Contributors: Dalila Hattab, Tomas Garcia Zaragoza and Colombe Herault
IoT & Blockchain
Blockchain is the technology that underpins bitcoin and other digital currencies but its application is not only limited to digital currencies. There are many opportunities to use Blockchain and IoT across industries as automotive that provide an end-to-end supply chain solution to seamlessly order or sell, track and pay for goods on delivery. Blockchain is a new cryptography-based infrastructure with the potential to replace the existing cloud-based infrastructure of IoT through decentralization. It provides an innovative technology approach to managing data and executing transactions where accuracy and reliability are paramount. Indeed, Blockchain is increasingly used to register, authenticate and validate digital assets (as financial assets, real estate, etc…) and transactions, govern interactions, record data and manage identification among multiple parties, in a trusted, decentralized, and secure manner. When considering IoT payment devices, we focus on two categories:
- IoT devices that only trigger payment transactions (e.g. a washing machine that sends a trigger telling the user has used a certain program. Based on this trigger, payment can be done by the user)
- IoT devices that have the right to conduct an autonomous payment transaction (e.g. car that automatically initiates the payment for gas)
Essentially, in a Blockchain:
- data cannot be altered (integrity)
- there is no single point of failure issues (availability)
- the identity of the users is constantly verified (authentication)
- cryptographic primitives deny data access to unauthorized users (confidentiality)
- any transaction is signed and can be audited (non-repudiation)
However, when designing the architecture for IoT payment devices in conjunction with a Blockchain ledger, there are major challenges to consider:
- Privacy - It is probably the first common apprehension about IoT payment solutions. Based on technologies such as geolocation, biometrics, tracking or ANPR (Automatic Number Plate Recognition), IoT payment systems may collect private personal data as immutable biometric data, habits or relationship. In Europe, where the privacy is considered mandatory, laws constrain business usage of such data (i.e. GDPR). There may be local commission to verify the compliance of the system case-by-case to the countries usage (ex: BfDI in Germany, CNIL in France) and edict stricter rules.
- Need for more reliable and secure IoT devices – Most of these IoT centralized infrastructures are today prone to different cyberattacks that require a challenging approach to downsize these security threats. A decentralized distributed ledger might be the key to tackle these security challenges by its core principles for data authentication, authorization and audit. However, these features will be only accessible if we have more secure IoT devices with embedded cryptographic hardware and enough computer power to ensure the integrity of data generated by the device itself before it is transmitted.
- Identity authentication – The two main approaches to manage digital identity in the IoT network are supported by cloud-based accounts and public key certificates. This process is usually governed by centralized IoT management systems. The most recent application of Blockchain in the identification of people, organizations and physical objects is called Self-Sovereign Identity (SSI). The main premise is that any connected object stores and controls its own identity (private keys) and the Blockchain provides the underlying network for decentralization, security and privacy by anchoring the proofs of the device’s identity. Think about a connected car embedding a decentralized digital identifier to authenticate itself in a transaction with a gas station and exchanging some credentials with the service provider (plate number, owner’s name, type of device, etc.). These verifiable credentials claimed by the car are basically stored on the Blockchain to be immutable and issued by the owner to be certified. The SSI arena is promising but still maturing and the adoption into IoT devices will demand more efficient and lightweight, embedded software to the current constrained devices.
- Reinforced capacity for interactions - A connected object naturally exchanges with its environment and can therefore initiate transactions on its own with other objects. To overcome issues regarding interoperability of heterogeneous objects, design requirements need to be taken into account. Service providers of connected objects will therefore have to draw up smart contracts which will list the business rules providing for the different possible scenarios of interactions between network participants. With 5G and LPWAN, low power devices and devices producing large amounts of data can now be supported. We can see partnerships between telco companies and Blockchain specialists working together to deliver a project enabling devices with low power CPUs to ‘talk to each other’ using WiFi, and execute a transaction using Corda and a token payment.
- Low interoperability between different IoT architectures - A new forecast from International Data Corporation (IDC) estimates that there will be 41.6 billion connected IoT devices, or "things," generating 79.4 zettabytes (ZB) of data in 2025. As the number of connected IoT devices and their cloud infrastructures grow, the eventual M2M communication will become more difficult as there is no connecting platform that makes all these solutions compatible. Although Blockchain can play as an interoperable enabler and a common software interface, new standard data formats will be required.
- Scalability and verification speed - These are still two main roadblocks for Blockchain technologies. Every transaction must be verified and validated by other participants in the network. In the context of IoT, with millions of “things” connected and a payment transaction as use case, it is strongly necessary to have low latency consensus mechanisms assuring that a majority validation is provided in a few seconds. Some crypto token-based Blockchains have leveraged on side-chains platforms to increase the level of capacity and scalability of their own network (i.e. Lighting Network, Raiden, RSK, Liquid…). Alternatively, an IoT-based Blockchain like IOTA is using DAG (Directed Acyclic Graph), a different data structure to store transactions in order to increase their number and decrease or avoid the network fees very efficiently.
- Untrusted IoT data – Smart contracts provide system interfaces between the components of the IoT network and the Blockchain. They are basically coded agreements between two parties which are self-executed in the Blockchain in a decentralized and distributed way when called by IoT devices. The contract contains information (i.e. the price of a good, its availability, etc.) and actions to be triggered (i.e. a payment) when external data from a device is provided (a bus arrival at the station, a package delivered, a full gas deposit). Blockchain is only able to validate the trustworthiness and tamper-proof features of the actions taken within its network but the external data that triggers them is not subject to these underlying security mechanisms. The verification of these real-world events is done by trusted third-party services and sensors named oracles. Therefore, to secure software and hardware oracles constitute an important challenge for smart contract adoption as it is yet under the risk of “man-in-the-middle” attacks generating corrupt, malicious, or inaccurate data. Today, there are platforms like Delphi aiming to solve the oracle problem (single point of failure) by decentralizing and authenticating oracle data.
In-Car Payment Model Scenario
In-car payment service allows drivers to make payments without getting out of their cars. Just as smartphones have come to replace the physical wallet, cars can likewise deliver the same function. It allows drivers to pay for goods and services such as fuel, parking, and food from the car’s display unit with the payment capability. The agreement terms between customers and the in-car payment providers would be registered on the Blockchain and executed.
By establishing a decentralized ledger for payments, Blockchain technology could facilitate the authorization process, allow faster payments, provide a way to track IoT device payment history as well as manage and automatically issue both invoices and payments. In a nutshell, Blockchain insures the interconnection between heterogeneous partners to the system and broaden the possibilities of purchase.
Blockchain will become a fundamental pillar in the spread and evolution of IoT payments. It will enable a layer for secure, tamper-proof and low-cost transaction-fee micropayments and especially for smart contracts as self-executed, autonomous, pre-programed, agreements used to execute transactions between two digital object identities. By empowering IoT devices with computing capabilities, interoperability, security and digital identity management, the user payment experience will become seamless and flexible.
From home devices to smart cars, cities and industries, Blockchain is definitely an enabler for IoT payments. We have shown in our analysis many challenges to overcome that could facilitate the adoption of this new way of payment. However, we believe that IoT payments continue to grow and are expected to be the next big thing disrupting the payment ecosystem.