CoT: Why do you think blockchain may assist in securing IOT devices?
IoT devices may be secured against hackers and man-in-the-middle attacks by storing their identifiers with corresponding public keys on a blockchain using a system like DNSChain, https://github.com/okTurtles/dnschain . This eliminates the reliance on trusted third parties like certificate authorities and domain registries.
The owner of a device would generate a new key pair for the device, give it an identifying device ID, and enter the public key, device ID, and his blockchain address or name into the DNS certificate blockchain.
Since most IoT devices will not have adequate storage and memory to maintain a copy of a public blockchain, they will need to connect to a trusted server to access the blockchain with a secure thin client. At Bitseed, we produce an ARM based server which can be used in this manner for a Bitcoin based IoT authentication and secure bulk data storage system owned and controlled by the user.
Blockstore, developed by Onename, uses the Bitcoin blockchain to store blockchain IDs along with hashes to secure distributed hash tables (DHT) for storing large amounts of data off-chain. Blockstore is part of Bitseed's strategy to use Bitcoin to secure its next product, a personal server along the lines of Freedombox, which can act as a hub for the user's personal or enterprise network of IoT devices.
Another solution for this is to use a technology like Lisk, Whitepaper , which runs distributed applications (dapps) as sidechains with an API which are secured by and communicate via the main Lisk chain, an internet of chains. With this Internet-of-Chains type protocol, a device owner has his own blockchain which is small enough to store locally on a lot more of his IoT devices using a client which is lean enough to run on their limited memory and storage resources without degrading their performance.
I would like to see Lisk further add the ability for the dapp sidechains to even have their own side chains, so the internet of chains can go multiple branches deep. These multiple layers enable a common public secure layer on the Lisk chain itself, multiple layers underneath it for specialized IoT enterprise applications, and interconnected private and secure user layers to complete a global network of chains.
Iota is an exciting new distributed consensus technology in development specifically for IoT which promises to secure networks without the need for a blockchain, http://www.iotatoken.com/ . In addition to facilitating microtransactions with very low overhead, Iota can also act as an oracle for smart contracts.
These decentralized approaches to securing IoT result in private device networks which are truly owned by and directly under the sole control of their owners.
CoT: How critical is the issue of security today with regards to IOT? I mean we hear about hacks regularly but how would you grade security amongst the list of issues affecting IOT?
I consider security to be the number 1 issue affecting IoT. When I learned to program and operate CNC machinery, I was somewhat intimidated at first by the fact that a software error can actually physically break things, or, even worse, lead to personal injury. Malicious attacks across networks with IoT devices controlling critical infrastructure, vehicles, machinery - even weapons - can have very serious consequences leading to injury and death, on a potentially very large scale.
There are also the privacy and security issues of an owner's IoT devices embedded all around him or an enterprise being used for surveillance and industrial espionage. Much of the internet, media, and communications industry today is built upon monetizing surveillance of its users as a core component of its business model. Misuse of IoT technology threatens to extend this invasiveness much further into people's lives.
Some of the surveillance is used for benign purposes which can even benefit the user, like Netflix suggesting content based on viewing history. I have been exposed to a lot of very good content I would have otherwise been aware of. However, often the data collection is used in subtle attempts at psychological manipulation towards interests which are not in line with those of the user.
Do you really want your self driving car to choose a route which takes you by the businesses of paid advertisers, based on your previous riding habits, instead of using the fastest path, which would save you a few more minutes of your time?
I watched a presentation by a start-up selling an IoT door lock which can be unlocked from your smart phone, and configured with a list of other people with phones who are allowed to unlock it at specified time intervals, all stored by the manufacturer in the cloud, of course.
Do you really want strangers to know who you trust to freely enter your home, and when you and they come and go? Do you want the doorlocks on the hotels and AirBnB rentals let the lock manufacturer know where and when you go to stay, and with whom you do so?
The speaker for this start-up stated that selling locks was not their main revenue source, that they were selling them near cost. Their greatest source of value would be the data they are collecting to sell it as a service to other parties.
