Technology Inside

IoT DevBoard for Data Certification and Security.

Thanks to the last decades of digital revolution, today’s society lays its foundations on the generation and analysis of big data; this phenomenon has characterised all sectors, public and private, revolutionising the management and organisation of information and how they are processed. Just consider that every day about 3.5 quintillion bytes of data are generated, that, regardless of their nature (videos, images, texts, numbers), represent a very important resource on which companies and organisations base their choices and actions that are required to adapt to future challenges.

There are many ways in which companies analyse and translate data into concrete and efficient actions, such as business intelligence, user targeting or customer services. All these activities, thanks to the implementation of artificial intelligence, leverage data related to consumer behaviours and habits, in order to predict future trends and keep up with the market.

Given the value and the large amount of sensitive information that the data encompasses, the security factor is extremely important. Data Security is about all those protection measures that serve to protect data from unauthorised access in order to preserve privacy, integrity and their continuous availability. In addition to these measures, that mainly concern the storage of data, it is also essential to ensure the data integrity when they are generated and transmitted over fixed or wireless communication. This is fundamental to avoid fraudulent actions and guarantee security even in the transmission from one device to another.

With the advancement of new technologies, these requirements play a fundamental role, especially in the implementation of IoT systems. In fact, while the IoT offers many advantages, for example data collection and sharing, remote monitoring, optimization and automation of production processes and cost reduction, on the other hand it unveils a full new set of security risks.

In fact, as the amount of data produced and transmitted increases, the chances of system compromise increase too, as a result of violation of confidentiality, integrity and privacy, posing the risk of sensitive data and information exposure that may damage the organisation's functioning.

In 2023 Europe is recognised as the area that suffers most attacks on IoT devices with an average of 70 attacks per week per organisation; latest forecasts also estimate that 84% of attacks are caused by cybercrime followed by espionage and hacktivism.

One of the main problems for IoT security is the numerous access points, or rather the large area of possible attack that derives from the large number of connected devices. Moreover, in most cases the IoT technology mainly relies on small and simple devices that do not have enough memory and processing power to integrate security functions. In addition, many devices transmit information without encryption, allowing more easily unauthorised access to sensitive information and credentials.

In this context, the features of Blockchain Technology can be an innovative solution that meets today’s security needs on several fronts. Thanks to its decentralised structure that contrasts with centralised archives, this technology allows sharing and access to data with ease and security. The immutability of records, transparency and traceability of transactions make Blockchain a very effective tool that can effectively help in avoiding illicit data manipulation and cyber attacks.

Our project: IoTeX DevBoard

It is precisely the scenario just depicted that has led our team, in collaboration with IoTeX reality, to focus on the realisation of our IoT DevBoard. The aim of this project is to create a development platform for IoT applications, with the aim of ensuring maximum data security thanks to the integration of a cryptographic chip (Secure Element), which is used for signature and encryption activities of the generated data.

The prototype features a wide variety of sensors such as: accelerometer, thermometer, hygrometer, GPS etc.; these allow to cover a wide range of use-cases that are typical of the IoT world. The distinctive features that belong to the IoT domain are combined with a secure system for communication and authorization management to protect the access and handling of data generated by the device. The use of the Blockchain also facilitates the aggregation, in a single distributed ledger, of data generated by heterogeneous technologies, in a simple and affordable way.

The risks associated with using IoT devices mainly concern the security and protection of the data generated within the device itself, as well as their transmission to back-end applications. We have been working on two lines of actions terms of data protection:

  • optional data access/reading protection (encryption);
  • the certainty of data integrity (signature).

Our prototype aims to solve these points, focusing on the protection of information coming out of the sensor, anyhow taking into account the architectural constraints imposed by the project; the main constraint we have been facing is the low processing power of the controller present on the board due to the requirement of cost-effective production of the device itself.

The technology choices

To achieve our goals we decided to develop the prototype using an ESP32-C3-Mini controller. The choice was also driven by the considerable popularity of this chip on the market (along with members of the entire ESP32 family). As for the secure element, the chip from NXP "NXP SE050" was chosen, while for the technology of Blockchain, we decided to integrate into our project a system developed specifically for the iot world: IoTeX (https://iotex.io/).

The Software Architecture

To create a system that allows us to run the IoT functionality integrated to the Blockchain, it is necessary to develop a series of components installed on the device and on back-end systems (in our case distributed in the cloud); cloud systems are meant to orchestrate traffic and interactions between the IoT world and the Blockchain.

At a high level, it is necessary to develop on the IoT device two main components:

  1. the business logic of the device that integrates the data collection processes and the functionalities necessary for encryption (or signing as required);
  2. a middleware software that creates a layer of abstraction to the embedded firmware (provided by the manufacturer) of the secure element chip; this is necessary to provide the business logic with the possibility to use simple APIs that control the operation of the security functionalities (e.g. generation of public and private keys, data encryption, reading of the chip ID to generate a corresponding NFT), etc.

At the server level (cloud) it is necessary to develop a system that receives optionally encrypted data from the IoT device (possibly stores it in a DB) and generates a presence of the data on the Blockchain through the execution of specific Smart Contracts.
In order to obtain a complete system to validate our concept, we also considered the creation of a component that offers a user interface (in our case we opted for a Web App) that allows the management of the overall system and access to the data produced by the device (since the data are in the cloud, they can, by their nature, be accessed by a multitude of different systems).

It is clear that the software/firmware to be developed depends on the hardware architecture chosen and the specific Secure Element technology selected by the project; the server components are, instead, dependent on the specific Blockchain technology.

Considering the aim of covering the widest technological scenario, it is therefore strategic to realise the interface components between the various architectural blocks in a modular way so as to make it easy to port software between heterogeneous technologies.

Use Cases

The complete implementation of the system discussed in this paper, is a very complex project and, possibly, of multi-year activity. Considering the current objective that consists in the delivery of a functioning prototype that aims to the validation of the project assumptions, we have selected and prioritised the implementation and validation of the following use cases:

  • Registration of the device to the Blockchain;
  • Assigning device ownership to a specific Wallet;
  • Encryption of a data collected by the device and sent to the Blockchain;
  • Access to data sent by permission managed by Blockchain;

and/or

  • Data integrity verification by hash verification through functionality made available to the Blockchain.

Additional use-cases that we expect to address in the future, include:

  • Purchase/Sale (or transfer of ownership of a device);
  • Configuration of data access policies for users;
  • Payment transactions for possible data access fees (monetization of the generated data);
  • Automating the execution of agreements or workflows with Smart Contract tool.

Do you want to know more?
We are happy to give you the possibility to see the schematics of the DevBoard we have developed and the bill-of-material of the components we selected; you can find the documentation on our Github repository at: https://github.com/StetelThings/iotex-devboard while the device information is published under the Apache Licence.

If you are interested in IoT technology, visit our Research & Development page.

Do you want to develop an innovative project in line with your needs?
Discover our services or contact our team via email at: info@stetel.com.