Topic 3: Security and Privacy via blockchain technologies and new generation of Ricardian Smart Contracts
TOPIC3 Patron: CERTH
Introduction
TERMINET is a system that aims at being secure and private, both concepts being critical in the field of IoT, as they are issues that should be inevitably addressed with the continuous expansion of usage of smart devices. One of the most promising ways of combating the aforementioned problems is the usage of blockchain technology, which is a form of Distributed Ledger [1].
TERMINET aims to utilize blockchain technology, along with blockchain-oriented techniques to increase the system’s security and reliability, as stealing identities for the purpose of malicious acting will be nearly impossible, and multiple nodes will provide protection against single-points of failure. Also, agreements will be enforced via Ricardian Smart Contracts and automation will be brought to the system by ensuring that certain actions will be done once an agreement is reached and that everyone will be able to understand what happens once an action is completed.
By utilizing a permissioned blockchain, an IoT-heavy system such as TERMINET can certainly benefit, as security, privacy and trust will be further enhanced, giving less risks of compromise, reliability, and options of access control. The fact that a network is permissioned means that one entity needs to be properly enrolled in the blockchain network, thus needs to be known to the rest of the network, bringing further trust to the system, as participants know each other, and no unknown entities enter without permission. Furthermore, blockchain technology has a plethora of different applications that can also utilize a significant number of IoT devices, such as healthcare, agriculture, supply chain management and many more, which is also one of the key goals of the TERMINET project, to be able to support as many different use cases as possible.
An important aspect in every IoT network is data sharing, access and authorization which can be curated with the use of blockchain technologies and respective smart contracts. Since data exchanged through IoT devices can contain several sensitive information, from patient data to business-classified information, it is of paramount importance to restrict access to certain identities, as well as allow and revoke access to data if deemed necessary [2].
The aim of this topic is to design and develop a secure framework for smart device authentication and next generation Ricardian smart contracts to provide TERMINET a novel way of ensuring that security and privacy are granted within the system and that all transactions are being carried out autonomously.
Functional Requirements
The TERMINET project will employ blockchain technologies to provide identity management tools, data sharing services, authentication of devices and logging/auditing capabilities, while bringing automated agreement settlement to the network. While permissioned blockchain technology has certain security and trust guarantees, there are some requirements to be met.
- Permissioned blockchain networks may have issues with performance when they expand, therefore one should find balance between the number of nodes and the desired performance/security.
- Regarding data, one must not have access to all the contents of the ledger, since important business data may exist there, but can access certain data that they are actually allowed to. Furthermore, an entity should be able to request access to data and if granted, they should be able to access them. Also, a mechanism for revoking access, whenever that is a meaningful process should exist. Lastly, to use a smart contract, one must be an authorised user, otherwise, they must not be able to use them, as that can lead to security breaches and privacy-related issues. [3]
- The logging smart contract will be keeping a log of important events happening to the system, which obviously differ on a use case basis.
- Auditing is another important aspect for the project’s goals, since tracing actions all the way to the point where they happened is a challenge in IoT systems that have a significant data flow. It also contributes to trust and transparency of a system.
- All Ricardian Smart Contract actions should be clearly explained to all interacting parties in both machine and human-readable form, so that everyone is able to understand what exactly will happen based on a pair of actions.
Technical Requirements
TERMINET aims to develop a decentralized solution, from the network to the smart contracts and the business logic for each functionality. All the smart contract functionalities (i.e., logging, auditing, device authentication and data sharing) will contribute to the system’s overall security and privacy, using a highly regarded, enterprise grade framework in Hyperledger Fabric. Consequently, all solutions must be compatible with it.
Another important aspect of the technical side of our solution is that there is no specific need to deploy all the contract functionalities, but only the ones needed per use case. The contracts will be accessible to permissioned users via a REST API, therefore on a user level no direct interaction with the network will happen.
Furthermore, the devices that will be part of the system will have to enrol via a Membership Service Provider, in order to participate and make transactions. Some transactions will be automated in order to enforce specific policies depending on actions taken (or not taken) on a use case level, providing pre-agreed interactions, described in the Ricardian Smart Contracts. Lastly, connection to existing services such as clause.io should be supported.
Topic 3 winner
Title: Secure immUtable System based on blockchAiN for water management smart coNtrActs
Acronym: SUSANNA
Learn more about Topic 3 winner
References
- Bahar Farahani, Farshad Firouzi, Markus Luecking, The convergence of IoT and distributed ledger technologies (DLT): Opportunities, challenges, and solutions, Journal of Network and Computer Applications, Volume 177, 2021, 102936, ISSN 1084-8045, https://doi.org/10.1016/j.jnca.2020.102936.
- Shantanu Pal, Ali Dorri, Raja Jurdak, Blockchain for IoT access control: Recent trends and future research directions, Journal of Network and Computer Applications, Volume 203, 2022, 103371, ISSN 1084-8045, https://doi.org/10.1016/j.jnca.2022.103371.
- Q. Yang, Y. Liu, T. Chen, and Y. Tong, ‘Federated Machine Learning: Concept and Applications’, ACM Trans. Intell. Syst. Technol. 10, 2, Article 12 (February 2019), 19 pages, 2019, DOI:https://doi.org/10.1145/3298981