Links

Trusted IoT Data

Introduction

W3bstream is more than just a framework for deploying DePIN (Decentralized Physical Network Infrastructures) projects rapidly; it also embodies a methodology that leverages blockchain and IoT technologies to design these projects effectively. A crucial aspect of DePIN projects is the concept of "Trusted Data," which ensures the reliability and integrity of the data generated by authorized devices. In this document, we will explore the significance of Trusted Data and its implementation within the W3bstream ecosystem.

The Three Components of a DePIN Project

A typical DePIN project consists of three main components:
  1. 1.
    Devices: These are physical devices that capture data from the real world through sensors or other means.
  2. 2.
    Cloud Layer: This layer, whether centralized or decentralized, receives, processes, and optionally stores the device data. It also computes proofs of real-world events based on the received data.
  3. 3.
    Blockchain Smart Contracts: These contracts implement a token economy and are triggered by the proofs generated in the cloud layer.

Importance of Trusted Data

For the token economy of a DePIN project to function effectively, it is vital that the proofs generated can be trusted. To achieve this trust, the source device data must also be trustworthy. This is where the concept of "Trusted Data" comes into play. Trusted Data refers to data that is generated by "Trusted Devices" and can be relied upon for accurate and valid proofs.

Implementation of Trusted Data in W3bstream

Where possible, the W3bstream methodology enforces the concept of Trusted Data through the following steps:
  1. 1.
    Device Identity Registration: When a device is manufactured, a public/private key pair is generated by the firmware. This key pair serves as the device's decentralized identity, registered in a dedicated smart contract on the blockchain known as the "Registry of Authorized Devices." This registration ensures that only authorized devices can participate in the network.
  2. 2.
    Device Binding: When a device is obtained by a user, a binding operation is performed to associate the device with the owner's blockchain account. This binding record is stored on the blockchain, often in a "Device Bindings" contract. This step further strengthens the trustworthiness of the device and its generated data.
  3. 3.
    Data Message Signing: When a device generates a data message, it uses its factory private key to sign the message. The device attaches the signature to the message itself before sending it to W3bstream.
  4. 4.
    Message Verification: W3bstream is capable of verifying the message signature using blockchain records. It ensures that the data has not been tampered with and confirms that it has been generated by an authorized device. This verification step establishes the trustworthiness of the data within the W3bstream ecosystem.

Enhancement of Security

Secure elements and TEEs

Secure Elements or Trusted Execution Environments (TEEs) are crucial components in the security IoT applications, especially in the context of Decentralized Physical Network Infrastructures (DePIN) projects. The utilization of Secure Elements or TEEs integrated in your devices is paramount to shield the generation and usage of private keys, serving as the identity of the device and ensuring secure, authenticated transaction signing.
Private Key Generation and Storage: Secure Elements or TEEs generate and store the private keys within an isolated, secure environment, protecting them from unauthorized access or potential breaches, ensuring that the keys never leave the secure enclave.
Device Identity Assurance: The secure generation and storage of private keys assure that the device’s identity is authentic, immutable, and unclonable, which reinforces the concept of "Trusted Devices" within W3bstream.
Data Signing: Devices, by leveraging Secure Elements or TEEs, can securely sign transactions or data messages. This secure signing mechanism guarantees the integrity and authenticity of the transactions, making the data more reliable and trustworthy.
For the sake of an example, this tutorial shows how to use a secure element that is integrated on an Arduino Nono 33 IoT board to generate a public/private key pair and sign W3bstream messages using the popular ATECC608A secure element that is integrated on the board:

Secure boot

In addition to the implementation of Secure Elements or TEEs, integrating Secure Boot is vital to enhance the security in DePIN projects. Secure Boot ensures that all the software components loaded during the boot process are signed with a trusted signature. It verifies the integrity of the device’s firmware, bootloader, and operating system, protecting against unauthorized or malicious modifications of the device behaviour.
Robust Foundation for Secure Elements/TEEs: Secure Boot provides a secure and reliable foundation, complementing the Secure Elements or TEEs, by ensuring that the environment in which these components operate is secure and uncompromised.
Increased Data Reliability: The chain of trust established by Secure Boot ensures that the device operations and the data generated are trustworthy and reliable, reinforcing the effectiveness of the Trusted Data Framework in W3bstream.

Benefits of Trusted Data

The implementation of Trusted Data within W3bstream offers several benefits
  1. 1.
    Reliability: By ensuring the authenticity and integrity of the data generated by authorized devices, W3bstream can compute reliable and trustworthy proofs for smart contract verification.
  2. 2.
    Decentralized Consensus: Leveraging the decentralized design of W3bstream, consensus can be reached automatically on the results of trusted data computations, enabling blockchain-verifiable proofs of real world facts.

Conclusion

The concept of Trusted Data plays a crucial role in the success of DePIN projects within the W3bstream ecosystem. By enforcing device identity registration, device binding, and message verification, W3bstream ensures the integrity and reliability of the data generated by authorized devices. This Trusted Data forms the foundation for accurate proofs and enhances the overall trustworthiness and efficiency of DePIN projects.

Next steps

the "Academy" section on the IoTeX Developer portal includes several tutorials and full demos of simple DePIN projects that include a possible implementation of the Trusted Devices and Trusted Data methodology.
This tutorial in particular is dedicated to the basics of implementing it using W3bstream, including example smart contracts: