We are interested in Blockchain technology.In addition to e-money,we want to use it to do something else to give full play to its technical features such as Tamper Proof, Traceability, Decentralization and use it in the IOT (Internet of Things) information security.
First we used Hyperledger’s fabric project and built a Consortium Blackchain. Due to equipment limitations we use docker to run peer and order nodes.
Considering the huge time delay and storage pressure of storing and retrieving IOT working data with Blockchain.We use a Khadas VM3 as an MQTT server to be a blockchain application node and an MQTT broker. The Blockchain issues special certificates for it to perform some special methods, such as recording the connection time, IP and header information of the client. In this way, we subscribe to relevant topics to obtain the working data of IoT devices.If two devices exchange working data, they do not need to connect directly (there is a risk of IP leakage) and communicate asynchronously. Log results of MQTT server operation
Since MQTT has some information security risks (plaintext transmission, identity authentication, etc.),we have to consider how to protect the data communicated through MQTT. Based on the powerful hashrate of Khadas VM3.We transplanted three encryption algorithms SM2, SM3 and SM4 for khadas VM3.SM2 is used to log in to the MQTT server (the Blockchain is responsible for issuing and verifying certificates) and SM4 is used to encrypt the working data of the device. Do you remember the storage pressure of the Blockchain mentioned? We package the working data of the device and store it in another database, extract its data digest with SM3, and store the data digest, SM4 key, database address, client ID in the Blockchain.
By the way, we added Homomorphic Encryption, which can be used to let the server help the device with the calculation without exposing the data content.
We extended ZigBee communication for Khadas VM3, using a Khadas as an MQTT client to transmit encrypted data. MQTT Data Transmission Test (SM4 Encryption)
Although the data sent by the device is encrypted, we still do not want others to subscribe to my topic casually.We added a related method of subscribing to the topic in the Smart Contract.In short, Blockchain stores which topics are published and subscribed to by the device.If you want to subscribe to other people’s topics,you need to get the topic authorization through a key. A similar approach is used to obtain database data.
Based on the above-mentioned approaches, we basically solved the security risks that may exist in the exchange of data between IoT devices.We are still developing web applications for this project.Due to the lack of front-end development capabilities we used an open source demo.
We tested the throughput of the device login certification and the effect was relatively satisfactory.Because we did not have more than 1,000 devices that would connect to the server at the same time.
