In my last IOT article, we briefly covered the ability of a public blockchain to hold trusted identities to help secure IOT devices whether or not their software is up to date. If you do keep your software up to date, how do you know it is secure? How do you know if the update was compromised? You may have a virus or other malware that changes your files as you update them. If you can’t be sure your updates are secure, you may have to wonder if the data your device is managing is secure.
Security cameras not actively monitored have to either store their images or video files locally or send them to an external monitoring system. If there is no real time monitoring, how can you be certain that all messages are being received? Do you have a way to determine that the image that you are receiving is the same image that was sent? Using a public blockchain allows a device to log every image or video that should be coming off of it. These images do not need to be put in the blockchain, so no privacy concerns are being neglected. Hashes put into a blockchain allow an auditor to verify that all received images are real. They also allow the detection of images that aren’t being delivered. A blockchain can allow you to be certain your device is secure and performing correctly. And it can prove it.
How? Data can be secured in the same manner as images. Every data item, critical piece of information, or snapshot of a point in time can be hashed and added to a blockchain to verify it happened. The granularity of your data needs can determine how often or how large the hashed data should be. Data that is mission critical or subject to fraud and legal exposure can be secured against alteration. As with image files, no data privacy has to be compromised to have transparency, auditability and even legal security.
If you are running a device, how do you know you are running what you think you are? You can check the hash of updates files to see if what you are downloading is what it says it is. The problem with hashing at that high of a level is the hash does not tell you what is wrong, only that something is. The install could have failed or a resident virus could be overwriting system files any time they get updated. A list of file hashes for every file installed for a specific update can tell you about your system health without having to watch for symptoms. These hashes can be used for generic system health, virus or trojan detection, version compatibility and any other software related issues. Using a blockchain lets you do this without ever sharing system details that could expose you to further risk.
The difficulty with these blockchain solutions is granularity. Granularity is what lets you know what has changed instead of only knowing that ‘something’ has changed. Being able to check on the integrity of the data on your systems and your systems themselves is a powerful ability. Implementing a similar system is possible with many of the blockchain solutions that exist, but most are cost prohibitive or do not have the performance throughput to handle a system with even a marginal volume of hash transactions. In December, the transaction fee for a single Bitcoin transaction reached $55. It is currently about $4. Costs like these do not allow for you to forecast your expenses. If securing a billion transactions has a tangible value of $5 million you can’t stay in business long if securing those transactions costs between $4 and $55 billion.
We need a blockchain implementation optimized for a high transaction volume that still maintains a reasonable cost. The Factom blockchain was designed for just this and manages a high throughput while keeping costs manageable and predictable.