Part II — The Internet of Things and the Solution to Centralization…

--

Is The Internet of Things and Centralization a Security Weakness?

As discussed in Part I — So What is The Internet of Things? an alarming 84% of companies have stated that they have had security breaches related to the Internet of Things. The need is present and without a doubt important for IoT to have a protocol in which the messaging data layer is secured. The Tangle offers this solution as the “Transport Layer”.

The medical industry doesn’t just hold extremely sensitive patient data, but handles connected devices that act in critical service. Critical service being that if the device fails a persons life could be in danger.

Jessica Davis wrote in the article ‘The security risk storm is here: Medical device threats are real and a patient safety riskfound that a recent study from the University of California Cyber Team funded by MedCrypt found that a few healthcare delivery organizations and vendors believe between 100 and 1,000 patients had adverse events from compromised devices. The article stated, “There’s at least some self-reported evidence that some patients are being harmed by compromised medical devices,” said Christian Dameff, UC San Diego researcher and emergency room doctor at the HIMSS Media Security Forum in San Francisco on Tuesday. Dameff, along with his colleague, Jeffrey Tully, UC Davis security researcher and pediatrician, outline a recent simulation of what happens when a patient’s medical device gets hacked. The patient, represented by an actor, presented signs of chest pain to a team of nurses and doctors. The team went through normal procedures to treat the patient directly reflecting his symptoms. However, the ‘patient’s’ pacemaker was malfunctioning and routine attempts to use a magnet to fix the problem didn’t work. As a result, the ‘patient’ kept dying and coming back to life because the hacked pacemaker kept shocking the patient at the wrong time. What’s also concerning was the reaction from clinicians who took part in the simulation were completely unaware the device had been compromised, said Dameff. They were also asked if they would know what to do if a device was hacked, and all of them said ‘no.’ What’s more, none of the team had been trained in reacting to medical device hacks”.

This is just within a medical facility. Eventually our autonomous cars, energy grids, levies, damns, airplanes, utilities, and thermostats will all be connected forming this global Tangled web. If the data streams which receives data and relays commands becomes compromised we can see anything from complete cities having blackouts in the midst of winter, to damns opening up their sluice gates and flooding entire towns. The risk level is too high to put in the hands of a central entity.

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack#Affected_organizations

Nearly every major entity has been affected by DDoS (Denial of Service Attack) or other hacks. Attacks have occurred to Amazon AWS, Facebook, Google, US Bank, and others. Cyber attacks have been conducted on governments, hospitals, schools, enterprises, and so forth. In 2017 a worldwide cyberattack was conducted using ransomware cryptoworm WannaCry. Computers were targeted that ran Microsoft Windows (FYI — Centralized / Closed-Source) operating systems. The attack lasted for a few days and affected more than 200,000 computers across 150 countries as read from Wikipedia ‘WannaCry Ransomeware Attack’! As wikipedia stated, the total damages ranged from hundreds of millions to billions of dollars! Just a couple of affected entities were: Governments of India, Russian Railways, Faculty Hospital Nitra, Dharmais Hospital in Indonesia, Cambrian College Canada, Boeing Commercial Airplanes, Chinese public security bureau, Petrobras, and others. This attack affected governments, railways, universities, hospitals, and many other facilities.

Over and over it comes down to the fact that data and connected devices creates such a vast entanglement that if such a network goes down the consequences ripple across the world and societies.

What was one weakness the WannaCry attack found? Microsoft! A centralized closed-source application in which users who built their networks upon, stored their data, were suppose to simply TRUST. Having a secured Internet of Things protocol wouldn’t have necessarily stopped the WannaCry virus, but it shows the implication and how fast something can spread over the globe. The WannaCry virus focused on data silo’s stored by companies, but can you imagine if a virus focused on connected devices that controlled our pace makers, autonomous cars, planes, etc. We hear about data breaches everyday; however, global hysteria hasn’t broken out just because our information and credit card numbers have been hacked to the dark web a few times. Yet when the Internet of Things gets hacked and street lights create head on collisions, planes sensors direct pilots into mountains, or worst Nuclear Power plant sensors initiate a meltdown, there will for sure be a global hysteria and catastrophic loses. Centralization has failed at protecting our data, we must not let centralization fail at protecting our lives.

The Tangle, A Decentralized Solution:

Offering a protocol in which the data from connected devices is securely transmitted, received, and analyzed; the Tangle will allow a secure distributed network in which commands can be directed to and from. This type of invulnerable communication layer mitigates the global catastrophic risk of a corrupted IoT infrastructure. Such risks can only be overcome with a decentralized, distributed, and open-source standard.

The Tangle will offer the world an ability create both local and global clusters offering a secure messaging layer. It will not matter whether Fujitsu simply wants to create a private Tangle to secure communications for their machines within a factory; or Jaguar, who wants to create a global Tangle that ensures their vehicle data is secure when being transmitted to the cloud.

Such a communication layer will allow car companies to issue updates which will also provide an immutable signature hash that proves the vehicle received those updates without corruption. A Tangle can also be created to support a small local network as within your own home. You may simply have your sprinkler set to water your grass based on your outside soil sensor. If it reaches a certain dryness threshold the data generated can trigger the sprinklers to water. You can feel assured that some young hacker of the future, won’t be able to have some laughs going around the neighborhood setting everyone's sprinkler systems off.

A Tangle can be as universal as protecting a global supply of a pace makers developed by a company. The Tangle can protect them from being hacked, or at a minimum, create a secure data stream in which alerts can be sent out to hospital staff informing them that a patients pace maker has been compromised. Additionally, you won’t have to worry about depositing crypto as gas into the pace makers wallet to pay the miners! Instead, you can have the peace of mind that data transfer transactions are fee’less.

Let’s Recap!

  • We understand that connected devices are growing at an exponential rate.
  • Companies that want to start innovating their businesses struggle with entering the internet of things market due to: Security, cost, and lack of expertise.
  • Within the market, 84% of companies have already experience security breaches through their IoT infrastructure.
  • The Data/Messaging layer needs to be secure.
  • The Tangle and IOTA can offer the solution of a secure data & messaging layer in which to allow for a global foundation that the Internet of Things can build upon to develop and scale.

So What Can Be Built On Top of A Secure IoT Protocol?

In 1994 the album, ‘Ten Summoner’s Tales’ by Sting became the first economic purchase over the internet. The internet had been around since the early 1980’s yet it took almost fifteen years to create a secure enough layer for people to trust which would allow for the creation of E-commerce!

E-Commerce became a digital marketplace where sellers can connect directly with buyers. This connection was built digitally over the World Wide Web and eventually the protocol layer was designed secure enough in which trust was achieved. From here, banking companies created services as an application built on top of that trusted layer. This led to the creation of E-Commerce and allowed for that initial online purchase in 1994. So what will the Internet of Things be able to foster with a secure protocol layer? The IoT will eventually be able to provide a network in which edge devices, machines, and humans can securely exchange data and assets without the need of 3rd parties and a central cloud authority, and, it will be able to do so in a trustless manner. The question becomes, what kind of marketplace and what kind of applications can be created on top of such a network? Not only can a Machine-to-Human economy grow but eventually an autonomous Machine-to-Machine economy as well.

In 1994 there were about 5.5 Billion people on the planet and only a handful took part in E-Commerce. It is estimated that in 2021 there will be over 9 billion people and 21.8% of them will partake. That is from a handful to almost 2 Billion people on earth purchasing goods and services over the internet within 27 years. We can assume that with the growth rate of connected devices we will see the same explosion of activity within the Internet of Things.

