Jul 20, 2018

Surprisingly, or maybe not, ConnecTechAsia focused quite a bit on blockchain technology. The two areas we participated in were related to IoT security and content distribution. The IoT topic was heavily discussed during the “Safeguarding your Future Business with IoT” panel for which I was joined by panelists Ian Yip, Chief Technology Officer - Asia Pacific, McAfee; Caroline Doulcet, VP International Data Privacy Counsel, Barclays; Olaf Kolkman, Chief Internet Technology Officer, Internet Society; Priya Mahajan, Head of APAC Public Policy & Regulatory Counsel, Verizon; and moderated by David Nagrosst, CISSP, APAC Technical Sales Leader.

This IoT Security panel included technology, security, standardization, service provider, legal and regulatory viewpoints, which made it very clear that IoT security is not just a technology issue.

The IoT world is becoming increasingly complex, especially as more and more things are getting connected to each other in unforeseen ways and different services overlap (e.g. an ISP may provide a home security or automation service while a utility company may provide electric metering and energy management service using devices that participate or are connected to both services).

It is also becoming clear that there is not going to be a single standard or a single regulation that will unify or legislate all IoT devices and ecosystems.

The relatively new blockchain technology is certainly not a silver bullet for all problems nor a universal solution for IoT security. But certain attributes of the blockchain technology, such as limited level of trust between participants, distributed governance model, and integrity of the information stored on the immutable ledger, are turning out to be very useful contributors to an IoT security solution.

Our initial proposal for the Compliance Ledger focused on IoT device interoperability and standards compliance. Furthermore, it is also suitable for carrying information about a device’s capabilities and expected behavior (EITF MUD:, information about a device’s adherence to state or regional IoT regulations, as well as dynamic information about a device’s known vulnerabilities and corresponding software updates. Interestingly enough, as the IoT world will evolve over the next several years or decades, additional information may be added to the ledger even after a specific device model has been certified and deployed, minimizing typical problems related to legacy devices.

Verimatrix has developed and made available to the community an Ethereum-based blockchain supporting controlled writes and public reads called Veriteem. Such a blockchain is ideally suited as an implementation of the Compliance Ledger used IoT standards organizations and manufacturers to provide information about IoT devices.