“Most people want security in this world, not liberty.” — H. L. Mencken
Mention “distributed ledger technology” and you’ll either get a blank stare or someone will shout, “Blockchain!” The underlying mathematics behind cryptocurrencies and blockchain can, like any technology, be used for different purposes. The headlines tend to emphasize those that affect consumers, but there are a lot of other ways we can employ distributed-ledger technology without setting up massive cryptocurrency server farms.
Iota Foundation is about as far from cryptocurrency mining as you could possibly get – and yet oddly connected. It’s a nonprofit organization dedicated to developing and distributing open-source software, so it doesn’t even make money, never mind making money. The group is made up of 100 full-time engineers spread across the world with the singular goal of leveraging their combined expertise in distributed ledgers for the good of all programmer-kind.
Ironically, the founders of the organization include the early pioneers in Ethereum and other cryptocurrencies, so their technical bona fides are solid as a bank vault. They felt that the underlying technology – the distributed ledger – could be used for more than just tracing transactions, however. Blockchain and its spinoffs are all fine, but there are still more opportunities to explore. Enter Iota.
As the clever name might suggest, Iota is focused on IoT: the Internet of verifiable, secure, connected, open-source, high-volume, reliable Things. The most recent product to emerge from the group is called Iota Access, a way to use distributed-ledger technology to control access to remote IoT devices. They give the example of a remote lock (e.g., a building lock or a car lock) that can be opened and closed remotely, but only by authorized agents. Right now, that would probably be handled by a smartphone app communicating through some central cloud server, probably managed by the lock manufacturer. That’s fine – except when the cloud service fails.
That’s not a hypothetical. Tesla owners were locked out of their own cars for a few hours last week. The problem, of course, was with Tesla’s centralized server that manages all remote accesses. Whether it was a hardware failure or a software failure (the company isn’t saying) doesn’t matter. The point is there’s a single point of failure. Distributed ledgers sidestep exactly that problem.
Iota is careful to avoid the word “blockchain” in its discussions, which is both confusing and helpful. The group’s underlying technology is technically a directed acyclic graph (DAG), which is subtly different from blockchain. On the other hand, “blockchain” makes a convenient and easily understood (or easily misunderstood) shorthand for what the group does. It simplifies the elevator pitch, even if it elides some of the technical nuances. If Iota were seeking VC funding, calling it blockchain would be a surefire way to make money rain down.
Mathew Yarger is Iota’s head of Mobility and Automotive development, and he likes to call it the “Iota Tangle” and “beyond blockchain.” It’s more of a mesh, and therefore not susceptible to single points of failure. “That’s our Layer 1,” he says of Iota’s foundational technology stack. “Iota Access is our Layer 2.” He also points out that Iota developers work to make their software smaller and simpler, not bigger or more bloated. “We’re focused on utility, not trending up and getting heavier.”
Abandoning a central point of control/failure and moving to distributed access sounds good, but that just pushes the responsibility elsewhere. In Iota’s view, that’s the job of the endpoint device. For a door lock, the intelligence resides in the lock, not in the cloud. For a car lock, it’s somewhere inside the car.
That’s swell, but most of us have no experience dealing with blockchain – oops, with directed acyclic graph distributed ledger technology – so where do we start? Clearly, this is a security issue, so hacking something together and figuring it out on the job isn’t a real option. We need good, solid code and we need it from somebody who knows what they’re doing. Hence, Iota Access.
The group has already begun working with STMicroelectronics and its line of microcontrollers, as well as a handful of other product and service vendors. The idea is to eventually offer Iota Access with chips, software stacks, or development systems anywhere IoT developers might find it. It’s all open-source, so it’s also available through the usual channels.
You see? Blockchain isn’t just about mining Bitcoin on the side. It can bridge the physical and digital worlds without inserting a centralized third-party authentication authority. Kind of the same thing, but different.
7 thoughts on “Using Not-a-Blockchain to Secure Embedded Devices”