Identity & security of IoT devices with Blockchain helps to build end-to-end traceable trusted digital base
Abstract
Supply chain fragmentation creates a major pain point in the IoT industry, data generated by IoT devices cannot impartially prove the data source is trustworthy and traceable, resulting in a reduction in the value of the data. The IoT device landscape is regarded as isolated islands among the ocean of data so the key objective is to fuse together those massive IoT devices and IoT management platforms to cooperate in a unified data marketplace.
GSA (Global Semiconductor Alliance) IP Working Group recently invited Mr. Gary Xu, CTO of aitos.io, to participate in a technical discussion on “End-to-end traceability of IP” and “Management of IP” to consider the practicality of incorporating the BoAT blockchain application framework to allow the transfer of IoT data from devices to be uploaded on the Blockchain in real-time. The goal will prove data can be managed reliably and not be tampered with during the entire life-cycle of the device. When the life cycle of an IoT device is tracked through its entirety on the Blockchain, IoT data can be ensured to be authentic and credible because it’s mapped from physical thing to blockchain, validating the IoT data in the whole process of “supply chain + value chain”.
The GSA IP Working Group recently invited aitos.io along with 9 other companies to jointly compose a series of white papers including END TO END TRACEABILITY OF IP and MANAGEMENT OF IP. Some key considerations can be drawn out from this investigative report for end-to-end architectural design for IoT security management related to remote device attestation, consistent IoT device identity, roots of trust, physical unclonable function (PUF), and identity of module and device, etc. which needs to be factored in the face of security of supply chains (before market) and value chains (aftermarket). When building a value chain for competitive advantages, the key is to integrate identity and security into a trusted digital base to make certain stakeholders in the ecosystem such as IP providers, chipset vendors, OEMs, and service operators, grant all distinct parties a stake in collaboration around identity and security capabilities. Adapting a system-level benchmark during the design stage requires adoption from the “source” of IoT device data, including the application, or the OS, or even lower, in an embedded or an integrated secure element to enable consistent end-to-end trusted tracking of all system components. This achieves the goal of offering end-to-end trusted traceability for consistency across all system components but also provides trusted authentication services for IoT devices based on emerging blockchain technologies. Blockchain services can not only identify devices for the security and reliability of the IP, additionally, authenticate the data generated by those devices.
Mr. Gary Xu of aitos.io echoed this theme below:
Identity and security are two essential blockchain enablement considerations for devices. The device’s blockchain key pair is usually generated inside the device and endorsed by an existing RoT (Root of Trust) mechanism.
There are 2 traditional ways for IoT devices to make use of the blockchain. First, a device could play a role of a blockchain oracle and send data (e.g., temperature, humidity) to a blockchain smart contract that either stores the data or executes some logic regarding the data content.
A second way is, in addition to the normal process of uploading the data to the cloud, the device can also calculate the hash of the uploaded data, sign the transaction datagram containing the hash and send the transaction to a smart contract. The hash saved on blockchain could later be used by the 3rd party to verify the data in the cloud.
Unlike hardware server equipment, desktop computers or Smartphones, IoT devices are so fragmental that no single blockchain solution could fit all IoT device’s project use cases. It’s necessary to define some “default” profiles or design guidelines for IoT devices to support blockchain capabilities. For example, for a small-footprint IoT device profile, aitos.io’s BoAT (Blockchain of AI Things) Blockchain Application Framework introduces a C language multi-chain client SDK allowing an IoT device to invoke a smart contract. BoAT also utilizes secure enclave security features (like the TEE, SE, or even customized SIM card featured per project, etc., if applicable) to securely generate the key pair and protect the sensitive information (private key) during the algorithm computation.
The blockchain ensures the data integrity since the data remains stored on blockchain platforms, and the RoT-endorsed key pair identifies the authenticity for data provenance purposes. Hence, a device’s RoT, secure enclave, key pair and blockchain hash characteristics protect the data trustworthiness in its lifecycle. This impacts the ability to track device data assets in an on-chain digital lifecycle history.
About GSA
GSA is Where Leaders Meet to establish a profitable and sustainable semiconductor ecosystem. This expanding ecosystem encompasses semiconductors, software, solutions, systems and services. As a leading semiconductor and technology industry organization, we offer an efficient and strategic platform for thought leadership.
GSA has an impressive global footprint representing over 25 countries and 250 corporate members, including 100 public companies. As a result of our unique, neutral platform, our membership ranges from the most exciting, emerging companies to semiconductor industry stalwarts and technology leaders. Our members now represent 70% of the $450B plus semiconductor industry.
About aitos.io
aitos.io is a technology start-up focusing on the integrated innovation of IoT and Blockchain. By combining its own rich resources in the IoT industry, aitos.io has raised the standard for an open-sourced blockchain application framework BoAT (Blockchain of AI Things) with delivered via IoT chipset and module to enable IoT devices quickly implement trusted data on-chain and access the blockchain services. At the end of 2019, aitos.io and nine mainstream cellular wireless module manufacturers jointly initiated the Blockchain IoT Module alliance, and successively released their own brands of BoAT blockchain module products. This resulted in hundreds of millions of IoT devices equipped with the capability of blockchain services access as a trusted entry of IoT+Blockchain application. aitos.io’s vision is to leverage an alliance of global IoT vendors to empower them to tap the value of applications and data.
At the beginning of the project launch in the end of 2018, aitos.io received angel investment from the IoT industry expert group and strategic investment from Wanxiang Blockchain. In December 2018, aitos.io was awarded membership into ARM Accelerator Camp. In June 2019, aitos.io emerged as the founding member of China Unicom IoT and Wanxiang Blockchain IoT+Blockchain Joint Innovation Center. In November, aitos.io became a empowerment partner of Microsoft’s AI and IoT Lab . In August 2020, aitos.io transitioned into Tencent’s Blockchain Accelerator program as the first member. In February 2021, aitos.io joined RISC-V International as strategic member and initiated to form new Blockchain SIG (special interest group). In April, aitos.io initiated 1st China technical requirements standards for trusted blockchain access of IoT terminals.
More
