Achieving Data Integrity

Critical infrastructure and the IOTA MAM

IoT is transforming every aspect of society. The increase of sensor data gives the opportunity to improve the way we are living. Data of traffic situations for example is used to help everyone to navigate their car more efficiently by finding the best route. IoT is not only integrated in the private sector it is also integrated in the public sector. Infrastructure is a good example for the increased use of IoT.

Critical Infrastructure & IoT

Public infrastructure is considered as roadways, bridges, airports and airway facilities, mass transportation systems, water supply, waste treatment plants, energy facilities, hospitals, public buildings and communication facilities (Moteff and Parfomak 2004). In water supply systems valves, the water treatment system and further elements are controlled and operated by a number of devices which collect data and adjust processes. Important bridges are monitored with innovative fiber optical systems to assess the condition of the structure in order to enhance the durability and to identify risks (Casas and Cruz 2003). Another example are dikes (levees), where early warning systems monitor dike conditions and prevent floodings (Krebs et al. 2016).

Figure 1: Flood protection dike with highly stable and secure body out of sand filled geotextile tubes

The collected data offer the chance to improve the system and at the same time increases the vulnerability. We have become more and more depended on the reliability and integrity of the system. Simon (2017) describes the case of the “Kemuri Water Company”, where hackers managed to manipulate the system to the point that the entire process became impaired. When we look at IoT systems several components can be attacked. There is sensory hardware which is embedded into the system. Data can be obtained or manipulated on the device itself. Afterwards the data is sent into the network. Again, several weaknesses occur. Databases can be corrupted or the interpretation of the data can be manipulated.

In the past it was invaluable for cyber criminals to obtain the data directly. In regards to critical infrastructures the focus can shift to manipulating data. This would misguide the user who is dependent on the information. A bridge that is at risk for failure could be falsely considered as being safe. Doctors in hospitals might initiate the wrong treatment based on false information. The more IoT is integrated in our critical infrastructure the need for temper-proof systems increases drastically.

Dike Monitoring

Dikes (also: levees, embankments etc.) play an important role to preserve river banks and coast lines from uncontrolled flooding. They serve as a flood barrier in times of high water levels and costal surge. Therefor they are a good example of a critical infrastructure.

The implementation of dike monitoring systems to detect deterioration and damages before dam failures occur can be of great value. Unfortunately, these systems are still not fully developed and implemented. However, the necessity for dike monitoring systems is widely accepted and there are presently numerous systems under development (e.g. Krebs et al. 2016).

Film 1: Flood protection dike: construction and testing

Dikes are primarily endangered by erosion, seepage, overtopping and slipping of the landside slope. Different intrusive dike sensors are suggested to monitor the situations such as temperature, pore water pressure, inclination (Thiele et al. 2008), moisture and textile deformation sensors (Krebs et al. 2016). External sensors, as in water level detection, are added to set the inner dike condition in relation to the external force.

The dike presented in figure 1 is built with a body out of sand filled geotextile tubes. These tubes are used to increase dike stability and thus create safety. The described dike structure with geotextile tubes was used to test several flood conditions. Film 1 shows the construction and test of the dike. The water level was increased incrementally to the point of overtopping.

Film 2: Flood protection dike: monitoring of water seepage

The test undertaken were continuously monitored by several embedded sensor system. Film 2 shows the monitored seepage of water through the embankment. This data and additional information can help to detect critical conditions within the dike structure when they are monitored constantly.

IOTA Masked Authenticated Messaging

As stated above the more IoT is integrated into critical infrastructure, the need for temper-proof systems increases. The procured data is utilized in different applications. They all rely on accurate and integer information. In the case of dike monitoring the applications can be e.g. for dike maintenance, flood control or weather forecast.

The distributed ledger technology IOTA focuses on making data flow more secure and ubiquitous. It can help to build up a trusted data broadcasting structure to support the identified needs of critical infrastructure IoT. The applied feature of IOTA is the Masked Authenticated Messaging (MAM).

