the user to query the blockchain, initiate transactions and create smart contracts. What a user is allowed to do depends upon the permissions granted to a user. For example only specific users should be allowed to access the admin API, and specific users (developers) should be able to create smart contracts, etc.
Figure source – web3j.io
Confidential for Discussion Purposes
9
There are JSON-RPC interfaces to all the popular blockchains – Bitcoin, Ethereum, Eris and Quorum (built on top of Ethereum), Ripple and Hyperledger (implementations – Fabric, Sawtooth and Corda).
Transactions are initiated by a user (Externally Owned Account). The transaction is signed by the user’s private key and relayed to the Ethereum client via JSON-RPC. At the client, the transaction is validated and then relayed to the other clients. At some point in time, the transaction is mined into a block.
Figure source – web3j.io
Our solution involves two parts – (1) Blockchain Security Agent that is located between a dApp and a JSON-RPC client such as the Ethereum client, and (2) Blockchain Security Cloud Service.
Block Chain Security Agent
The Blockchain Security Agent performs number of functions –
● Blockchain Firewall - It acts as a blockchain firewall, shielding the clients on the blockchain network. It examines the traffic flowing between the dApp and the Ethereum network and allows messages that meet the policies of the organization.
Confidential for Discussion Purposes
10
● Authentication - It parses a JSON-RPC message and extracts the user’s account identifier and sends it to the Cloud software to authenticate the user. If the user successfully authenticates themselves, the JSON-RPC message is passed to the blockchain, otherwise it is blocked.
● Policy Enforcement - It acts as a Policy Enforcement Point and allows for granular access. It implements the access policies of the consortium or the enterprise. It enforces user roles and capabilities. The user roles and capabilities are defined in the Cloud software. For example, a user initiates a transaction that requires sending a message to a smart contract on the blockchain. The user is first authenticated then the user’s role is checked against the policy and if the user is allowed to send the message, it is forwarded to the blockchain, otherwise it is blocked.
● Load Balancer - It acts as a load balancer to spread the traffic among the Ethereum clients.
● DDoS mitigation – It mitigates DDoS attacks.
Blockchain Security Cloud Service
The Blockchain Security Cloud Service has the following capabilities –
● Two factor authentication – Multiple methods are supported including - Out-of- Band Phone Number, PIN, OTP, and/or Voice, OTP Delivery to Phone via SMS, Voice, Email, and/or Push, Out-of-Band Push – Accept/Deny, PIN, and/or Fingerprint, Hard Tokens – Key Fob, USB Key, and/or Wallet Cards, Mobile Tokens – iOS and Android, Desktop Tokens – Windows, OS X & MacOS, and/or Linux.
● Policy Server – The Policy Server stores the user access policies for the blockchain. It defines user roles and maps the roles to capabilities.
● Rules Engine – The Rules Engine stores rules that will be used by the Agent software to enforce access. For example, a rule might be to invoke two factor authentication if the transaction is over a certain amount.
We will sell this solution to enterprises, government and consortia that are implementing private blockchains. We expect that this market will grow significantly in the future and due to having a first mover advantage we will be positioned to be a major player in the blockchain security marketplace.
11
Confidential for Discussion Purposes
Wallet Security
Wallets are vulnerable to malware that can capture the user’s login credentials via keylogging and screen capture. Anti-Virus software tries to detect the malware using signatures and advanced heuristics. But as discussed earlier, they are oftenineffective.
Rather than trying to identify malware, we take a radical approach. We assume that malware exists on your device and prevent the malware from doing its job – keylogging, screen capture, clipboard spying, web cam spying, microphone spying, etc.
The solution suite comprises desktop software (PC/Mac) and a mobile app (iOS/Android). The desktop software and mobile app prevent the actions of malware.
Desktop software
The desktop software will have the following features –
Confidential for Discussion Purposes
12
Keystroke Protection – Traditional keystroke data flows through a series of steps before it appears on your monitor. Hidden in these steps is an area of vulnerability where cyber criminals try to take advantage using keylogging spyware. This feature bypasses the places keyloggers can reside, helping to eliminate your vulnerability to attack. A kernel component takes control of the keyboard at the lowest possible layer in the kernel. The keystrokes are then secured and sent to the application via an “Out-of-Band” channel bypassing the messaging queue.
Anti-Screen Capture – This feature prevents screen scraping malware from taking screenshots of your information surreptitiously.
Cryptographic Integrity monitoring – This feature constantly monitors the keyboard device driver stack to detect un-trusted drivers (which could potentially be keyloggers). If an un-trusted driver is discovered, it warns the user. It also checks if cryptographic services provided by the OS are operating properly.
Anti-Clickjacking - Clickjacking is a vulnerability that is exploited by hackers to load malware. Our desktop software prevents this from happening.
Trusted Platform Module (TPM) integration – The TPM chip is used to generate cryptographic keys.
All the above features currently exist. The planned enhancements are –
Mouse Capture Prevention - Malware monitors mouse clicks. We will prevent this from happening.
Clipboard Capture prevention - Malware monitors the clipboard to spy on copy and paste. We will prevent thisfrom happening.
