IoT devices attestation system using blockchain

1

25th October 2019

Evandro Pioli Moro

ETSI IoT Week 2019

Agenda

2

• About BT Applied Research

• Introduction to Distributed Ledger Technology (DLT)

• Relevance of DLTs to IoT

• IoT devices attestation system using blockchain

• Wrap-up

Background—BT Applied Research

• 3rd largest R&D investor in the UK, largest tech company

• 200+ researchers, 10+ practices, including 5G, SDN, fibre, video/tv, cybersecurity, AI/ML and IoT

• Our team, Future Smart Business, focus on IoT and their related technologies, e.g. edge computing,

smart cities, IIoT, healthcare, DLTs for IoT, smart grids, etc.

17 people looking after various projects and research areas

• NRG-5, EU Commission (H2020) funded

• iTRACE, UK government (innovateUK) funded

• ADEPT, UK government (Department for Transport) funded

• IoT data platform

• Agile CPE (IIoT + edge computing)

• IoT microjobs platform (DLTs for IoT servicing and agile SME contracting)

• Smart water trial, in partnership with Northumbrian Water

• Smart cycling trial, in partnership with See.Sense

• Drone detection/protection trial

3

Externally funded projects

IoT trials

Product developments and propositions

Introduction to Distributed Ledger Technologies (DLT)

4

• A peer-to-peer network with three main features:

• Shared immutable ledger (timestamped record) of

transactions, shared in a peer-to-peer network,

• Consensus algorithm to decide what is true on the

network: the resolution of a fundamental problem

every time to achieve system reliability (e.g. proof-of-

work)

• No-one should be in control of the network in any

point of time -> no central authority needed.

• Applications of DLT include blockchain (i.e. Bitcoin,

Ethereum, Hyperledger's), DAGs (i.e. the IOTA Tangle),

amongst others

Distributed Ledger Technologies (DLT)—why all the hype?

5

• Trustless, you can trust the information even without having to rely on a central authority

• Immutable, information cannot be changed/deleted, because of the hash function implementation

• Auditable, all peers have access to the same (and historical) information

• Fault tolerant, information is redundant across peers

• Verifiable, the information is continuously and indefinitely verified by peers

Smart contracts

6

Smart contracts are autonomous pieces of code executed by peers. Implemented in Ethereum, Hyperledger Fabric, and

others

Called smart because they can programmatically (automatically) react to inputs and/or the blockchain state.

Smart contract execution is auditable, immutable and irrefutable because are verified, like transactions.

Distributed Ledger Technology applications

7

• 1st generation: Bitcoin blockchain

• First implementation of virtual currency (Bitcoin cryptocurrency)

• 2nd generation: Programmable blockchains (Ethereum/Hyperledger)

• First implementation of Smart Contracts for blockchain

• 3rd generation: Direct Acyclic Graph (DAG) (IOTA Tangle)

• No blocks structure—speedier and lighter: aimed at the IoT

blockchain structure

Tangle (DAG) structure

DLT for the Internet of Things—why is it relevant?

8

Provides trust without relying on a central trusted authority: once information is written to the blockchain, it is continuously

and endlessly verified by the peers. The older the block, the more time the information/transaction is verified.

Provides access to a single source of truth, avoiding conflicting information.

Decentralised: no device/user will take ownership of the network in any significant amount of time, hence no need for a

central authority.

Immutable thus easily auditable: information on the blockchain is easily accessed and traced.

Do the interested parties need access to a single trusted source of truth?

Does the ledger have to be immutable, the data cannot be deleted or updated?

Is an independent and cryptographic audit trail required for the use case, e.g. prove identity, state or provenance of a device?

Does the system have good reasons for not putting a centralised utility in place or to have a single entity in control of the architecture

activities?

Does the interest of the parties lie on the success of the system, to keep its distinct characteristics?

Rule-of-thumb for applying DLTs into IT projects

Smart Cities context—various devices sending real time data to a

centralised platform

9

RT Data Feed

RT Data Feed

RT Data

Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

RT Data Feed

RT Data Feed

Infrastructure and process saving

ICTInvestment

More for Less

Creating a digital

model of your world

Welfare risks (health and social care, air quality,

natural disasters, terrorism)New Technologies

and Business models

Urgent need for sustainable growth

Changing demographics and urbanisation

More informed people

and machines make better decisions

RT Data

Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

Va

rio

us

Ne

two

rks:

Wi-Fi,

GSM

, LP

WA

, e

tc.

Da

ta p

latf

orm

Smart Cities context—realisable full-M2M scenario

10

RT Data Feed

RT Data Feed

RT Data

Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

RT Data

Feed

RT Data Feed

RT Data Feed

RT Data

Feed

RT Data

Feed

RT Data Feed

RT Data Feed

RT Data Feed

RT Data Feed

Monitoring

station

Traffic

control

Weather

aggregator

Traffic live

feed

Police

5G Edge

Cloud

platforms

Devices are constrained in battery and computing

power, but we still want to realise a full M2M system…

• Devices identity?

• Data attestation?

• Failures?

How to guarantee security?

Smart Cities context—DLTs to provide data

attestation of IoT devices

11

If the devices either are peers of the DLT, or have the capability of signing

transactions (light nodes), the IoT messages can be relayed to the DLT.

Via device profiling, either using smart contracts, an API at the receiving

end or a transactions inspection interface, the IoT data can be inspected

according to the:

• Role of the device on the network,

• Expected frequency of updates,

• Expected range of values,

• Read/write authorisations, other data related issues.

Blockchain acting as a decentralised, immutable and trusted devices

profiles storage system.

Depending on the architecture, the blockchain can independently

perform attestation of these devices + flag failures and/or restrict further

access to the network.

Patent filed March 2019.

Q&As

© British Telecommunications plc