Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.

moonshot

Sending bitcoin #ToTheMoon. Literally.

moonshot / general

Smart Contracts + IoT device + Extensible Markov Models (for anomaly detection)

Smart Contracts + IoT device + Extensible Markov Models (for anomaly detection)

moonshot/general · June 5, 2018 at 10:56pm

Smart Contracts + IoT device + Extensible Markov Models (for anomaly detection)

moonshot / general · June 5, 2018 at 10:56pm
Brainstorm for trustless private key generation

Smart contract that is connected to an IoT device and generates a private key connected to a public key at a predefined point in time. This private key is transmitted to the IoT device stored in the rocket's payload directly before launch. The smart contract generates a public key that is sent to a public destination and transmits the private key directly to the IoT device that will be sent to the moon. These keys are inherently linked and can be used together to access the crypto prize. The keys are generated at random with no need for human interaction.

How to prove the key was actually transmitted to the IoT device?
Synchronize the IoT device to the smart contract in a way that mathematically minimizes the packet error of the uplink to the IoT device.
https://arxiv.org/pdf/1711.00540.pdf ^ (Analysis of the Communication Traffic for Blockchain Synchronization of IoT Devices)
How to prove no eavesdroppers listened in on the creation of the private key?
Answer lies in the research article about utilizing chains of Extensible Markov Models for anomaly detection in IoT devices. Simulate what it would be like to have someone trying to gain access to the private key in the IoT device and then create EMM models based off of that.
https://arxiv.org/pdf/1803.03807.pdf (CIoTA: Collaborative IoT Anomaly
Detection via Blockchain)

The problem is that a human would have to write the smart contract that would generate the keys which allows for a loophole in the system and therefore is not completely trustless.
We would need to have a third party with extensive experience in smart contract auditing (OpenZeppelin) verify the legitimacy of the theoretical smart contract. After the proposed smart contract is completely vetted, there needs to be a "Ceremony" similar to Zcash's methodology in deploying the smart contract to the Ethereum mainnet.
We would also need to optimize the synchronization between the blockchain and IoT device so that once the private key is transmitted to the device before launch, the time period that a malicious agent has to interfere with the system is minimized.

Maybe we can have several decoy devices to trick the hacker into not knowing which one will contain the legitimate private key. That way there are multiple variables hindering the malicious agent from hacking the system (multiple decoy devices with transmitted private keys, EMM's trained for anomaly detection in the IoT system.

The IoT device needs to have a personalized container that protects the device from radiation, vibration, temperature, robotic interception, etc.

Also, we would need to figure out what type of connectivity would allow for the device to transmit its location back to earth within several meters. IoT devices in their current state pose several limitations such as limited connectivity and communication resources. Particle has an abundance of IoT hardware kits and is rolling out IoT devices with LTE connectivity in 2018. Not sure if LTE would be enough to transmit the devices location back to earth.
https://www.smithsonianmag.com/smart-news/cell-coverage-comes-moon-180968298/
How to store multiple crypto keys in the device?
I believe this could theoretically be accomplished by a solidity smart contract mapping that links one parent address to multiple child addresses (different crypto private keys)




June 6, 2018 at 2:12am

Getting a bit technical for me but the big thing is that 100% trustless is impossible. Even if you audit smart contract code, you're trusting that your computer monitor is displaying it properly. I'll second OpenZeppelin but if we're going to rely on a 3rd party security firm in the end, it would be a lot simpler to do what I described in my earlier Spectrum post:

https://spectrum.chat/moonshot?thread=498e3ace-2aad-4b9b-acc2-ea61f22889cf

Like I said though, this is a bit over my head so maybe it's worth it in a way that I don't understand. However, even if it's only slightly worth it from a technical security perspective, key ceremonies and Markov models might be plenty worth pursuing for the marketing value. For example, a key ceremony sounds like a badass thing straight out of a secret society so even if it only adds a small layer of additional security, it's an event to get the public excited and it shows we took every possible precaution.

  • reply
  • like

June 17, 2018 at 11:48am

Thinking more of the last mile and IoT device itself...

How do we make sure the device has not been previously tampered with?

Futher, I really do think the connectivity could be an issue, how do we make sure that the device has a connection to earth? Did you guys get info from the ESA regarding that?

  • reply
  • like
Your message here...

*bold*_italic_`code````codeblock```