Trusted IoT: Linking IoT Devices to NFTs

One of the greatest challenges within IoT is to properly identify devices. With can identify malicious or fake devices. Along with this, we…
Ref [here]

Trusted IoT: Linking IoT Devices to NFTs

One of the greatest challenges within IoT is to properly identify devices. With can identify malicious or fake devices. Along with this, we can use the identity of the device to provide a timeline of its usage — from its creation until it is destroyed.

And so, one way to do this is to match the IoT device to an NFT (Non-fungible Token), and where we can create a cryptographically signed artefact that relates to each device. A recent paper defines a mechanism for achieving this in a secure and trustworthy way [1]:

ERC-20 and ERC-721 tokens

In a tokenized world, we can transfer ownership of the crypto asset through the digital signing process, where the previous owner of a car uses their private key to assess the car to me. I prove to everyone that I now own it using my public key. That all works well for physical assets, but what about software and digital artefacts? Well for this we have the concept of the NFT, and where we can protect the ownership and also the creator of a digital asset. This might relate to photographs, music, or movies. The creator of the asset can thus provide digital evidence that the asset was registered at a certain time, and then can transfer this to others to own. In fact, we can get a complete timeline of its ownership.

But what about software coding? Could I prove ownership of my code with NFT? Well, yes. In a future world, we could hash a piece of code, and add it to an immutable ledger, and I can then prove that I created that code and that specific time. A crazy idea? Well, No! Sotheby’s just sold Sir Time Berners-Lee code of $5.543 million:

It includes the code he wrote in 1990/1991 and is just 9,555 lines of code. But it created HTML; HTTP and URIs, and thus built the Web. The artefact is actually an animated version of the code (in SVG format) and created by Tim. Overall it is protected by a smart contract:

0x86ade256037d80d6d42df8df96d5be21cd25bd8f

and creates an ERC-721 token on the Ethereum blockchain. The record shows that it was created on June 15, 2021 [here]:

and here is the token [here]:

The main difference between ERC20 and ERC721 is that ERC20 can produce one or more tokens, such as for cryptocurrency purposes, but ERC721 only produces a single token. ERC-721 tokens were created from the CryptoKitties project. Here is a practical example of creating ERC20 tokens:

https://asecuritysite.com/encryption/erc20

Matching an IoT device to an NFT

Within the paper [1], each device has its own BCA (Blockchain Account) and where an IoT device can sign for its own transactions. The researchers use an ERC-721 NFT, and which can identify the manufacturer, users, and managers (owners and approvers). The each device within the blockchain can then verify both the identity of the device and can validate the data it generates.

To create the NFT, an initial seed is generated and which is not stored on the device. Instead the researchers use a PUF (Physical Unclonable Function) in the device along with other parameters from memory in order to generate the private and public keys associated with the BCA. This differs from many other methods which store the private key on the device (and where the private key could be leaked).

The device then actively becomes part of the blockchain, and generates a public key and a BCA_SD. These can then be used with a smart contract to create the NFT (along with the owner), which will return back a Token ID, and which is stored in the firmware of the device.

Device registration

On a transfer of ownership of a device, the smart contract receives a request with the identity of the owner (BCA_owner), the identity of the new owner (BCA_user) and the BCA_SD (the value that binds the device to the NFT). The device then goes into a blocked state and activates a firmware reset with a new nonce and the public key of the new owner. The device then regenerates the new SD Public Key and Token ID and requests a token transfer, and then the transfer completes for the new owner:

Change of ownership

Once created the device goes back into an operative state. Within ERC-721, we only have an ownership name defined (BCA_owner), and where BCA_SD and BCA _user are additional entities that would be stored within the smart contract.

The authors have implemented their method using an embedded system (wipy) and used a Solidity-based smart contract on the Kovan Ethereum test network. It was then proven through Etherscan:

Conclusions

We need to integrate trusted into IoT networks, for both the identification of the device and in the data they create. The paper I have outlined shows how this can be created, and in the creation of a linked NFT.

Reference

[1] Arcenegui, J., Arjona, R., & Baturone, I. (2020, October). Secure management of IoT devices based on blockchain non-fungible tokens and physical unclonable functions. In International Conference on Applied Cryptography and Network Security (pp. 24–40). Springer, Cham [link].