Webcam Capture prevention - Malware monitors the webcam to spy on the user. We will prevent this from happening.
Microphone Capture prevention - Malware monitors the microphone to spy on the user. We will prevent this from happening.
The above four features are currently in development.
Defense against ransomware
Confidential for Discussion Purposes
13
Ransomware has been growing rapidly and is now one of the major threats. We are researching novel techniques to defend against this threat and expect to deploy our solution initially on the Windows platform.
Self-healing capability
This consists of ensuring memory and system integrity by periodically checking and removing malware changes automatically. This capability will initially be available on the Windows platform.
Mobile app
The mobile app will have the following features – Password Vault –
Strong Password Generator - This useful feature creates strong passwords based on user-defined preferences, and then stores the strong passwords in the password vault for future usage.
ProtectID® Soft Token - One-Time-Password (OTP) Generator for the industry leading ProtectID authentication platform. Features “one touch” user enrollment.
Support for other OATH compliant Soft Tokens – One-Time-Password Generator for third party OATH compliant soft tokens, such as the Google Authenticator. The provisioning is either manual or via a QR code.
Encrypted Database – Enables the storing of notes and other data in user defined fields in an encrypted database. This is accessible via the Password Vault which allows the user to create custom data fields.
Secure Keypad – Mobile OS’s such as iOS log keystrokes to help in auto-completion. These keystrokes are stored in databases that can be accessed by rogue applications. In
14
The Password Vault enables the secure storage of user credentials
required to access websites or corporate networks. The credentials are stored in
encrypted form. The user can also launch the website into a Secure Browser protected
by a Secure Keyboard.
Confidential for Discussion Purposes
addition, malware may be able to capture the keystrokes entered on the default soft keyboard.
The Secure Keypad is a custom keypad that provides secure input by encrypting keystrokes and preventing the mobile OS from logging the keystrokes.
Secure Browser – The Secure Browser is a custom secure locked-down browser that prevents the storage of cookies and other malware artifacts. The secure environment is reset for every browser session.
All the above features currently exist. The planned enhancements are –
Screen capture protection for mobile devices
This capability is currently present on the Windows desktop version and we want to extend it to mobile devices.
The following figure shows our secure keyboard protecting mobile wallets –
Wallet authentication
Confidential for Discussion Purposes
15
We will work with wallet companies (desktop/mobile or online) to integrate with our authentication cloud service to protect wallet logins with two factor authentication. The following figure shows how desktop and mobile products secure the wallet ecosystem.
BSAFE Tokens
Token Offering
The Company will issue its tokens (called BSAFE) on the Ethereum blockchain at a price of $1 each. The tokens will abide by the ERC20 standard and will be fully compatible with all Ethereum wallets that have the ERC20 token standard. The tokens will be created with a total supply of 100 million BSAFEs.
The following table represents the distribution of tokens -
Description
Amount of BSAFEs
Total Supply
100 million (100 %)
Seed round
2 million (1.5 %)
Confidential for Discussion Purposes
16
Pre-ICO
15 million (15 %)
Bounties
3 million (3 %)
Team/ Advisers / Other contributors
20 million (20%)
ICO
50 million (50.5 %)
Reserve
10 million (10 %)
Promotion
We will start a bounty campaign so participants can help spread the word to the community and receive BSAFE tokens as a bounty reward. Details of the bounty program will be available on our website in the near future.
Legal Governance and Compliance
We strongly recommend that all Contributors should seek their own legal advice as compliance may vary depending on their own status, nationality, the country they are resident / tax resident in, etc.
In the US, we will comply with all SEC laws regarding token issuance.
Token Sale
BSAFE tokens will initially be distributed in the form of a pre-sale at a discounted rate, more details will follow on our token sale website. The crowd sale will start a few days after the completion of the presale. A total of 50.5 million tokens will be available for purchase. Tokens will be made available on all major exchanges sometime after the crowd sale ends.
Increasing token value post-ICO
To increase the token value post-ICO, the company will use a portion of its revenue to buy back tokens. The tokens can also be used to buy the desktop/mobile products at a
17
Confidential for Discussion Purposes
discount over fiat currency, lending them a clear utility in helping purchasers improve their cybersecurity.
Team
Chris Henry
Chris Henry is an experienced Regulatory Compliance and Cybersecurity executive with over 15 years of experience in Bank Compliance, Governance and Risk Management. He has led many diverse and complex projects for major international financial institutions. Chris’ experience includes a blend of analytical and compliance advisory techniques, corporate governance revamping, enhance risk assessment protocols and expanding information technology skills. He has advised senior managers, directors, partners and C-suite executives responsible for critical internal audit, legal and compliance, governance and regulatory matters.
Recent engagements include reviewing cybersecurity technology framework solutions to assess the adequacy of and to mitigate internal and external controls in preventing hacking and data breaches. Additionally, Chris is an advisor to clients’ on litigation strategies in New York courts and tax compliance mitigations with the Internal Revenue Service and New York State Tax Authority. Chris holds a Bachelors from Columbia University, School of Engineering and Applied Science. He is a member of the Information Systems Audit and Control Association (ISACA) and other professional organizations. Chris is a speaker at banking and technology forums.
