There is a lot of buzz around cryptocurrencies – will BTC be over $20,000 by the time this blog post goes live? 🙂 – these days, but beyond the hype, one thing is pretty clear: it enables a decentralized economy that is particularly interesting to look at from an IoT perspective.
For the Internet of Things, I believe the role of cryptocurrencies and distributed ledgers is threefold:
- monetization of IoT data – cryptocurrencies make it really easy to implement scenarios where data producers can get a financial compensation in exchange for the value provided by the data they expose. Think of a weather station you would put on your balcony: people or corporations could have access to the feed of sensor data in exchange for some tokens.
- smart contracts – taking monetization a step further, smart contracts can enable higher-order, secured, transactions to automatically take place on the network. If you take the example of the weather station, you could sign a smart contract with a 3rd party whereby you get paid for giving access to your sensor data if and only if you can provide an uptime of at least 99%. Note that this would probably require a trusted third party responsible for checking your uptime and storing it in the ledger.
- security – manufacturers can use a distributed ledger to store information that can be used to help securely bootstrap IoT devices, by e.g allowing customers to check the authenticity of a chip.
In this blog post, we will focus on the first topic: monetizing IoT data.
For that, we will look at leveraging IOTA’s distributed ledger. We will be showing how anyone can be given access to “simple” IoT sensor data on an MQTT broker, while only people who are paying for it will be able to access the live, raw, data stream.
Use case
We will be basing this article on the use case of someone, let’s call her Jane, willing to give access to a live sensor data stream coming from a smart plug, granted that she gets some money (iotas) in return 🙂 .
The instant power consumption metrics will be published to an MQTT broker twice per second, making for a pretty accurate sampling that people might be interested in buying. On the same MQTT broker, Jane will also be making available the 1-min moving average of the power consumption for anyone to access, even if they don’t necessarily want to pay extra money.
When John, who is maybe a data scientist interested in getting his hands on “real” data wants to get the power consumption from Jane’s smart plug, he has two options:
- access the MQTT broker and subscribe to data published on the ‘public’
sensor/1m
topic, for free, - send some IOTAs to Jane (she’s decided that 500 iotas is what people should pay to access the data for one hour), for his MQTT client to be granted access to
sensor/live
topic where the live, and more valuable to him, data stream is being published.
Technology being used
- Eclipse Mosquitto as our MQTT broker of choice.
- Two IOTA wallets, one where the payments to Jane shall be sent to, and one for John to pay for accessing sensor data
mosquitto-auth-plug, a flexible authentication plug-in for Mosquitto. We will use it for implementing a flexible access-control model, based on the information available on the IOTA tangle (i.e payments)- The ACLs (access-control lists) will be stored in a MongoDB database, used as the authentication backend for mosquitto-auth-plug
- A Belkin WeMo Insight smart plug.
Demo
Enough with the words! I’ve put together a video (click here if the video doesn’t show up below) that shows the whole scenario in action. While you will quickly realize that I do a bad job impersonating Jane and John, what I hope you notice is that this is a real demo, and anyone can implement something similar today.
The technology is here, and while it has some limitations, I do think it’s worth exploring what new scenarios it enables.
Check out the code
I have published all the code behind this proof-of-concept on my Github repository, please check it out and open pull requests or issues if you happen to give it a try!
Next steps?
This is obviously a simple proof-of-concept, and I am almost certain it is not free of security issues. I would certainly be happy to hear from you if you have feedback :smile:.
I see at least two things that would be worth improving:
- IOTA transactions, just like with many other distributed ledgers, can take a significant amount of time before they get confirmed. Having to wait for a couple hours after you’ve made a payment to effectively get access to the data can seriously impact the user experience. A nice improvement would be to rely on IOTA Flash Channels, as they allow to perform instantaneous, off-tangle transactions.
- In the current PoC, the Mosquitto server only accepts connections from a list of users already agreed upon. This wouldn’t be difficult, and much smarter, to allow anonymous access to anyone, and let clients interested in having full access to the data indicate in their payment message the username/password they plan on using when reconnecting as authenticated clients. This information should, of course, be encrypted with a key only known to the client and the server – this key, unique for each client, could be broadcasted to anonymous clients on the $SYS topic, for example…
Do you see other areas for improvement? Have you seen similar solutions implemented with other cryptocurrencies?
Note that the IOTA folks have recently announced an IoT data market that seems to implement a similar idea, but I haven’t had time to look into it closely.