Case Study:
Company X deploys a fleet of connected IoT devices with capabilities of Hardware Root of Trust, in which the private keys are integrated into the devices.
The System Administrator of Company X has an account registered on the blockchain.
He will need to install a special firmware (or just modify an existing version of it) on the IoT device (i.e.: a CCTV camera). It should generate a pair of keys in the device.
At this point, the SysAdmin obtains device public-key and stores it on the blockchain using his account. The device is able to send the public-key by itself, but it needs access to the account. As an alternative, this could be done via a service where blockchain account keys are pre-installed.
Now the SysAdmin is able to set up a secure encrypted connection with all the CCTV cameras that he needs. In case he needs to revoke camera's public keys, he can do so by using the private key of his blockchain account.
The blockchain account
It has a pair of the public/private keys which the user generates with one of the project libraries on his device. The account enables to store public key on the blockchain as well as revoking them. Using the pair of keys of just one account, you may store on the blockchain as many public keys as you need. In blockchain technology, there are several ways to secure access to your account, for example, multi-signature.
Why should devices trust each other without a CA signature?
In this scenario, the Admin will send a request to the blockchain for storing the public keys of each of the two devices and will install private keys on each of them respectively. This way the admin is responsible for providing the correct public key connecting two devices/applications. Nobody can store a public key which was previously added to the blockchain.
What do you think about the case described? Are there any weaknesses which hackers can spot?
And what's about a service that can help to provide such certificates for admins and developers who are not willing to interact with the blockchain directly? Would you use such a service, if it were available?
Here you can have a look at a protocol able to perform the services described, other than a Public Key Infrastructure.
Top comments (6)
Tldr short answer nope. I don't think it is possible.
Unless you can prove to me it is not resource intensive and does not require alot of energy to do it plus you didn't specify what are the type of wireless communication standards you plan to use to transfer for these keys.
Please let me know what is your assumption for this blockchain implementation?
1) Are you assuming edge devices with growing computering power with lesser network bandwidth to transfer their keys?
2) Do you follow existing best practices and security standards in following blockchain implementation and operation like NIST?
3) Do you have a embedded engineer who will be implementing this on a edge type of device that has better hardware or a arduino with limited computing power?
4) Are you planning to assume your blockchain implementation is going to include secure modules?
Those are just the basic questions I will ask to get started. Which lead to me with a short answer.
We have a stake and reputation based consensus. It is not PoW, but Proof of Service. Here you can read an article about our research efforts and consensus architecture. It is more a system of economical incentives. hackernoon.com/how-to-choose-a-con...
Basically, blockchain is secured by cryptography and consensus. Of course, we are preparing security advices for masternode owners.
The article from HackerNoon does not address my assumptions for securing IoT device connection with blockchain.
You can take a look at what my company is doing at MicroSec in this article Security Made Simple that is incubated as the first cohort of EntrepreneurshipFirst in Singapore.
A London based incubator that focuses on deep tech startups which Reid Hoffman co-founder of Linkedin is their board of directors
If you would like we can arrange a time to chat with my CEO to discuss possible collaborations with your technology.
Thank you for the links. What are your biggest doubts? Of course, we are happy to help you to implement our protocol as one of the security options for IoT users. My email is andrii.fedotov@remme.io
My biggest doubts are the type of device, you are tackling with your software and the wireless communication used to transmit these keys.
Namely through the use 3G/4G/5G/M2M or just plain old wifi standards to transmit the keys.
I'll let you know again if my boss is interested in your protocol to use as part of our security solution :)
Unfortunately, we don't have integrations with specific types of devices. We are designing a general model of architecture. Hope soon we will share our first app for IoT, but we still need time for that. At the moment we have ready for different tests blockchain that can store public keys and relevant for security applications including IoT field
github.com/Remmeauth/remme-core/tr...