Practically speaking: Uncopyable IoT Sensors

Let’s say there was a way to produce an IoT Sensor which is only useable in the original. People could copy the hardware/software, but this would still not be “that sensor”. Complete trust and tracing of the sensor and it’s data would be possible — fakes would be excluded. Well three scientists in Sevilla may have got it figured out.

Let’s start with the summer hit of 2021: NFTs. Non Fungible Tokens are things which only exist?once.?The ownership of this object is stored on the blockchain. This way many NFT collection have been sold (bored apes, among others). Now coupling a digital image of a bored ape with the NFT is straightforward — both are digital. But what about real world objects. How do you (the manufacturer) know if the hardware is the original you sent out or a copy? Should this hardware be trusted?

So to start with you can use a Physical unclonable Function (PuF) in the hardware to create the unique key. Now a PuF is a function which produces a unique ID for a piece of hardware. This may be done by using subtle quantum effects inside a chip to produce this ID. This ID could be hashed with the installed software to produce a combined ID. When you have this combined ID you can create a key (I’ve simplified this a lot) — and you could store it on the blockchain as an NFT. But NFTs are static, the bored ape image doesn’t change over time — only it’s owner. But IoT Sensors have a status. They should be able to change their status themselves.

In the paper [1] they created a?smart?NFT, which has smart contract (functions) which the IoT device can control. The device has it’s own wallet to store it’s decentralized digital identity to alter it’s status on the blockchain. Only it can do it. No other one can. Not even an “exact” copy — the laws of quantum mechanics make sure.

Bottom line

Now you have a digital twin of your IoT sensor on the blockchain which cannot be copied.

If you are providing services you can make sure only the real sensor can use them.

If the sensor is providing data, it can sign it itself and anchor it on the blockchain. It is not changeable. It can be trusted.

[1]?International Conference on Applied Cryptography and Network Security?(pp. 24–40). Springer, Cham

P.S. A big shout out to Prof Bill Buchanan, whose medium article first drew my attention to the paper:

https://medium.com/asecuritysite-when-bob-met-alice/trusted-iot-linking-iot-devices-to-ntfs-a03dbc7de7b8

(I hope he doesn’t mind me simplfying it so much.)

This article was originally published here:

https://medium.com/@mark.hebbel/practically-speaking-uncopyable-iot-sensors-455bac6ac1df