How many of the 50 Billion connected devices in 2020 will be able to sell data, provide a service, aid an application, and complete all of these processes seamlessly and securely? We are on the precipice of which the ground work is being laid to create the ignition of the digital Cambrian explosion. This machine digital economy that integrates humans with devices will dwarf the current internet e-commerce size. This will truly be an evolution and transition us into the 5th Industrial revolution. With it, a new Decentralized Digital Autonomous Era; powered by Artificial Intelligence and IOTA.

Centralized vs. Decentralized vs. Distributed Network for the Internet of Things

  • Centralized Networks are the likes of your internet router in your home. If your internet router suddenly fails you can no longer access world wide web. We look at it as a single point of failure. This could even be an electrical company in which their main control server is on one single network. If that network is compromised, the whole electrical grid that is controlled goes down. In essence, there is no backup. This of course offers a security weakness and would be extremely risky to build the Internet of Things upon.
  • Decentralized Networks are networks in which multiple owners who are connected create mesh interconnected networks. Each owner has connectivity to each other and has a copy of the resources. This eliminates, to an extent, a single-point-of failure. However, with networks such as Hyper Ledger, Ripple, and Delegated Proof-of-Stake systems (DPoS), these systems do not offer everyone equal access. They are either a “Permissioned” network (ie: Ripple & Hyper Ledger), or a Decentralized network with a centralized weak point (ie: DPoS). Looking at EOS is an example where voting power (through stake) was used for corruption and dishonesty in ways to dictate the networks direction. Some IoT applications can certainly work with Permissioned decentralized networks, or even Delegated Proof-of-Stake networks, but there will always be a form of control variable that must be risk assessed and analyzed.
  • A dstributed Network is a network that is as completely decentralized and permissionless as it can be. There is no restriction nor requirement for anyone to access the network. Every person has the ability to access the network and have a node which can connect to the resources. There are no fees required to join. The only requirements are to act honestly.

A permissionless distributed network that is 100% secure, trustless, and scalable, is nearly an impossible challenge! I’ll repeat it again and again, as Elon Musk said, “When something is important enough, you do it even if the odds are not in your favor”. For the Internet of Things, having a trustless, distributed, fee’less, & permissionless communication layer is without a doubt important enough that despite all odds, it is worth creating.

Game Theory and CryptoEconomics Failure when Used in the Internet of Things

Blockchains like Bitcoin and Ethereum are built upon a foundation in which game theory is combined with an economic incentive model. The assumption is that rational actors will behave a certain way. Mining and transaction fees are given to the miners to protect the network. In some Proof-of-Stake systems they are even punished for bad network behavior. Fee’s are used in many different ways to prevent a network attacks and spam. Fee’s are used to incentivize people to protect the network, or crypto stake is used to offer such an amount that a person would not want to act badly and lose the value of their stake. In nearly every model, Crypto Distributed Ledger Technologies, the incentive is the value of the crypto currency itself. What originally was a great theory, and works with a store of value and small quantities of transactions, simply does not work within the Internet of Things. This traditional blockchain model certainly does not scale to a global level.

Conclusion:

The internet of Things is here to say and is growing at an exponential rate with the increase of connected devices. As history has shown how Oil became such a desired resource that could power combustible engines which drove the 3rd industrial revolution, data and connected devices is the future resource that will take us into the 5th Industrial revolution. Without creating a decentralized standard the catastrophic risks are exceptionally high! The Internet of Things despite all odds needs a decentralized and distributed layer to build upon. It will be the applications that are built on top that are the building blocks, and the messaging layer supporting the base as a foundation.

The possible solution is IOTA and the Tangle, and not only does it offer a secure protocol, but one that is permissionless, distributed, and fee’less. The Tangle lays the ground layer in which a new economy can be built on, a new paradigm will evolve. Just as each industrial revolution completely changed societies, so will the Internet of Things and Artificial Intelligence. All with the back bone being the Tangle and powered by IOTA’s.

--

--

TCT Program Lead - JD Sutton (DeepSea)

I am DeepSea, the Program Lead for the Tangle Community Treasury. Below you will find articles about the TCT.