Securing IoT includes defending the interests of the device owners from the manufacturers, distributors, and communications providers of IoT, as well as from outside attackers.
CoT: Do you think a collaboration approach is needed for the industry to explore whether blockchain can address security questions in IOT?
Definitely!
It is critical that devices and software use a freely available, open, and common standardized protocol among different manufacturers to prevent the domination of a few closed proprietary silos under corporate control, where the users have very limited knowledge or control of what information is being collected, where it is being distributed, who has access to it, and the potential security breach of attackers gaining unauthorized access to it.
Device owners must have the opportunity to be able to add to and modify the devices they own with the software of their choice. As it is, mobile devices are a personal security nightmare for their owners.
The use of blockchain technology along with distributed applications is a way for IoT products to comply with new restrictions in the EU on collecting and transmitting user data to the US under the Save Harbor Agreement. This new change in policy is the result of a recent court decision over privacy in the EU, http://www.aicgs.org/issue/euu-s-data-transfers-new-privacy-shield/ . Instead of sending the data to a remote central server in the US, the data can reside in the dapp. Ideally, the users should own and control the networks they rely on.
CoT: Can you give an example (in simple terms) of how blockchain tech can secure devices?
I would like to use blockchain technology to secure deep space communications. NASA is currently implementing Delay and Disruption Tolerant Networking (DTN), http://ipnsig.org/introducing-delay-disruption-tolerant-networking-dtn/ , a mesh networking protocol which allows for communication over very large distances without packet loss. DTN uses store and forward packet routing with custodial transfer between nodes to prevent collisions from time delay.
By using a DNSChain type system mentioned above, a spacecraft can have a key pair generated for launch along with its ID, ownership, and the hash of its software, which are all entered, minus the private key, into a blockchain which is shared by all of the spacecraft, ground stations, and mission control centers of spacecraft operators in the DTN network.
After the spacecraft separates from the launch vehicle and initiates autonomous flight, the launch code can be transmitted to the spacecraft directly from earth to authenticate communications with it. The hash of the control software on board the spacecraft is verified against what is stored on the blockchain. The spacecraft then generates a new key pair, and enters the new public key into the blockchain. Tampering becomes much more difficult from this point on since it would involve physically intercepting the spacecraft while it is in flight. Secure, encrypted, tamper-proof spacecraft communications are thus enabled over the DTN, even if it is composed of relay stations from many different operators.
As the use of spacecraft expands into prospecting for valuable resources from asteroids and other planetary bodies, there will be a need to secure their communications over the public DTN network to protect the interests of those who have invested a lot of money and time into these long term missions. Spacecraft operators will want to know they are actually talking directly to their spacecraft and not someone in the middle.
The above example of space communications may be an extreme example application, but a protocol which can handle the extreme delay and disturbance conditions of space communications will also be very robust for terrestrial IoT applications, where devices are often in motion, not in constant communication, and subject to noisy industrial and transportation environments. The presentation by Scott Burleigh on Delay Tolerant Networking at is very informative on how DTN works and how it is being applied to terrestrial IoT.
Securing IoT devices with DNSchain type technology to eliminate man-in-the-middle attacks. Enabling user controlled networks of IoT devices to operate as personal clouds as distributed applications without relying on centralized cloud servers, and secure interoperation with other networks in a manner where the user is in complete control of what data is shared. Leveraging blockchain technology and distributed applications as a means to comply with data sharing regulations like the recent EU restriction on transmitting user data to the US. Integration of blockchain technology with the NASA Delay and Disturbance Tolerant Networking (DTN) mesh networking protocol for secure deep space communications. Co-founder of Bitseed, bitseed.org, manufacturer of ARM based Bitcoin full nodes with an aim towards IoT devices.
Also co-founder of Crypti, now relaunching as Lisk - a decentralized application platform which runs on ARM devices with 512 Mb of RAM, a memory requirement which will be continued to be reduced in the future. Lisk runs dapps in sidechains with an API which can use their own tokens for scalability by avoiding blockchain bloat from running scripts on the main chain.