IoT paranoia: can your devices trust the other IoT devices that help them?

For the Internet of Things (IoT) to function well then lots of IoT devices need to work together properly. But how can these other devices be trusted? Blockchain technologies might be the answer.

Lego block and chain a

The idea of any device with a chip and a web connection working with any other device has lots of potential. At home your freezer could partner with your cooker to swap ideas for meals and precise cooking instructions that are based on what is actually in your freezer and how your cooker best heats up food.

At work your office devices could work together to help you and your colleagues.  Your car could be operated by your phone and vice versa. The Internet Of Everything means any device could potentially work very closely with any other device.

The trust problem

But what happens if one of these devices has been hacked? Maybe your phone has a virus. Or if you need your car to communicate with someone else’s car – to organise routes or a place to meet up – then maybe the other car will infect yours? So how can we make the IoT secure?

The problem of ‘trust’ is bigger than just avoiding infection. How can you trust a device that you do not own or control? Maybe a toll booth will charge you incorrectly, maybe a person will use a phone app to pretend to be someone else. Maybe an IoT device will just give bad information. The cause might not even be hacking, maybe just a software bug, human error or biases caused by differences in peoples’ taste or perspective.  How can all these be avoided?

The coordination problem

Also, whatever your IoT project is about, the issue is more than just about whether you can trust some device. There is also a coordination problem. The potential of an IoT ecosystem lies in the combined sensors and capabilities of many devices. For example, many cars sharing congestion information is much more valuable than the information from just two cars. So the problem is to get many devices to work appropriately with many other devices. Trust and appropriate behaviour need to be guaranteed for all the devices that work on a particular problem or service.

It all boils down to two problems. How can you trust your own devices not to be hacked and how can you trust devices that you do not control to do what they are supposed to do – in a joined-up way?

How can we be sure of the identities, past behaviours and current permissions of other people and devices? How can we coordinate many devices so that they work in a joined-up way? And how can our devices do this checking automatically?

Fortunately a similar problem has already come up with digital currencies like Bitcoin. Digital currencies also need to be trusted and they need many people to join-up in agreeing that a particular buyer owns the digital cash to be able to pay for something. Buyers want to choose from lots of sellers so all the sellers have to agree that they trust the currency – even though the amount of cash each buyer and seller owns changes each time someone buys something.

Cryptocurrencies, like Bitcoin, solve this problem by using a distributed ledger like blockchain . A distributed ledger is a database of transactions that is shared and checked across many computers. And transactions can be money transfers or they can be IoT devices sharing data with each other.

Solution: You are what you do and what you do can be recorded

Blockchain technology is much more than the foundation of Bitcoin. Transaction data can include peoples’ identities, devices’ identities or any other useful data such as how they behave. Recording transactions makes it possible to know the real identity of every device and what it has done in the past.

New transactions are cryptographically recorded into blocks and each block in the chain of blocks is cryptographically linked to the previous block to stop tampering. The data in each block is encoded and part of that code is based on the contents of the previous block. To successfully tamper with this record would mean hacking all the computers in the network simultaneously, whilst at the same time guessing how to decrypt each block and the links between them.

Blockchain technology preserves trust in three ways: multiple copies of a single blockchain are shared and continuously checked; the data in each block is encrypted and to decode one block you need to decode the preceding blocks.

So, the problem of IoT devices trusting each other could be solved by using a blockchain technology to encrypt recordings of past behaviours and current permissions. And the problem of coordinating many devices could be solved by sharing a single blockchain database across a network of devices.

Of course there are many distributed ledger technologies and many types of blockchains. My point is that technologies like blockchain solve the trust problem by continuously checking multiple copies of a database that is securely synced.  And automatically synchronising multiple copies of the same database is also a strong basis for coordinating multiple devices.

Trust and coordination are two things that IoT ecosystems will badly need. So blockchain technology looks like it will be a foundation of the IoT ecosystem and much more.

Advertisements

Privacy: Is there a missing third party in our emerging Big Data society? (new white paper)

Personal data can be used for great harm as well as for great good. The more that data is shared between organisations then the more value it can create.

But personal privacy is becoming more and more of an issue, although the way firms handle, share and reuse data is much too complicated for most individuals to be fully aware of or able to deal with if data is mishandled.

For the last year I’ve been running roundtables, interviewing experts and going to workshops to try to look for some answers to these problems. This white paper explains some findings so far.

Personal Big Data: Is there a missing third party in our emerging Big Data society?

 

Executive summary

New Big Data technologies are rapidly changing marketing, healthcare, government, financial services, retailers and whole supply chains.

We are rushing towards a ‘Big Data society’ that is using data analytics to more efficiently target resources and to deliver incredibly personalised user experiences. But the precise use of resources and the personalised delivery of services require access to deeply personal consumer data.

Personal data can be used for great harm as well as for great good. The more that data is shared between organisations then the more value it can create – and the more difficult it is to control who uses it and what they use it for.

The change in how organisations use our personal data is happening whether we like it or not and we risk destroying trust if consumers are harmed or even surprised, by how their personal data is used. We need consumers to trust how their data is used or they will be slower to engage by sharing their data. This will delay the benefits of a Big Data society and leave the UK to be potentially overtaken by other countries with a different view of the importance of consumer trust.

But current systems of legislation and regulation are based on older technologies and ways of working that did not include cheap access to mass data sharing capabilities and personalised data analysis in real-time.

Our investigation incorporates the views of experts from regulators, government, commercial data firms and consumer privacy organisations. It concludes that there are several missing roles in our emerging Big Data society – a missing ‘Third Party’.

This ‘Third Party’ would support individual consumers to deal with networks of large and small firms; help firms to share and use data in new ways in return for doing so appropriately; aid regulators to bridge the gap between the market and individual consumers, staff and firms; and give privacy and consumer organisations a platform to help more consumers and to engage with more firms.

We propose a solution, a design for a ‘Third Party’ that engages the attention and resources of the different stakeholders to watch and help each other. Firms would have a strong interest in behaving appropriately; and in turn they would encourage their staff to behave appropriately and become more successful in the process.

Here is the full white paper: Personal Big Data white paper 3.0.