Data is becoming the new oil of the future as a result of the increasing digitalization of production processes. The Industry 4.0 vision and the IoT offer untapped potential for determining and processing this data. At the same time, this opportunity comes with considerable risks in terms of IT security and data protection. This is because the communication and interaction of millions or even billions of networked machines and sensors also offers an enormous attack surface and a wide variety of gateways for hackers. Consequently, there is a need for a secure basic technology that regulates the communication of a wide range of IoT devices.

The DAG principle

Third-generation blockchain technology is considered a promising approach for this. This is not really a blockchain at all, but a so-called directed acyclic graph (DAG), which merely makes use of the positive blockchain principles. The DAG principle is based on a distributed, decentralized data structure that stores transactions transparently, chronologically, immutably and quantum computer-resistant in a network.

Figure 1: With the MAM principle for encrypted data streams, only authorized parties can read and reconstruct the entire data stream. Users can determine their recipients by giving them a key (side key).

© Accessec

The decisive factor is that, unlike previous blockchain models, the DAG does not require transaction fees, is partition-tolerant and theoretically scalable without limit. IOTA's approach is that the network (all nodes worldwide) does not have to synchronize and store the entire database. This makes it possible to 'build' smaller side DAGs alongside the main DAG - even without an internet connection.
Synchronization with the main DAG takes place as soon as a connection to the Internet is established. Scaling is ensured by performing so-called snapshots. This is a procedure that cleans up the entire history of the DAG at a defined point in time and checks that it is correct. The transactions are then securely stored in so-called permanodes and the decentralized nodes are emptied. The nodes therefore do not have to operate with a history from time zero.

In the diagram shown (Figure 1), for example, each square represents a sent transaction. Each time a new transaction is sent, there is an automatic confirmation of two previous transactions in the network (see the two arrow lines extending from each transaction to two other transactions). The gray boxes on the right represent new (non-validated) transactions. The blue boxes symbolize transactions that have been validated several times. Transactions that have been validated enough times to be accepted as 'confirmed' by their recipient are represented by green boxes. For confirmation, a proof of work must be performed by each node (simply put: a mathematical problem must be solved). The Proof of Work is also intended to prevent spam and Sybil attacks.

Compared to other blockchain protocols, this process is lightweight and can be carried out by all small devices. Unlike with the blockchain, the user is also the validator (often also called the miner). This eliminates the need for the computationally intensive mining principle and the current centralization of validation in mining pools (few but very large mining farms). By eliminating miners, the DAG protocol also manages without transaction fees.

Interoperability offers opportunities for the industry

As IOTA - like its predecessors Bitcoin and Ethereum - is also a cryptocurrency, it is frowned upon as such by skeptics. However, security experts such as Accessec warn against a quick condemnation and see it as a possible, secure approach to the Internet of Things, especially for industry. After all, IOTA is more than just a payment system. Companies that adapt DAG technology are in a much better position to support and implement their IoT visions.

Figure 2: In contrast to blockchain, the DAG principle is more of a network than a chain.

© Accessec

One of the biggest advantages is the interoperability of the protocol. In fact, IOTA can link different IoT devices and products with each other. The communication of the IOTA protocol is not limited to UDP and TCP, but can be open, for example via Bluetooth or ZigBee. The IOTA Foundation is also striving for interoperability with other payment systems and blockchain protocols (such as Ethereum, RSK, Qtum and Hyperledger) by means of 2nd layer solutions. With the implementation of the solutions described below, links to other standardized industry protocols, such as OPC UA, are also possible and comparatively easy to implement.

Overall, IOTA offers major and security-relevant advantages. Data and transactions can be transmitted and stored directly on the DAG. Not only can different use cases be mapped in this way, but also different functions through extensions to the protocol itself.

For example, an extension called 'Qubic' is currently being implemented. This should enable 'smart contracts', 'oracles' and 'outsourced computing' in the near future. In the case of smart contracts, for example, we are talking about programmable conditions that are linked to a transaction. Oracles, on the other hand, are intended to provide information for smart contracts from outside the DAG. A 'quorum consensus process' is intended to ensure that this information from external sources can be trusted without the need for central authorities to control it. Outsourced computing should also enable the outsourcing of computing capacity that cannot be processed locally with IoT devices. What's more, it should be possible to purchase additional computing capacity in the future.

Masked Authenticated Messaging (MAM) is already available for this purpose, with which data streams - for example from sensors - can be sent to the DAG in encrypted form and stored. Data access can be controlled via a key. MAM thus enables integrity, data protection and data access management in use (see Fig. 2).

This function is also the basis for the IOTA data marketplace, in which 69 well-known companies and institutions worldwide, primarily from the industrial, communications and IT sectors, are already participating. The marketplace ensures that the data remains valuable and can continue to be used thanks to its tamper-proof nature and end-to-end data verifiability. The integration of MAM also ensures compliance with the EU General Data Protection Regulation. The platform creates an alternative to the previous approach of locking up the overwhelming majority of data (also due to security concerns) in so-called data silos and leaving it unused, and is open to anyone who wants to provide and use sensor data and new data-driven applications.

Industrial applications

The use cases for industry are virtually unlimited. At the moment, potential adaptation and strong interest can be observed in the area of autonomous (electric) cars, production data and supply chains. Fujitsu, for example, presented an Industry 4.0 proof of concept for production lines that are representative of smart factories. Part of the concept is a use case for audit trails and transactions, with which a user is able to collect, process and fully visualize production data. Essentially, this enables production control and microtransactions between productions in order to ensure the monitoring of machines and production. Each individual component can be tracked in detail. Additional means of controlling and monitoring machines are therefore obsolete. The data collected could be displayed on a dashboard at any time. This case illustrates that IOTA can monitor the work of machines and also automatically ensure collaboration and the exchange of resources between companies through the free transfer of monetary units.

Fujitsu is currently working on integrating IOTA into its IoT suite 'IntelliEdge'. It is also repeatedly promoting its 'PalmSecure' authentication system, which is to be used by means of biometric palm vein data and IOTA. Fujitsu is thus aiming for a user-friendly and hygienic way of verifying identity. In the future, this could be used primarily in medical areas and laboratories, but also in all areas where a quick and clear identity is required.

RWTH Aachen University also recently demonstrated the advantages in an IOTA proof of concept. The university used IOTA to solve the problem of physical material fluctuations and process uncertainties that are always physically and statistically present. Although all components in an industrial environment have to meet the same requirements, subtle deviations cannot be eliminated. RWTH Aachen University has already been able to make this individual information and deviations publicly available in initial trials using digital twins of the components. To this end, production data from fineblanked parts was extracted from the machine control system in real time, encrypted and stored in the tangle. Data such as the punching force, the press stroke or the material name can be retrieved at any time via a MAM channel. In this way, potential suppliers would be able to adjust components downstream according to their properties and increase end customer confidence.

However, it is not just companies that are interested in IOTA, but also institutions such as the UN and local authorities. Taipe, for example, will use the IOTA DAG as the basis for the smart city of the future. Among other things, there will be a DAG-based ID card to prevent identity theft and electoral fraud. It will also make it possible to track medical history and other data for government services.

The potential is unmistakable, even if the opportunities and risks still need to be weighed up at the moment. And although the DAG is currently still largely in the beta phase, initial use cases disprove that this is merely a 'fad'. In the industrial environment in particular, there is an opportunity to make production faster, cheaper and safer.

Author: Sebastian Rohr is CEO at Accessec.