An Industrial Blockchain for IoT
Connecting the digital world with the world of machines holds the potential to bring about profound transformation to global industry, bringing greater speed and efficiency to industries as diverse as automotive, aviation, energy, power and health-care.
Browse marketing materials and it will feel like the 1990s never happened. It’s all key management, digital certificates and certificate authority hierarchies for 50 billion machines.
Doesn’t anyone remember the Years of PKI? Insanity is often defined as doing the same thing over and over again and expecting a different result. So has there been a wave of collective insanity that would make people believe it can work this time? The answer is no, there simply hasn’t been an alternative. If all you have is a key then everything looks like a lock. Like helicopter ejection seats, using PKI for the Internet of Things is a bad idea that simply won’t go away.
It’s not about Data-in-Motion.
It’s about Data-at Rest.
Bruce Schneier pointed out in 2006 that throughout the 1990s everyone was focused on data in motion when they should have been focused on data at rest. This focus on communication between separate parties is also the reason modern security continues to fail. It is like securing your home by digging a tunnel to your neighbor’s house.
What matters for machines (and for your home) is protecting what’s inside it – ensuring that the software operating inside the device has not been compromised.If the device is compromised then securing the communication from it won’t matter a fig.
It’s not about Confidentiality.
It’s about Integrity.
Let’s look at possible integrity and confidentiality breaches for familiar devices:
Your braking system stops working.
Your braking patterns are exposed.
Your plane’s instruments report that you are 1,000 feet lower than you actually are
Your flight plan is posted on the Internet. (note: it already is. You posted it.)
Critical systems compro-mised leading to shutdown or catastrophic failure
Your electricity bill is published online.
Shutdown and death
Your heartbeat becomes public knowledge.
Your security system is remotely disabled
The contents of your fridge are “leaked”. You drink how much beer?
KSI Implications for IoT
KSI builds a foundation to define the following key principles for IoT security :
- Event Driven – sense, detect and react to events intelligently. An event is a change in state of the physical or digital object.
- Traceability – record and play back events over time horizons to aid in discovery and root cause analysis.
- Assurance – verify the reliability and integrity of the data, preserving time and authenticity.
- Identity – authentication and authorization of physical devices with IoT applications
How to Get KSI for IoT Platforms
Guardtime's products and solutions can be purchased for your environ-ment following our Design, Build, Operate, and Transfer (DBOT) model.
We're always happy to discuss your concrete requirements, please register your interest.