MAM is a communication protocol which allows to emit and access an encrypted data stream. It uses the core of IOTA, which is to send and verify transactions in a network by using a consensus mechanism (Handy 2017). While the transactions can carry a value or data, the consensus mechanism ensures integrity within the data flow (see part 3 in the following link).

Specifically, IOTA MAM uses the concept of a singly linked list which is based on IOTA transactions. Every message points to the next message in the stream. If readers know one specific message within the stream, from there on they can follow the subsequent messages.

Every individual message is identified by a key called “root”. Therefore, sharing the root grants access to the specific point in the MAM stream.

Application of IOTA MAM to Dike Monitoring

As a proof of concept IOTA MAM was implemented into a prototypical monitoring system. The system incorporates three types of sensors, which are usually used for dike monitoring. These are: water level, temperature and moisture (seepage).

The monitoring system was implemented at Dalke Stream in Gütersloh, Germany.

Dalke Stream in Gütersloh

Data of the sensors is taken and inserted every 5 minutes into the tangle. The upload was implemented with the mam.node.js library.

In general there are three MAM modes which can be used to control visibility and access. The modes are public, private and restricted. While in the public mode everyone can read the data, in the private and restricted mode the access is limited. Regardless of which mode you use, immutability and data integrity is guaranteed by the structure of the IOTA core protocol.

In the realized proof of concept, the restricted mode was used. To read the data inserted into the MAM stream, a root and password called “sidekey” are needed. These two things can be given to clients to read out the data by using the MAM fetch function.

To make the data stream of this proof of concept visible to public, a website was set up. It visualizes the course of the water level, temperature and the moisture within the construction. So far, the implementation worked out and MAM functionality and usability has been confirmed as been practical.

Visualization of the MAM data stream on www.smartdike.com

The current MAM data can be seen on this website: www.smartdike.com. If anyone wishes to use or integrate the data into another application:

Root:9UBURG9LRVIEFYHELCKQYUOPKUVY9GQXSZPDYEOUULKBJBSIUE9CPGGIUCCPMBUKIAHQZ9NCUMZFAFQQX

Sidekey: DASISTEINPASSWORT

Conclusion

As emmbeded systems become more commonplace in critical infrastructure, data immutablity becomes increasingly important.

The IOTA basic concept of the tangle ensures, that data can not be changed and therefore not be corrupted. Additional features like the MAM protocol with its publishing modes and the root entry concept help to publish and share IoT data with different users.

The created proof of concept shows that the MAM functionalities can be succsessfully used for dike monitoring as an example for a critical infrastructue. Although still under development, the used Beta version of MAM demonstrates its potential.

IOTA MAM can help to support the use of IoT in critical infrastructure. It offers a promissing way for ensuring data integrity while increasing the number of IoT devices used.

Literature

Casas, Joan R.; Cruz, Paul J.S.: Fiber Optic Sensors for Bridge Monitoring. In: Journal of Bridge Engineering 8 (6), Nov. 2003

Handy, Paul: Introducing Masked Authenticated Messaging. Medium Publication. https://blog.iota.org/introducing-masked-authenticated-messaging-e55c1822d50e, November 4, 2017

Krebs, Verena; Quadflieg, Till; Grimm, Christian; Schwab, Max; Schüttrumpf, Holger: Development of a sensor-based dike monitoring system for coastal dikes; Coastal engineering, 2016

Moteff, John; Paul Parfomak: Critical Infrastructure and Key Assets: Definition and Identification. Congressional Research Service Report for Congress, Library of Congress, Washington, DC. October 1. www.fas.org/sgp/crs/RL32631.pdf, 2004

Simon, Tobby 2017: Critical Infrastructure and the Internet of Things. In: Global Commission on Internet Governance, Paper series №46, Jan. 2017

Thiele, Elke; Wosniok, Aleksander: Managing Flood Risk, Reliability and Vulnerability. 4th International Symposium on Flood Defence. Toronto, Ontario, Canada, May 6-8, 2008