Telstra explores blockchain, biometrics to secure smart home IoT devices

Telstra's efforts to blockchain IoT are being augmented by identity verification using voice, fingerprint, and facial biometrics.

Telstra is experimenting with a combination of blockchain and biometric security for its Internet of Things (IoT) smart home offerings, according to Katherine Robins, principal security expert at Telstra.

After conducting real-world testing of the Ethereum, Apache Hyperledger, and Ripple blockchains, Robins said she questioned whether a solution could be found for devices with a tiny amount of storage through blockchaining IoT.

Initially, the telco began testing its ADSL T-Gateways before moving onto its string of smart home products.

"What we did is we signed the firmware, so we ran a cryptographic hash of the firmware and of the configuration, and then we monitored it against the blockchain," Robins, speaking at the Telstra Vantage 2016 conference in Melbourne on Thursday afternoon, explained.

"A private blockchain ... gives you the ability to have that resolution time very, very short. Those of you who know anything about bitcoin knows that it can take a long time to attach something to the blockchain; it's in excess of 10 minutes. If you've got a permissioned blockchain, and it's a smaller user base, you get the ability to do it faster, and if you're not attaching a lot of data and you're just doing hashes, then it's almost immediate.

"What we found is we had real-time tamper detection and tamper resistance on our environment. So we started looking at, 'OK, here's my hash of the configuration', and then I would go in and tamper with it, and see how quickly it noticed it was out of sync. It took less than a second."

As a result of the successful tamper-detection testing, Telstra then moved on to extending the blockchain trial to more of its IoT devices for the home, including the switches and cameras. As the testing progressed, however, Robins said she became concerned about security -- more specifically, the lack of identity verification.

"Effectively, if you're going to run a smart home environment, you're running it off an app on a device," she pointed out.

"If I have malware on that device, and then my phone's compromised; I can no longer validate whether that is me controlling that phone. So we started tying in identity into this. And the way that we did that is we started looking at biometrics, so we did facial recognition and voice recognition, and we tied those fingerprints to the blockchain so that could not be tampered with."

By integrating biometrics into the app and the blockchain testing, Robins said users could then validate their identity.

"This rounded it out for us -- so we had our blockchain-backed tamper events on devices, and we had the ability to verify the identity of the person who was accessing the device at a point in time via biometrics."

According to Telstra's principal security expert, the use of blockchain makes security across IoT devices much more efficient and cost effective for organisations.

"Let's say we didn't use blockchain and we were going to push out an IoT system today and you wanted to write security -- you would have to push out digital security certificates to those," Robins said.

"So then you've got certificate management, certificate revocation, and all the horrors that come with it, plus the cost of the certificate."

The IoT testing was conducted across low-power (LoRa) networks.

"Obviously, for IoT, we're talking low-band networks, so we validated that we're not chewing up a lot of bandwidth and we could run it on a LoRa network, so very, very small signatures [and] very, very small packet sizes in traffic," she said.

Telstra unveiled its Telstra Smart Home hub alongside 10 smart devices for the home in June: A smart lightbulb, a window sensor, a door sensor, wide-beam motion sensors, a smart power plug, the Lockwood smart door lock, a smart thermostat, an outdoor Wi-Fi camera, an indoor Wi-Fi camera, and the Smart Home hub itself.

In terms of the IoT network to be used into the future, Telstra has previously pointed towards the narrowband (NB-IoT) network.

Robins said Telstra is also experimenting with using blockchain for legal interception, environmental sensor monitoring, car safety, agriculture, network operations, fraud, compliance and audit, and e-voting.

Australia Post similarly suggested using blockchain for e-voting last month.

In a submission to the Victorian Electoral Matters Committee, the government-owned postal service said community expectations are driving the push towards digital voting, and that it would be looking to put its prior work with blockchain to use.

"The emergence of crypto currencies on the technology known as blockchain have highlighted opportunities to repurpose that technology to capture various digital transactions in immutable, distributed and secure ways," Australia Post State Director, Victorian Government and Tasmania, Tim Adamson said in the submission.

"In many ways voting is an ideal use case for blockchain technology application beyond crypto currency."

Like Robins, Adamson said using blockchain would provide a tamper-proof solution; and earlier in August, Australia Post Accelerator partner Rick Wingfield also said blockchain could be used to physically process identity verification.

"When we think about the blockchain, we don't want to take people's private information and put it on a public ledger because that would very quickly become a honey pot for scammers and hackers, and even if that data was encrypted that's probably not a good idea," Wingfield said.

"We do, however, think the technology has a really good use to creating a lot more control for the citizen; putting citizens in control of their data, and potentially using the two key infrastructure for citizens to jointly encrypt their data with whichever government, department, or corporate that owns that data, so it can only be unlocked with the two keys."

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All