Three Approaches to IoT Security: Part Two

There is no single path to securing mobile devices and networks. This article, the second in our three-part series, focuses on how one startup company is leveraging blockchain technology and a type of cryptography called telehash.
Published: August 5, 2015

(Read Part One.)
(Read Part Three.)

When it comes to security, the IoT is already broken. That’s what Paul Brody has spiritedly argued since he led IBM‘s mobile and Internet of Things services business (he moved to Ernst & Young, where he serves as the company’s technology sector strategy leader for the Americas, in April 2015). By following a centralized, cloud-based approach to networking IoT devices, Brody told a conference last year, “we’ve created the most delicious pot of data that any hacker could possibly want.”

A report titled Device Democracy: Saving the Future of the Internet of Things, released late last year by the IBM Institute for Business Value, argued:

Filament’s Eric Jennings’

“In a network of the scale of the IoT, trust can be very hard to engineer and expensive, if not impossible, to guarantee. For widespread adoption of the ever-expanding IoT, however, privacy and anonymity must be integrated into its design by giving users control of their own privacy.

“Current security models based on closed source approaches (often described as ‘security through obscurity’) are obsolete and must be replaced by a newer approach—security through transparency. For this, a shift to open source is required. And while open source systems may still be vulnerable to accidents and exploitable weaknesses, they are less susceptible to government and other targeted intrusion, for which home automation, connected cars and the plethora of other connected devices present plenty of opportunities.”

Brody advocates using blockchain technology as an IoT building block. The digital currency system bitcoin employs a cryptographic blockchain to handle financial transactions using a public ledger. But blockchain can be used to perform a range of other types of transactions in a decentralized manner. One can utilize it to process agreements, create and exchange tokens or authorizations, or simply send tweets.

In January, IBM and Samsung demonstrated the Autonomous Decentralized Peer-to-Peer Telemetry (ADEPT) project, a proof-of-concept decentralized IoT architecture.

Just as bitcoin operates without a bank, IoT devices could operate without a centralized cloud server, using the blockchain as a digital ledger that enables transaction processing on any device rather than routing it through a central server.

Now, a startup called Filament is building products and services based on a decentralized approach that leverages blockchain and a type of cryptography known as telehash. Filament got its start in 2012 by selling small mesh-networked sensor modules to consumers, but quickly found that large corporations were interested in using the devices to instrument their industrial automation facilities.

“We thought these Fortune 500 companies that were buying our sensors would have had their own solutions, but they didn’t,” explains Eric Jennings, Filament’s CEO. “So we decided to switch focus to industrial IoT applications.”

Filament is manufacturing sensors with embedded sub-GHz radios (made by Semtech) that create a low-power, long-range mesh network. Each Filament sensor has an embedded cryptoprocessor that supports five protocols, Jennings says, which work in concert to enable decentralized, secure communication.

“Most devices need to be connected to a central authority—i.e., you can’t use a Nest thermostat without access to Google‘s servers,” Jennings states.
“We don’t think that’s a good plan for industrial IoT devices, which need to last a long time.” You can’t just hope that the servers for a given device are reliant and will always be available, he adds, or that the companies that operate them will stay in business.

The five protocols in the Filament stack are Blockname, telehash, smart contracts, Pennybank and BitTorrent. The Filament sensors rely on the first three in order to operate, Jennings explains, while the forth and fifth are optional.

Blockname allows each device to create an identifier, which is stored in a one-time-programmable part of its cryptochip. The ID is also stored in the bitcoin blockchain. When asked whether relying on that blockchain to store data is risky (since there is no guarantee that it will be sustained into perpetuity), Jennings said the $5 billion of value that the bitcoin blockchain currently supports is a good validation of its staying power. But, he noted, even if the bitcoin blockchain is someday no longer available, the technology that supports it will remain.

Telehash supports encrypted communication between devices in a mesh network. It was developed by Jeremie Miller, Filament’s CTO, who was also instrumental in developing XMPP, the protocol used to support Jabber and many other instant-messaging applications. “Telehash is the next evolution of XMPP,” Jennings says. “It’s designed to run on very-low-power devices, with encryption from end point to end point. It has perfect forward secrecy; this changes the key at each session, so you can’t go backward.” (IBM’s ADEPT project also uses the telehash protocol for encrypted data transmissions.)

Smart contracts allow Filament to control how any one of its sensor devices is used and who can access it. It’s also a key part of the company’s revenue model, because it lets the firm encode a contract, with specific terms regarding payments related to the device’s use, right on the device. A third party could, therefore, distribute any make of sensor capable of running the Filament stack, but Filament could still generate revenue from that device’s use—as could the third party. Or, Jennings says, “we could sell the sensor module and whomever owns the contract will get paid” for its use.

Pennybank allows devices to exchange value directly with each other, using bitcoins or some other type of digital currency. Jennings points to potential use cases in the construction and automotive industries. If a heavy equipment provider, such as John Deere, has instrumented a device to collect and share data based on some process or material it is moving, a sensor using Pennybank could “sell” this information to the sensor device employed by the end user or a contractor in order to consume, and pay for, that data. And the devices would handle this directly, without accessing the cloud.

In addition, Jennings imagines that drivers with embedded Filament sensors could use Pennybank to earn money from other drivers by exchanging tokens with them that would allow the other vehicle access to a high-occupancy vehicle (HOV) lane.

BitTorrent was designed as a peer-to-peer file-transfer protocol for sharing large amounts of data via the Internet. This protocol could be used to update firmware running on Filament devices.

Taken together, this protocol stack and Filament devices form what the company calls the Distributed Sensor Transactions (DIST) platform. Filament is currently working with a dozen companies in a range of industries, from oil and gas to health care, on pilots to test both the protocol stack and the devices, which Filament makes either in an embeddable form or as standalone devices.

IBM, with its ADEPT proposal, and Filament, with its decentralized, ad hoc sensor network technology, are taking a very different approach to IoT architecture than most current applications, which largely rely on cloud-based services and closed (versus open-source) data security tools. It’s too early to predict which approach will take off, but these projects show that Internet of Things vendors are starting to think in new ways about how to secure and support IoT deployments in the long run.