Blockchain IoT Security: An Interview with Xage’s CEO
There are a lot of companies hoping to cash in on the blockchain of late. Kodak has plans to launch KodakCoin, a blockchain cryptocurrency aimed at photographers. Then there is Long Island Iced Tea Corp., which recently rebranded itself as Long Blockchain Corp. and Vapetek Inc., an e-cigarette manufacturer that changed its name to Nodechain Inc.
But there are also scores of promising projects that leverage blockchain technology for non-cryptocurrency-related applications such as cold chain logistics and blockchain IoT security. The startup Xage, which recently came out of stealth mode, is targeting the latter. Because of the distributed nature of many industrial IoT deployments, a centralized and manually administered security architecture is ineffective and can be overwhelmed by vast IIoT implementations with thousands or even millions of endpoints. Conversely, a blockchain-based security system can grow more secure as the number of network endpoints grows.
We recently reached out to Xage’s CEO Duncan Greatwood to hear his thoughts on blockchain IoT security and the types of IIoT deployments that are the best match for blockchain.
What do you make of the current state of blockchain adoption as it applies to IoT?
Greatwood: Real deployments are happening now to enable distributed security with blockchain, and will grow much bigger through 2018 and 2019.
From left to right, Xage VP, products Roman Arutyunov, CEO Duncan Greatwood and VP, engineering Susanto Irwan.
Notably, blockchain is being adopted in the industrial sector for transaction and trading systems, and for distributed security systems like Xage (for enrollment, access and application security) and Filament (for network security). Of course, the growth of cryptocurrencies is also helping to drive the maturation of blockchain technology and its implementations.
In systems like Xage’s, blockchain may be synthesized with other technologies that can bear part of the burden of scalability and real-time operation — the intent being to get the “tamper-proof system of record” benefits of blockchain while still enabling scalable, high-performance systems.
Do you have any advice on how to separate blockchain hype from reality?
Greatwood: You can separate blockchain hype from reality — and determine specific applicability — by examining your requirements.
If you are trying to solve for requirements such as tamper-proofing, distributed and autonomous operation, decentralized multi-vendor interoperability, and self-healing scalability in the event of an attack by hackers, then blockchain can be a highly appropriate — and readily available — solution. In fact, if a vendor is not using blockchain for those kinds of requirements, they are likely using less-proven or less-thorough technology stacks that may be more vulnerable, less flexible and less capable than blockchain.
Alternatively, if you don’t have those kind of requirements, then you might not need blockchain and a more traditional software stack might serve.
What are the top applications of blockchain IoT security technologies?
Greatwood: Zero-touch deployment / new device enrollment: As this process must be handled in the field by definition (it may well be multi-vendor) and requires holding sensitive security information in the field to enable it, you need a tamper-proof and confidential data storage system — blockchain — for the edge.
Authentication of people and applications accessing industrial devices: Again, this process is distributed, and identity and access-rights information must be consistently held securely.
Peer-to-peer in the edge: For machine-to-machine co-operation, the need for distributed capability is obvious — relying on a central authority for decision making is inefficient. Blockchain technology is capable of becoming more secure the more machines are in the system. This capability allows for the realization of this foundational requirement.