Secure data logging in IoT
There are many approaches and solutions for IoT data logging (MQTT being the most popular protocol), but they do not address two particular challenges in information security:
- Am I seeing the data from that particular device? How can you prove the authenticity?
- How can I be sure no data is taken out?
Another challenge is data privacy and encryption, which could also be addressed in a better way. MQTT supports SSL encryption on the transport layer, but once delivered, the messages are presented in clear text.
The PBTX protocol
While working on a project for Fixpayments, we needed a blockchain transaction protocol that is lightweight and suitable for low-power mobile devices, such as cheapest Android phones, used with low-bandwidth internet coverage. As a result, PBTX, an open-source transaction protocol based on Google Protocol Buffers, was developed.
ESP32 prototype
As a side project, I started fiddling with ESP32 microchips. These are cheap (around a dollar a piece) and quite powerful microcomputers, exceeding in some capacities the Intel 386 processors from three decades ago. They are equipped with a few megabytes of RAM and flash storage, and also have a WiFi interface. Some models have also BlueTooth connectivity, and some can work as USB devices. They are capable of calculating the 256-bit elliptic curve arithmetic in the CPU. Also they are equipped with a hardware-accelerated SHA256 hash calculation. Some future models may also have hardware acceleration for ECC.
Calculating a secp256r1 signature is quite fast (in the order of few dozen milliseconds), and the ECC key recovery algorithm takes about 300–700ms, depending on the chip model and compiler optimizations.
So, I made a prototype that addresses those two challenges at the top of the article.
- Authenticity: each message is a PBTX transaction, signed by a private key generated by the microchip and stored securely. ESP32 supports also flash encryption and hardware security modules, so the private key can be made really hard or impossible to retrieve.
- Integrity: a sequence of PBTX transactions is a micro-blockchain in itself, because each message contains a hash of the previous one, and also they have sequence numbers. One cannot take a message out and pretend it was not there, or add messages in the middle.
The prototype can also be easily modified to utilize ECDH for content encryption, so that only an owner of particular private key could read it.
The prototype is fully open source and anyone is welcome to try or extend it:
- The PBTX smart contract is deployed on Telos Testnet.
- The RPC can be installed on a Linux host in the internet or in your private LAN.
- The ESP32 demo project can be compiled on any type of ESP32 device. It needs the
esp32_pbtx_liblibrary in its “components” directory.
Currently the prototype is just sending a 2048-byte vector of bytes sequentially. But one may add any kind of sensor measurement easily.
Use cases
There are many potential use cases where secure data logging is important. A few examples follow:
- Industrial environment monitoring: air quality, temperature, humidity, noise, light, electromagnetic radiation — all these parameters are important for workplace safety monitoring, especially in work with hazardous materials. Should any incident happen, it becomes important to have authentic and consistent records from the location.
- Compliance and safety: on-site workers may need to record their presence on the site. They can swipe their ID cards on the NFC readers which send these events to the blockchain. It could also be a more complex interaction, such as a timestamp of a video record signed and timestamped.
- Machine servicing: several independent third parties, such as service companies, may perform the regular maintenance on a piece of machinery, such as a cargo ship or an airplane. Each company would produce a record in the machine’s service journal, so that it is verifiable and consistent.
Next steps
This prototype needs to become an open-source platform, so that various players in the industry would be able to build their solutions on top of it.
Also, support for other hardware types needs to be added. There are microprocessors with similar capabilities by other vendors, and also a big variety of other types of devices and mini-computers where such a platform could be used.
