Blockchain, for Security?

[From the last episode: We looked at the tradeoffs being made between securityRefers to whether or not IoT devices or data are protected from unauthorized viewers. and ease of use.]

We’re going to take on a wonky topic today: blockchainAn electronic ledger system where all entries are confirmed by some decentralized mechanism, like voting, and cryptographically attested so that, if someone changes one entry anywhere, it will be obvious.. If you haven’t heard that buzzword, you may be familiar with Bitcoin – an artificial money (officially referred to as a cryptocurrencyA form of artificial currency that uses blockchain technology. Bitcoin and Ethereum are better-known examples.) that makes use of blockchain technology.

In order to get our heads around this, we need to make sure that we’re free of two things that have biased me in the past.

• Blockchain isn’t just about cryptocurrency; cryptocurrency happens to use blockchains, but we can use it for other things that have nothing to do with currency.
• We’ve talked a lot about communication security, but data security – whether the data is altered during communication or just while sitting on a hard driveA type of persistent (non-volatile) memory built from rotating platters and “read heads” that sense the data on the platters. somewhere – is just as important.

In other words, we’re not going to talk about cryptocurrency, and we’re not necessarily talking about communication and authenticationThis is the act of proving to some other entity that you are truly who you are representing yourself to be. That is, you're not pretending to be someone else. "You," of course, means a computer or IoT device or any other entity trying to make a network connection with another computer or device..

Our Kind of Blockchain

With that in mind, let’s talk about blockchain. You know what a ledger book looks like, right? It’s a list of transactions to and from some account. You write them in a book, and you probably track the totals as the money comes in and goes out. OK, these days, maybe not a book; maybe a database or a spreadsheet.

But here’s the thing: you can change the entries after the fact. It’s a pain with a book if you have to track the running totals (and change them everywhere after the tweak you made), but with databasesA structured way of storing data and relating different pieces of data to each other. (Like, which address belongs to which person.) There are “query” languages, the best-known of which is SQL, that let you enter data into the database, change data that’s already in the database, and retrieve data from the database. and spreadsheets, automatic calculations remove that particular hassle.

Making such changes is ok if this is your ledger and you found a mistake (although not really a good accounting practice – you should correct past mistakes with a new adjustment entry and an explanation, but… hold off on that thought for a minute). It’s not so fine if someone else changes your data. That’s what blockchain is about: protecting the integrity of a transaction ledger so that no one can monkey with it undetected.

Blocks, Chains, and Networks

Specifically, each transaction is a “block.” These transactions – that is, these blocks – are chained together with some encryptionEncryption refers to encoding and decoding (or encrypting and decrypting) data so that it can't be read unless you have the right key. It's critical for good security. mechanism that lets you know if something has changed anywhere in the entire database. To me, it feels very much akin to the digital signaturesAn encrypted digest that can be appended to a message or sent separately from the message. we talked about before: if the content of a document changes, then the signature will reveal that there has been a change. Same thing here, in principle.

Another feature of blockchains is that they are decentralized. No one person or organization controls them. There are multiple copies on multiple machinesIn our context, a machine is anything that isn't human (or living). That includes electronic equipment like computers and phones., potentially all over the world. This is critical: it means that no one can mess with the data because they’d have to do it on all of the copies. Different blockchain implementations have different ways of confirming the correctness of a new transaction entry, but the general idea is that many people who are so-called miners (for early cryptocurrency) or voters have to agree on a transaction before it’s permanently added to the ledger.

Blockchains exist over a network, and that network can be public or private. They may or may not require permission to log on. Private networksA collection of items like computers, printers, phones, and other electronic items that are connected together by switches and routers. A network allows the connected devices to talk to each other electronically. The internet is an example of an extremely large network. Your home network, if you have one, is an example of a small local network. generally do require permission.

Blockchain and the IoT

Now let’s apply this to IoTThe Internet of Things. A broad term covering many different applications where "things"  are interconnected through the internet. technology. Many IoT devices report data from sensorsA device that can measure something about its environment. Examples are movement, light, color, moisture, pressure, and many more. of one kind or another. But, is that reported data correctly stored by your service provider, who is likely tracking all of the data from your and from all of their other customers?

There are a couple questions that help determine whether blockchain technology makes sense, since it’s not necessarily simple to implement:

• Are there 3 or more parties involved in the data creation and use? (There are simpler ways to handle two-party situations.)
• Are there decisions that depend on the data? In other words, do you need to be able to trust the data?
• In particular, is the data driving some automated action?

If the answer to these is “Yes,” then blockchain may make sense. But, to be clear, like so many of the things we’ve talked about so far, this isn’t a decision that you make; it’s a systemThis is a very generic term for any collection of components that, all together, can do something. Systems can be built from subsystems. Examples are your cell phone; your computer; the radio in your car; anything that seems like a "whole." infrastructure decision made by your IoT device or service provider. So you don’t need to understand the intricacies if your service uses blockchain for security.

IoT Blockchain Networks

Many IoT-related blockchain networks will be private, since it’s cheaper. There’s likely to be one ledger per provider, or, perhaps, per service, if a company provides multiple servicesWe are used to purchasing products outright. "Services" is a new concept where you may or may not buy the product, but optional or mandatory services come with the product. Those services may have an ongoing cost separate from the purchase price..

For now, the different blockchain networks can’t talk to each other, although that’s changing. It’s probably not really an issue for the kind of blockchain we’re talking about; it’s more important for cryptocurrency – in case you want to move money from one network – say, Bitcoin – to another – say, Ethereum.

You may wonder where all this data exists, besides in all of those computers around the world. If you have a smart thermostat, is there a huge database in there? Nope. Some of the data may be near your home devices, but probably not the devices themselves. It’s probably in the home hubA piece of electronic equipment that gathers separate related things together. A network hub, for instance, might bring together the individual network connections of multiple local users. A sensor hub brings together sensor data from multiple separate sensors for possible combination. Or, more specifically, a device in the home (or elsewhere) that acts as a central point connecting a variety of smart-home (or other) devices. The devices talk to the hub; the hub talks to the cloud.. Even so, it’s not likely to be the full database, but just a “window” into the most recent parts of the database that pertain to you. But it’s just a copy: if you turn off the hub, it will get a new copy later; the data isn’t lost.