Slock.it IoT Layer
Enabling the economy of things
Exploring the field of technical devices means exploring new technologies and understanding the world around us. In recent years, we’ve learned that interaction with software is first and foremost screen-based. But that is changing now. As the machine to machine interaction as well as the machine to human interaction become more and more important, they open up new possibilities for us to experience the world around us. The more devices are connected to each other, the more possibilities they offer us. This change provides a completely new way for users to experience their private and work lives.
Most of us are familiar with human to machine interaction, in short: We as humans pay a machine to do a certain service for us. In these times of blockchain technology and cryptocurrencies, an example could look like this: We pay a smart door lock to give us access to the apartment behind. Or we pay a smart bike lock to let us use a bicycle. We can also pay a smart power plug to turn on the power of any connected machine.
This is already reality. Just last month we made our Slock.it mobile App available in the App store for android and apple devices to download for free so that people can link their smart devices to the blockchain and give other people access via payment. Although the app is still in testing mode, you can already get a feeling of what we want it to eventually look like.
Another form of interaction is the machine to machine communication. Imagine an electric car that needs to be charged. Driving to a charging station would take extra time. But what if the car could buy electricity via induction at a red traffic light?
In order for machines to be part of an economy of things, they need to cooperate with each other on a different level beyond just transferring data. They need to exchange values, and, most importantly, they need to be able to enter into complex agreements.
Not too far into the future we will also see machine to human interactions. So if we have an autonomous car, it needs someone to change the tires. Not for free. The car itself will pay someone to do this.
Now, if this is the future we are heading into, we need a secure and open infrastructure which will enable those use cases. However, the current IoT infrastructure cannot deliver that.
Challenges we are facing
So far, the internet of things is quite fragmented and unsafe. Machines don’t have wallets. They don’t have real digital cash. There are also high security risks when it comes to interoperability. When building IoT systems you usually have a tradeoff. Either you can decide to build a closed but secure system or you can build a system which is open and integrated with IoT clouds, allowing third-party access. Option one is fairly secure, although very limited in its ability to use other apps or machines on top of it. Option two is great when you want other apps to be built on top of your solution. However, you become more and more vulnerable to each third party integration you are using. When you get connected with others, you’re giving them a key to interact with your system, and they, in return, could give this key to a third party. Which, of course, is something you don’t want.
blockchain gives us the opportunity to solve a lot of these issues. It gives us wallets for machines once they have keys. With blockchain technology, you don’t have any single point of failure or one data center which stores all the keys. Additionally, you have a common layer which acts as an open API to interact with others. With blockchain and smart contracts, we can get both: security and interoperability.
It’s a nice vision to use blockchain technology for IoT devices. And yet, how can you securely connect a device to the blockchain? First, you have to ask whether you “just” want to write to (sending a transaction) or read from the blockchain. Surprisingly, it is much easier to write than to read. For writing, it is sufficient to have a private key within the device and a connection to a node in the p2p network of the blockchain of your choice. Although getting a confirmation that your transaction was actually included is again a read process, which is harder. In order to read, you need to verify the chain. This brings us to the second matter you need to address, choosing a client and its configuration. There are different options to this: First, running a full client. This stores everything, the whole state, the past states, the whole blockchain. The downside: you need a lot of storage, high bandwidth and a lot of CPU power. This is just impossible in the IoT world. Now there is also a pruned full node. There you delete all the past states and store only the blockchain itself in addition to the most recent states. That’s already a big step. With this you still have the full verification of the blockchain history. However, most disadvantages stay, such as long synchronization time and still quite some storage demand.
