An Industrial Blockchain for IoT

Connecting the digital world with the world of machines holds the potential to bring about profound transformation to global industry, bringing greater speed and efficiency to industries as diverse as automotive, aviation, energy, power and health-care.

Browse marketing materials and it will feel like the 1990s never happened. It’s all key management, digital certificates and certificate authority hierarchies for 50 billion machines.

Doesn’t anyone remember the Years of PKI? Insanity is often defined as doing the same thing over and over again and expecting a different result. So has there been a wave of collective insanity that would make people believe it can work this time? The answer is no, there simply hasn’t been an alternative. If all you have is a key then everything looks like a lock. Like helicopter ejection seats, using PKI for the Internet of Things is a bad idea that simply won’t go away.

It’s not about Data-in-Motion.
It’s about Data-at Rest
.

Bruce Schneier pointed out in 2006 that throughout the 1990s everyone was focused on data in motion when they should have been focused on data at rest. This focus on communication between separate parties is also the reason modern security continues to fail. It is like securing your home by digging a tunnel to your neighbor’s house. 

What matters for machines (and for your home) is protecting what’s inside it – ensuring that the software operating inside the device has not been compromised.If the device is compromised then securing the communication from it won’t matter a fig. 

It’s not about Confidentiality.
It’s about Integrity
.

Let’s look at possible integrity and confidentiality breaches for familiar devices:


Integrity Breach

Confidentiality Breach

Your
Car

Your braking system stops working.

Your braking patterns are exposed.

Your
Flight

Your plane’s instruments report that you are 1,000 feet lower than you actually are

Your flight plan is posted on the Internet. (note: it already is. You posted it.)

Your
Power Station

Critical systems compro-mised leading to shutdown  or catastrophic failure

Your electricity bill is published online.

Your Pacemaker

Shutdown and death

Your heartbeat becomes public knowledge.

Your
Home

Your security system is remotely disabled

The contents of your fridge are “leaked”. You drink how much beer?

KSI Implications for IoT

KSI builds a foundation to define the following key principles for IoT security :

  • Event Driven – sense, detect and react to events intelligently. An event is a change in state of the physical or digital object.
  • Traceability – record and play back events over time horizons to aid in discovery and root cause analysis.
  • Assurance – verify the reliability and integrity of the data, preserving time and authenticity.
  • Identity – authentication and authorization of physical devices with IoT applications

How to Get KSI for IoT Platforms

Guardtime's products and solutions can be purchased for your environ-ment following our Design, Build, Operate, and Transfer (DBOT) model. 

We're always happy to discuss your concrete requirements, please register your interest.

See also:

Critical Infrastructure Protection

Real-time situational awareness into infrastructure assets to support continuity of operations.

Learn more >

Enterprise Security

Detection of network state compromise with real-time tools for isolating compromised components.

Learn more >

Hadoop Big Data Lakes

Automated Big Data Archiving made simple, affordable and secure through KSI-based integrity instrumentation.

Learn more >

Data Breach Management

Solution provides tools to stay in control before, during and after the data breach incident.

Learn more >