IoT Security - Software-defined perimeter and blockchain
Blockchains and cryptocurrencies in IoT
Blockchains are public, digital, and decentralized ledgers or cryptocurrency transactions. The original cryptocurrency blockchain was Bitcoin but there are over 700 new currencies on the market such as Ethereum, Ripple, and Dash. The power of a blockchain is that there is no single entity controlling the state of transactions. It also forces redundancy in the system by ensuring everyone using a blockchain also maintains a copy of the ledger. Assuming there is no inherent trust in blockchain participants, the system must live in consensus.
A good question to ask is if we have solved identity management and security with asymmetric cryptography and key exchanges, why are blockchains needed to exchange data or currency? This is not enough for the exchange of money or data of value. One thing to note is that since the inception of information theory, when two devices communicate, Bob and Alice, they send a message or a bit of data. That information is still retained by Bob even if Alice receives a copy. When exchanging money or contracts, that data must leave one source and arrive at another. There is only a single instance. Authenticity and encryption are tools needed for communication but a new method to transfer ownership had to be invented:
click for larger image
Ledger topologies. A centralized ledger is the typical process of a single controlling agent maintaining "the books". Cryptocurrencies use either decentralized or distributed ledgers
Blockchain secure cryptocurrencies are particularly relevant to IoT. Some example use cases include:
Machine to machine payments: The IoT needs to ready itself for machine exchanging services for currency.
Supply chain management: In this case, the movement and logistics in managing inventory, moving goods, and logistics can replace paper-based tracking with blockchain immutability and security. Every container, movement, location, and state can be tracked, verified, and certified. Attempts to forge, delete, or modify tracking information becomes impossible.
Solar energy: Imagine residential solar as a service. In this case, solar panels installed on a customer home are generating energy for the home. Alternatively, they can also send energy back to the grid to power someone else (perhaps in exchange for carbon credits).
The cryptocurrency portion of Bitcoin is different from the blockchain itself. Bitcoin is an artificial currency. It has no commodity or value backing like gold. It is also not physical; it only exists in a network construct. Finally, the supply or number of Bitcoins is not determined by a central bank or any authority. It is completely decentralized. Like other blockchains, it is built up from public key cryptography, a large and distributed peer-to-peer network, and a protocol that defines the Bitcoin structure. While not the first to conceive of digital cash, Satoshi Nakamoto (alias) posted the paper in 2008 called Bitcoin: A Peer-to-Peer Electronic Cash System to a cryptography list. In 2009, the first Bitcoin network was online and Satoshi mined the first block (Genesis Block).
The concept of a blockchain means that there exists a blockrepresenting the current portion of a blockchain. A computer connected to the blockchain network is called a node. Each node participates in validating and relaying transactions by obtaining a copy of the blockchain and is essentially an administrator.
A distributed network based on peer-to-peer topologies exists for Bitcoin. Metcalfe's Law applies here since the value of a cryptocurrency like Bitcoin is based on the size of the network. The network maintains the system of records (the ledger). The problem is, where do you find a source of computing willing to share their compute time for monitoring ledgers? The answer is to build a reward system called Bitcoin mining.
The transaction process is shown in the following figure. It starts with a transaction request. The request is broadcast to a Peer-to-Peer (P2P) network of computers called nodes. The peer network is responsible for validating the authenticity of the user. Upon validation, the transaction is verified and combined with other transactions to create a new block of data for the distributed ledger. When a block is full, it is added to the existing blockchain, making it immutable. The Bitcoin authentication, mining, and validation process is shown below:
click for larger image
Bitcoin blockchain transaction process.
Shown in the graphic is the exchange of 0.000554 Bitcoins between Alice and Bob with a service fee of 0.0001 BTC. Alice initiates the transaction by signing the contents of the transaction with the previous transaction hash against Alice's private key. Alice also includes her public key in the inputScriptSig script. The transaction is then broadcast to the Bitcoin P2P network for inclusion in a block and validation. The network competes to validate and discover a working nonce based on the current strength of complexity. If a block is discovered, the server broadcasts the block to peers for validation and then inclusion in the chain.