Then there’s the light client, which seems most fitting to the IoT world. It needs roughly 50 MB and you only synchronize the blockheaders without computing the state by running all the transactions of a block. After verifying the blockheaders, you can use a Merkle Proof to verify a certain part of the state in the blockchain. This sounds good. But still, if you measure how much data goes through this light client, it is still far too much for most practical IoT use cases. This is because the light client is still part of the p2p network and acts as a node. It also means, it needs to synchronize before it first starts, and again in the case, it has been offline for a while. So for use cases where you want to read from the blockchain once a month or so, this is still impractical. The lightest option is the remote client. This means you just connect to a server and it responds to your request. The drawback here: It’s not trustfree. You have to trust the information you’re getting from the server. Also, it introduces a single point of failure to your solution. So what could we do? (For a more detailed explanation of clients and configuration options, this post is highly recommended: https://dev.to/5chdn/the-ethereum-blockchain-size-will-not-exceed-1tb-anytime-soon-58a)
Introducing Slock.it IN³ (Incubed)
Our team at Slock.it got together to brainstorm different options. We wanted to have a secure solution which removes the need to trust a single server and we didn’t want to spend time synchronizing the chain. Neither did we want to store anything beyond the software itself. We also wanted it to work with all EVM-based blockchains, have minimal bandwidth requirements, and it was supposed to only communicate when it was actually needed. We found the answer, and called it INCUBED (IN³)! A trustless incentivized remote node network. In short, a network of remote nodes, which are incentivized to always give you the right response.
Incubed consists of a network of nodes which act as servers to the IoT devices that are running a Slock.it client. Those nodes have paid a deposit which they would lose in case they give a wrong response. Those nodes also act as watchdogs checking each others’ responses. The IoT devices which run a Slock.it client only verify the responses, similar to a light client. But instead of synchronizing the blockheaders, they receive signed blockhashes from the Incubed nodes. Since they can verify how much they deposited, they know how secure the response is. Additionally, they can ask for several signed blockhashes from multiple nodes.
In detail it works like this:
- I am a full node. I register at the registry smart contract and pay a deposit, which I would lose if I lied. Several nodes will do the same.
- An IoT device, running the Slock.it client now sends an RPC request to one of those nodes. There are three things the device needs to know in order to verify that the information is true: 1. The Merkle proof, similar to a light client. 2. The current block header. 3. A signed blockhash (from that blockheader) from several incubed nodes which are specified by the device.
- The device can publish this information. If someone finds this to be wrong, he can claim the deposit of this node. This is done by so called watchdogs. The node which received the initial request from the client also acts as a watchdog.
- Since the IoT device, running the Slock.it client, asked other incubed nodes to sign the blockhash as well, it can verify the response and claim the deposit in case a wrong blockhash was signed. This happens in the convict function within the registry smart contract. (The only piece of information within the Ethereum virtual machine which you can get from the past are the blockhashes from the last 256 blocks. This is what Slock.it is using to build a fully decentralized system without any central authority or central node controlling the system.)
For the security critical service of signing blockhashes, the incubed nodes will receive a micropayment from the client. This can come directly from the device or optionally the device operator (if existent).
Incubed, though, is only part of a greater product Slock.it is building at the moment. The Slock.it IoT Layer has much more to it. It includes payment channels, hub services, a discovery service (marketplace for IoT devices) a messaging system, access control smart contracts and integrations within existing IoT clouds, as well as software images for commonly used systems on a chip such as the raspberry pi or the samsung artik.
This Slock.it IoT Layer solves the problem of efficiently connecting a device to the blockchain and adds the necessary features for it to become usable to non-blockchain developers working on IoT systems. It is highly interoperable with other devices and completely decentralized. You get the security of a blockchain, the interoperability of IoT clouds, and all this without needing a login other than your cryptographic keys.
At EventHorizon in Berlin this past April, we were able to present this idea to a large crowd of experts, government representatives, decision-makers, start-ups and established market participants. For us, it was a huge success. Slock.it was awarded by the participants with the “Top of the Horizon” prize, which we’re honored to have received.
Here you can find the video of the presentation explaining the concept: https://youtu.be/faesmyMPlYY
As the interaction between machine and machine as well as machine to human becomes more and more important in today’s world, the possibilities seem endless. We at Slock.it are working on building a solution from developers for developers which solves the security and interoperability problems that exist in many IoT systems. We will have those IoT devices pay and receive payments, as well as enter into complex agreements in order to enable the economy of things.