James Grundvig
James Grundvig is the author of three (3) published books, two investigative non- fiction works and one novel. Over the past dozen years, James has published more than one hundred articles in the Huffington Post, Financial Times Foreign Direct Investment magazine, Law.com, the Epoch Times, Autism Spectrum News, among other media outlets. His stories have covered a broad range of issues, from the BP Oil Spill, terrorism, health, the limited resources of food, energy and water, to technology, climate change, and the autism epidemic. In 2013, he interviewed the then CTO of the CIA and its migration to the “cloud.”
18
Confidential for Discussion Purposes
James has worked more than twenty years in construction management on projects of scale in New York, New Jersey, Philadelphia, and Norway, estimating hundreds of millions of dollars in budgets, researching and negotiating change orders, and writing technical reports, including project forensics and change management. In 2011, James founded a mobile/SaaS platform to manage the workflow on construction projects between multiple parties and the supply chain. For that startup he executed the writing of the Request For Proposal (RFP), the competitive analysis, the business proposition, and designed the data flow diagrams and schematics for the software.
Recently, James has co-founded an offshore company in the Blockchain space, called Myntum Ltd. Myntum will create a “hot” vault for storing data—cryptocurrency “coins,” ICO tokens, contacts lists, digital files—and protecting those digital assets. James majored in Civil Engineering at the University of Hartford, Hartford, CT., and attending the Bennington Writers Workshop at Bennington, Vermont. He is project- centric, lives and works in New York City.
Peter Simon
Peter Simon is founder of OneForce Technologies in 2007 with the vision of bringing enterprise cybersecurity solutions to small and midsized organizations. OneForce has focused on providing a comprehensive yet simple-to-use platform for the organizations to manage their data security protocols and help mitigate data breaches. Peter advises on the implementation of a comprehensive cybersecurity strategy that includes appropriate communications for internal and external incident response planning and paperwork to ensure the highest level of resolution and mitigation data breaches.
Peter has broad knowledge of security and authentication related technologies. They include hardware, software and networking technologies. He also has experience in providing cybersecurity and data privacy solutions for administration, analysis and compliance, as well as being able to protect confidentiality, integrity of data, and the availability of information and systems. Peter also advises on creating business continuity plans, disaster recovery strategies and data security policy strategies. Peter’s college studies include computer science, CCNA and CISSP. He has also published articles in Cyber Defense Magazine and with the Identity Theft Resource Center.
Advisors
Confidential for Discussion Purposes
19
Mark L. Kay
Mark joined Strikeforce Technologies in May 2003. Previously, he was an established
leader, CIO and Managing Director at JPMorganChase over the past 25 years. During his
employment at JPMC he led strategic and corporate business groups with global teams
up to 1000 people. His responsibilities also included Chief Operating Officer and Global
Technology Auditor during his tenure. His business concentrations were Securities
(Fixed Income and Equities), Proprietary Trading & Treasury, Global Custody Services,
Audit, Cash Management (including Money Transfer and Demand Deposit), Corporate
Business Services and Web Services. Prior to JPMC, Mark was a Systems Engineer at
Electronic Data Services (EDS) for over five years, where he developed his technical and
people skills. He holds a B.A. in Mathematics from CUNY.
Ram Pemmaraju
Ram is one of the original founders of Strikeforce Technologies and the inventor of the
ProtectID product. Ram has several years experience in security systems and
telecommunications. Ram’s prior job was at Coreon, where he developed OSS systems
for DSL carriers. Ram was the founder and Chief Engineer of Digitech
Telecommunications, a Network Security systems company that manufactured data
encryptors (certified by NSA), callback systems, access control and voice scramblers. He
was employed at Computer Sciences Corporation, Synergy Systems, Bellcore and Bell
Labs amongst other technology companies typically as a chief architect or systems
engineer. Ram has an M.S.E.E from Rutgers University and a B.E. in Electrical
Engineering from Stevens Tech. He holds several patents in computer security.
George Waller
George is a founder and the prior CEO of Strikeforce Technologies for which his strong
leadership, sales and technology experience well positioned him. Previously he was a VP
at Connexus Corporation, a software integrator. He successfully managed several
software integration firms such as TeachMeIT, Incubation Systems and HealthSCOUT.
Confidential for Discussion Purposes
20
Roadmap
February – April 2018
▪ Pre-ICO funding
▪ ICO marketing
May – June 2018
▪ ICO crowd sale
3Q 2018
▪ List tokens on exchanges
▪ Product development starts
▪ Marketing efforts start for the desktop and mobile products
4Q 2018
▪ Screen capture feature is completed for the mobile product
▪ Mouse, clipboard, audio and camera protection features are completed for the desktop product
1Q 2019
▪ Anti-ransomware and self-healing features are completed for the desktop product
2Q 2019
▪ Development of Blockchain Security Agent is completed
▪ Development of Blockchain Security Cloud Services is completed
▪ Marketing efforts start for the Blockchain Security offering.
Confidential for Discussion Purposes
(1)
(0)
Scroll down for more posts ▼