On September 30, 2020, Public Distributed Ledger (DLT) IOTA announced the launch of IOTA Access, an open source framework that creates access control systems. One example is a car owner’s ability to allow someone to remotely access and use their car. IOTA Access is not limited to vehicles, it works with any IoT resource such as embedded sensors or smart locks. Regarding smart vehicles, IOTA previously worked with Jaguar Land Rover on an IoT smart wallet project, which is partner of this project alongside STMicroelectronics, NTT DATA Romania, RIDDLE & CODE and numerous other partners.
Below is a Q&A with RIDDLE & CODE that focuses on hardware integration.
IOTA Access aims to securely control intelligent devices and to grant and revoke access to the devices anytime and anywhere. It allows users to set conditions for granting access.
Business owners using IOTA Access can bill users for access to their resources, also with enforceable terms. Every interaction between the digital devices is registered on the Tangle and invariably secured, especially no blockchain. The Tangle is a directed acyclic graph that IOTA claims is a faster and cheaper alternative to blockchains. An added benefit of something like office building access is that there is an audit trail of all usage, permission changes, and payments.
One of the questions is why a decentralized system is needed. First there is the concept of a single point of failure. If there was a centralized database going offline, people could be locked out of cars or worse. A DLT offers redundancy through numerous nodes with the same data.
Second, it means there is no honeypot for hackers. If someone wanted to steal a car and knew the automaker had a centralized database, they could hack the database to modify data and gain access to many cars for themselves. Data stored on DLT is much more difficult to modify because of the many nodes that store copies.
Porsche has also explored the use of blockchain for remote car access.
IOTA safety record
As secure as a DLT may be, the security weaknesses are more in the communication with the DLT or the apps that can control access. The nature of IOTA Access has security first.
But that’s not an area where IOTA has a strong track record. However, involving numerous other organizations could be of great help here.
At the beginning of 2020, IOTA had to stop part of its network to investigate thefts in the Trinity Wallet, the most important IOTA wallet of the IOTA Foundation. Even before the thefts, IOTA had serious security gaps, but these were subsequently fixed. Trinity Wallet has since undergone three security reviews. While the vulnerabilities were more in the wallet app than in the DLT this time, security will still be a prominent point of discussion in IOTA Access.
PUZZLE & CODE Q&A
1. Are you working on it at the research level or with a specific client?
We are examining the potential of combining the technologies published by IOTA with our solutions. So it happens both at the research level and at the strategic level.
As soon as we have agreed all of this, we will address interested parties. As you can see from the release of our industry-leading Hardware Car Wallet with Daimler Mobility last week, the automotive industry is an obvious target, but we also find smart locks for supply chains or the protection of industrial plants very interesting. At Riddle & Code, we are interested in enabling robust and highly secure solutions for critical infrastructures.
2. Guide us through the benefits of DLT
We need to distinguish between the underlying infrastructure and the business model layer running on it. DLT or the Tangle are part of the underlying infrastructure, and it is clear that decentralized data storage, a tamper-proof audit trail and some other often cited advantages of DLT can increase the (cyber) security of IoT or vehicle systems. While IOTA Access provides a business and process framework for access control, our part is to give physical objects such as machines or vehicles a tamper-proof digital identity.
3. Are the main security problems with the devices transmitting the unlock signal and how could the communication or data be tampered with?
Yeah, that’s the point. We achieve this by adding or embedding a crypto hardware module in devices of all types. Establishing this digital identity and checking in has more to do with cryptography and math functions, but then creating a direct connection between this chip and the DLT protocols, registering the digital twin of this object on a DLT and also registering it as a registration for usage data or to use other metadata are the first choice here. This helps establish a trust base at the device level and turn them into trusted data sources that can benefit from wallet and billing functions.
In short, we connect the physical and digital world and create highly secure end-to-end platforms.
4. IOTA and security: haven’t corporate wallet security issues raised concerns?
IOTA should comment on this – but it is clear that problems that arise – especially in an emerging industry and ecosystem – from integrating third-party solutions do not always lead to the best possible results. However, if you can determine where the problem is coming from, then you can fix it. Today we all benefit from the Internet as a technology layer, even if it was a very painful usability experience in the 90s and has not yet achieved an acceptable level of security for many applications. That is why DLT technology is a necessary evolutionary step. And mistakes are part of that journey.
To update: The Riddles & Code questions and answers have been added
Comments are closed.