IoT and blockchain: the ideal transactional chain?

Published on

By Olivier Ligneul, EDF Group Cybersecurity Director, and Vice President of CESIN

On the one hand, the blockchain is a promising technology that could revolutionize different sectors of activity thanks to its decentralized and encrypted model. It is simply a distributed and secure registry, accessible to all, containing information that cannot be tampered with once it is registered. This technology technically guarantees the traceability, opposability and audibility of data, and thus creates a chain of trust.

On the other hand, the Internet of Things (IoT) allows objects to be self-contained and interconnected directly with one another without centralization of any kind. This technology encompasses all exchanges of information and data from real-world devices (eg temperature sensors) with a computer network (Internet, company intranet ...).

Thus, the IoT is a very good "oracle" for the blockchain, that is to say the external element that automates the triggering of a transaction. This automation can be very interesting for manufacturers: the alliance of IoT and blockchain is perfectly suited to professional fields that require traceability and notarization of data, certification and trust.

Robust and fragile at the same time

The blockchain is not just a technical base that "adds trust" to an IoT network. The combination of these two technologies requires taking into account many parameters, and finding the right balance between the expected level of trust, and the efforts and resources to create it.

We must already think which blockchain to use: the choice between Bitcoin, NXT or Ethereum (for example) must be made according to the needs and uses of the profession, each having its particularities. But whatever technology is chosen, the limitations of the data storage size of the blockchain, and the current restrictions on throughput, should always be kept in mind.

It is also necessary to think about the right ratio of energy consumption versus level of security of the IoT, the protection mechanisms to be implemented for the media, as well as the posture to adopt in the face of the exposure. physical equipment to malicious third parties.

Since this is a chain of trust, for example if there is any implementation problem or a vulnerability caused by the vulnerability of a sensor, the entire registry is no longer trustworthy, and the blockchain and IoT alliance is no longer necessary. And with these emerging technologies, the possibility of malfunctions is still strong.

A more organizational than technological challenge

Once these precautions are taken, there is no particular technical problem to enroll such a chain of trust in an information system (IS). And if the company decides to use an on-demand service provider, there is no need for prerequisites or in-house expertise.

However, to ensure the integrity of the chain, you have to be very careful about: who by hand on the platform, who installs the objects enlisted in the IoT, or what is the quality of the implementation of the blockchain. Finally, the success of a good IoT / blockchain coupling is more "organizational" than "technological" because, after all, we are not far from the mechanisms used in a board of directors.

Finally, concerning the RGPD (General Regulation for the Protection of Data), if IoT systems do not pose an unavoidable problem, blockchain side, it is much more complicated. For example, the RGPD specifies that if a person wishes that his personal data be deleted, the company has no choice but to resolve it. But a blockchain is a chain of trust containing information that cannot be deleted or deleted. If a system is set up to "open" the chain and thus remove information in order to comply with the regulations, then the chain of trust is "broken", literally and figuratively, and therefore no interest.

Latest publication

BREAKOUT TIME: A CRITICAL KEY CYBER METRIC

 

Read more