As a powerful platform enabling traders to trade with sophisticated algorithms 24/7 on the cloud, AlphaNu is a natural target for attackers looking to take advantage. Whether it relates to the expensive processed data we have, or sensitive client information and intellectual property, we intend to ensure that our security systems are not just robust but are evolving, future-proof and capable of handling even the toughest scenarios.
To this end, we have approached our friends from the Kelvin Wallet team to become dedicated developers on our team assisting with the installation of top-tier security solutions such as quantum-proof security mechanisms. Kelvin Wallet originated back in 2008 when Ming-Yang Chih, a graduate student at the time, along with Professor Chen-Mou Cheng and two other students founded the Fast Crypto Lab Cryptography Laboratory at National Taiwan University. Professor Cheng had just graduated from Harvard University the year prior and returned to National Taiwan University. In the following decade, the FCL Cryptography Laboratory trained more than 50 cryptographers. These experts have moved on to work in the well known Silicon Valley companies such as Google, Facebook, Intel, and Twitter to continue cryptography development, putting their skills to the test in protecting hundreds of thousands of critical information systems.
Various accomplishments in the cryptography space have been made by the FCL Laboratory team; having researched Post-Quantum Cryptography for many years. They have submitted multiple Quantum-Proof crypto systems to the Round-2 selection on NIST’s Post-Quantum algorithm (Https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions ). Hundreds of cryptographic academic papers were also produced in the laboratory, such as ISSAC, ASIA CRYPTO, etc. The goal of the FCL Lab is to utilize technology to protect the security of information systems, and continue to create fast and secure cryptosystems.
Ming-Yang saw an unaddressed market for quantum-proof crypto hardware wallets, and left the FCL Lab to create Kelvin Wallet and in 2019, launched the first quantum proof crypto wallet featuring strong security certification, anti-quantum power, key exchange technology, and Common Criteria EAL 5+ certified security chip. Subsequently, alongside his work on hardware wallets at Kelvin Wallet, he has also joined the AlphaNu team to provide valuable security insights and development assistance to protect our systems from malware and hackers.
At AlphaNu, we are aware of the areas of interest for hackers:
- The historical trading data we are offering to developers is not only rare, but can also be monetized and resold on the open market, creating incentives for data-mining and malicious activity on our platform rather than algorithm development work. To prevent this, we will be encrypting and storing the data within our system, where analysis and backtesting of the data can only be executed in our closed environment.
- The algorithms that traders can subscribe to via our platform are meant to remain as the intellectual property of developers for our platform. This is necessary to ensure a sustainable subscription-based model and incentive for developers to create successful and powerful algorithms on AlphaNu. Thus, protecting developers’ IP and their algorithms is the utmost importance to AlphaNu. We have made it so that even AlphaNu will not be able to access a developer’s algorithm without authorization from a developer. In order for traders to be able to execute trades using these algorithms without being able to see the source code, we’ve created a secure cloud environment where traders can never view the code, while external attackers would have to bypass multiple layers of extreme security to get to the algorithms. These algorithms will execute trades at their full transaction speeds directly with the brokerages we are connected to.
- As we are a cross-border marketplace product, connecting mainly traders from the asian markets and exchanges with US developers, there are critical measures in place that need to be taken to ensure the reliability of transaction and revenue data. We work closely with payment processors to ensure a smooth user experience, while creating our own systems — based on the blockchain — to ensure traceability and reliability of revenue attribution made through our platform. This allows us to offer products such as the Revenue Contract mechanism which enables third parties to obtain fractional rights to the future revenue from algorithm subscriptions.
- As the AlphaNu platform inevitably connects to third party exchanges to execute trades, it is necessary for us to protect trader interests and consider password security at many different levels. Our goal is to be future-proof and achieve quantum computer security while being constantly evolving against any modern threats. Our model will include a complete identity authentication framework, support the U2F authentication framework, and enable Two-factor Authentication (2FA). Users will be educated and guided through security processes to ensure good practices and guidance.
Hardware-level security
In addition to the account access security, we will also increase the security of hard disk authentication. Login technology developed by Kelvin Wallet is currently being tested for compatibility and will be a core part of our platform should it be feasible. For historical financial data transmission, we will use Quantum-proof algorithms to ensure that the key exchange security level is robust and strong enough. As for database protection, we will completely encrypt the cloud environment where our database is located. No data will be able to be decrypted as users will need our identity authentication mechanisms to unlock authorized materials and data.
Usage of robust blockchain technology for access controls
Authentication and data encryption on AlphaNu’s platform will always be carried out by a public key to ensure that a developer’s IP will not be accessible by anyone, including AlphaNu, without authorization. Our system is designed to utilize a decentralized blockchain and PKI (Public Key Infrastructure) technology to protect developers’ data. Developers will use the Kelvin Wallet to generate a set of offline Public key / Private key pair using a True-random-number generator (https://en.wikipedia.org/wiki/Hardware_random_number_generator). This can only be accessed by the developer and stored safely in their Kelvin Wallet. Only a Private key can decrypt and verify an encrypted Public key or signed data.
We will use a multi-person, multi-key management system for our Public Key Infrastructure. The process of confirming the authorization release will be checked by multiple layers. For example: in a six-person signing process, the first sponsor signs the relevant documents or authorization and passes it on to the next person. It can only be uploaded after all six signatures are acquired. The cloud host will verify whether it is a six-person signature before releasing the resource or executing the transaction to the initiator.
In terms of internal systems safety, we will follow the ISO 15408 standard for managing information, and use a 2nd Factor’s authenticator and a signer hardware to ensure account security.
Cybersecurity is the foundation of any computer system. With increasing potential fallout and damage from compromised systems, we believe in a model of pre-emptive prevention rather than risk needing to spend on expensive post-breach rectification. Our partnership and collaboration with the Kelvin Wallet team will definitely propel AlphaNu forward towards our vision to transform trading practices and level the playing field for all traders.
