DavidBalaban

David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.

Latest posts by DavidBalaban (see all)

Internet of things concept

The concept of connected smart devices, or the Internet of Things, is currently on the stage of rapid evolution. This growth requires new solutions and protocols to bolster the security and efficiency. Blockchain is a component that fits into the paradigm of IoT in terms of handling the entirety of transactions between machines.

A rough estimate regarding the number of networked devices that will appear during the next ten years is on the order of tens of billion. The enormous volumes of data generated by such a quantity of smart things are already starting to call forth new challenges and algorithms that need to provide answers to some nontrivial questions. Who will process transactions and benefit from this economy of things? How much data will these nodes generate? Who owns this information?

New Blockchain Solutions

Blockchain solutions in their current form are barely capable of addressing all of these issues. The imminent trends should give rise to new blockchain implementations that will feature a higher processing capacity, enhanced security, and a more robust architecture. In fact, businesses start taking steps towards this goal.

IOTA

IOTA wants to revamp some of the principles of Blockchain. The gist of this initiative is all about making the ledger better adjusted to the ecosystem of micro-transactions. David Sønstebø, the co-founder of IOTA, argues that there is a need for modifying the verification principle in the Blockchain. The conventional design implies confirmation of blocks by so-called miners, or stakers, who get money for their work.

Mr. Sønstebø advocates a new approach dubbed Tangle, where the verification of transactions takes place without any fees. Blending the roles of the user and the verifier may help to reach this objective. Consequently, when a user initiates a transaction they also need to verify two previous transactions sent by other members. In such a system, the extra confirmation activity is, effectively, the compensation as well as the main requirement to be part of the community. This balance makes IOTA a decentralized, autonomous ecosystem.

Another domain where Tangle should fare better than the traditional Blockchain is the cloud. The commonplace cloud infrastructure consists of large data centers residing in different locations. The key criterion here is cheap energy, hence a more cost-efficient operation and maintenance of machines. Ramified networks of fiber-optic cables link end users’ workstations and far-flung data centers. Obviously, the flip side of a network like that is significant data exchange delays.

IOTA’s response to these drawbacks is a Fog of smaller smart grids that are located close to the devices to ensure proper bandwidth, responsiveness, and storage. An important prerequisite for this system to operate is a flexible trade model for these connected devices. With its decentralized, modular design and no fees at all, Tangle is a great match.

Riddle&Code

Riddle&Code is one more project that focuses on linking the Blockchain technology with smart devices. The founder of this platform believes that connected real-world objects and algorithms have become new stakeholders in the modern society. Therefore it’s imperative to define the rules for human interaction with them.

The Riddle&Code platform revolves around the concept of KYM, which stands for Know Your Machine. One of the issues about the Internet of Things is that it generates huge amounts of data. The users don’t own that data, nor do they even have access to it in most cases. It’s the cloud or other service providers that deal with the data. This apparent lack of proprietorship and access is a big problem in the IoT context.

In response to this, Riddle&Code introduces a principle where the use of NFC (near-field communication) technology and crypto chips allows determining who is authorized to access the data. The security of the crypto key exchange process between connected devices is the weak link of traditional protocols. Third parties may compromise it. Even the use of a strong symmetric cryptosystem such as AES (Advanced Encryption Standard) is not foolproof against man-in-the-middle attacks and master key interception.

With the Riddle&Code tagging and token system in place, it’s possible to eliminate this security issue as early as on the production stage by integrating the technology into the device and pre-configuring it. In this scenario, the key exchange workflow is implemented via NFC pairing, which is very difficult to tamper with. Ultimately, the user is the only person who owns the token for a certain range of devices. He has the privilege to define who can access the data created by these different components of the network.

Conclusion

In summary, the expanding machine to machine economy requires the existing Blockchain platforms to gain momentum in their progress and morph into more flexible and better-protected designs. IOTA focuses on facilitating payments and transactions in the economy of things by reducing fees down to zero and decentralizing data center networks. The Riddle&Code technology, in its turn, is intended to establish Contracts between humans and smart devices, define clear access privileges, and enhance the security of key exchange algorithms.