Securing IoT devices and databases

From ArdorDocs
Revision as of 13:03, 31 March 2020 by Almonte (talk | contribs) (Text replacement - "|titlemode=append" to "|titlemode=replace")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


This tutorial explains step by step how to extend the Ardor functionality for allowing the integration of centralized databases within the public Ardor blockchain. Although it is focused on sensor data, it can be extrapolated to a vast extension of similar use cases.

Smart sensors and other IoT devices are set to play a crucial role in transforming business workflows as the cost-saving advantages of automation expand into more aspects of our everyday lives. The global smart sensor market alone is set to nearly triple in size by 2024, growing from $30.8 bn in 2018 to $85.9 bn in just 6 years.

With more of these devices deployed in crucial aspects of service delivery, the challenge of securing the historical data produced by these devices is mounting. That's where the blockchain comes in.

Jelurida's Blockchain Anywhere project allows the Ardor platform to function at full capacity on any device running the Android 8 operating system or later. This development brings an unprecedented level of security to your data through an advanced timestamping and querying system permissioned to your specific userbase and backed up by a truly immutable, decentralized public blockchain network. In addition to the security strengths of a private blockchain, this hybrid approach provides added benefits including the ability to instantly tokenize value, execute conditional payments, and exchange data across an ecosystem of company-specific ledgers. Any device running on Linux with Java 8 or later can utilize the full Ardor package to get access to these exact same powerful features.

Architecture of the solution

The schema that describes how this solution works is as follows:

Schema of the solution

The basic concept is to combine a normal database for storing sensor data with unique reference identifiers on the public blockchain. When the centralized database receives new inputs, a pre-programmed condition triggers that batch of data to be hashed and published on the Ardor blockchain as an account property of the master IoT account. Each batch is represented as a group ID.

Afterwards, a common SCALA-like system queries all necessary data directly as an API operation with no need to have direct communication with the centralized database. As the security is highly important, SSL must be activated in the node as for instance it is explained in the tutorial Configuring HTTPS on a standalone Ardor installation

Finally, all data can be audited for whether the hash on the public blockchain matches the hash on the file in the centralized database - providing clear evidence of data-tampering.

For a sense of what this might look like in practice, read overviews of potential use cases in utility delivery, supply chains, and more.

H2 database

In this example the table that stores the sensors data might be as the following:


It is important to define a primary key. In this case the 'dt' column is the primary key. Once the data is getting into the data group ids are created as defined in the code:

Data example

Add-on for extending the Ardor's node functionality

As shown on the architecture diagram, the add-ons functionality of the Ardor software enables the possibility of creating new APIs.

Proof of concept

The add-on is developed for initiating the database, inserting and querying data in the H2 centralized database through an API, and checking the correctness of the data of the table.

An example of how to develop this add-on is as follows

Class for managing the add-on

It can take care of the personal bundler for sending zero fees when setting up the hashes as account properties, as well as managing the properties and setting up the add-on operations

Class for the centralized database operations

This class would have the methods for interacting with the centralized sensor data

Class for the managing the centralized database

This class would create the table for the sensor data in case it was not created previously.

This secure process is facilitated thanks to new functionalities introduced specifically for Android IoT devices on the Ardor platform, including the following APIs:

Class for inserting sensors' data

This class can contain all the code related to the insert of the sensor data.

Class for the query of the sensors data

It can contain all the code related to the query of the sensors data.

Class for checking the hashes

It can contain all the operations needed to check that the hashed data of the database is the same that the hash that was previously calculated and stored on the blockchain.

Add-on configuration

Being an add-on, it is recommended to store some parameters in the such as:



iot.secretPhrase=I won't tell you

Where iot.hashBatchSize can be the number of inserts that triggers the hash data consolidation on the blockchain. The higher the value, the more secure is the hashing as it will be more hard to predict. It has to be adjusted to a value where the hashing occurs frequently and provides a highly unpredictable hashes.

iot.secretPhrase can be the secret phrase of the master account that stores the hashes.

 in this example it is needed for activating the add-on

How the solution works

In this section it is explained how to test this solution. Once the node is up&running with the add-on configured, the sensor table is created. Accessing to the add-ons page you will be able to send, query and check data:

Add-on activated

Sending sensor data as a JSON message

The operation insertIotDatabase is used for sending sensor data. For instance the following JSON message can be used:


The output is as follows:


Once the insert triggers a hashing, the output is different as shown in the following image:

Insert with hashing

Querying the database

In order to query data, the operation queryIotDatabase has to be used, using either the sensorid or the groupId or both as parameters:

Querying the H2 database

Checking the public blockchain hashes

In order to check that the data has not been tampered, the operation checkHashIotDatabase has to be used. As parameter the groupId selects the batch of data and it outputs a message as follows:

Checking the correctness of the data

The computedHash must match with the blockchainHash, if it does not then it means that the data has been tampered and we can't trust it.

For instance, manually modifying the data would cause that the hashes mismatch as it can be seen in the following image:

Hashing mismatch


Hybrid models that combine the blockchain's data security with centralized systems are being demanded by the market. This approach allows businesses to maintain internal ledgers while benefitting from the tamperproof record keeping and peer to peer value exchanges offered by public blockchains, all while scaling similarly to purely centralized solutions.

This proof of concept can be extended with Lightweight Contracts for automation, operational decision management, execution of rules and usage of the data.

Granting access for the H2 sensor data can also be secured using blockchain capabilities, for instance by using Tokens.