Firma: In IOTA We Trust

We are pleased to present Firma (it signs), a signer, encrypter and validator of locations.

2 comments

We are pleased to present Firma, the last part of Jura. “Firmar” is the Spanish word of the verb “to sign” and the translation of firma in English is “it signs“. In order to understand how Firma works, first of all, it is necessary to understand how all the parts of Jura (Faro, Graba, Ubica and of course Firma) fit together.

Jura’s architecture

Jura is not a monolithic tool, it is a Kura’s components based tool:

  • Jura: “It swears”; a set of Kura’s components to deploy trusted indoor positioning systems.
    • Faro: “Lighthouse”; a multimodal beacon.
    • Graba: “It records”; a recording system.
    • Ubica: “It locates”; an indoor positioning system.
    • Firma: “It signs”; a signer, encrypter and validator of locations.

What does the above mean? It means that in each particular device it is only deployed what is necessary. For example, in our tests, we use four Raspberry Pi with Faro and one Up Squared with Ubica and Firma. In the Up Squared, we activate the MQTT broker that Kura provides, Artemis. The Rasps use the MQTT client provided by Kura, Paho, which is used to send Faro’s detections to Ubica (properly speaking, Faro does not send anything to Ubica. It publishes in a MQTT topic to which Ubica is subscribed. Indeed, it is almost such as the whiteboard pattern). And where is Graba? Nowhere. It is used to analyze and improve the system, but it is not used in production.

Firma

Let’s go step by step. Firma is a feature composed by four Kura’s plug-ins:

  • iot.challenge.jura.firma: Firma’s core.
  • iot.challenge.jura.firma.web: Website for Firma with several tools.
  • iot.challenge.jura.pgp: Adaptation of The Legion of the Bouncy Castle libraries for Kura.
  • iot.challenge.jura.jota: Adaptation of the Jota library for Kura.

Note that we say adapted. The libraries are not only downloaded using Maven Tycho, but also their dependencies are established, their packages are exposed, their source code are patched (in the case of Jota) and they are compiled and added to Firma when the Kura’s deployment package is built.

The core of Firma

First of all, we would like to leave a message for novices and experts. These are our first advances in this area, so please, do not assume as a fact anything before investigating on your own.

As we indicated in our last post, making transactions to the tangle is computationally expensive, so unless you have a supercomputer at home it is not a good idea to use IOTA as a backend to deploy an IPS.

If you are looking for an IPS which offers the locations remotely and safely, why not considering what Benjamin Cabé proposes here? Moreover, you might design it, making the computational resources destined to each device to be positioned, proportional to the payment in IOTAs made to the address assigned to it. The more money you pay, the more accurate the location of this device will be.

The main question is, what do you want to do? Depending on that, you will need to use the data in one way or another. It is also crucial to understand that if we use an IOTA’s transaction to send data, we do it using the part of the transaction’s message used to prove the sender’s identity. Clearly speaking, anyone could generate the transaction, and it is obvious that in order to trust the messages we must trust the sender.

Thinking about everything discussed so far, it is possible to propose many ways to use the tangle to store information:

  • To prove the sender’s identity:
    • Signing the message.
    • Signing transactions’ addresses.
    • Encrypting the message (signed or not).
  • To know the locations of each device:
    • Specifying the device in the location.
    • Associating an address to each device.
    • Including all possible locations in each message (by the device or not).
  • To protect anonymity:
    • Encrypting the message.
    • Using MAM.

For our proof of concept we have developed two systems:

  • Public system: The locations are signed using the public key of the installation. Each location is sent to a specific IOTA address.
  • Anonymous system: Each location is signed with the public key of the installation and encrypted with a unique AES key. Each location is sent to a different address.

Public system

Do you want to publicly expose the locations, and anonymity is not a problem? Great! Use this. It obtains the locations generated by Ubica and tries to send to the IOTA as many locations as possible.

As we indicated here, we focus on positioning in nursing homes. So, what is the use of this system in our proposal? Publicly expose staff locations. Our main goal is to provide a tool which provides an unequivocal answer to questions such as, is a resident treated by the staff? Who is taking care of a given resident at a given time? Did the staff act diligently when an emergency occurred? Obviously, it is necessary to carry out an in-depth research work in order to give an objective answer to the previous questions, but we hope that our PoC will help to advance in this line of work.

Considering the bottleneck that the POW supposes, the system implements a selection algorithm to select the most appropriate location to send (is it a new device? Has not been sent information about it for a long time? …). In addition, the system can be configured as a Kura’s service, which makes it possible to fine-tune its behavior when the locations are selected.

publicly-service

In general terms, it can be said that the system tries to send representative locations.

Selected the locations, the next step consists of signing them. To do this, Firma provides a service to sign any message using PGP keys.

sign-service

The service can use an existing key or create its own. In this second case, it will publish it on a Public Key Server so that anyone can validate the signatures (this is cool, isn’t it? 🙂 ).

For example, this is one of the keys that we have created in our tests.

pgp-public-key-server

Using the private key the location is signed to generate a message like the following:

{
  "body":{
    "timestamp":1518773478473,
    "location":{
      "app":"jura",
      "installation":"installation",
      "device":"BE:AC:01:00:00:00",
      "point":{"X":8721,"Y":6405}
    }
  },
  "sign":{
    "hash":"SHA1",
    "value":"iLoEAQECACQFAlqGpQIdHEp1cmE6Ok9wZW4gSW9UIENoYWxsZW5nZSA0LjAACgkQ\ntjU5WSUA18xfCAP8D7qQ4m7Zyl8hSsrWF/E0tZd61oowCWoyQ+NDbuhwCBFZkpC9\n7FLgxAyC2bS52xiR9TMDpKx8AKRq6g4/W0LCUah1BvocSC/6/HGNyW8L2mGXDOgp\nUCqEAxyeO+nZ/bcbUC3LwDsi80Q5lEf2TQCUDPsm4vRuawMF6xEmTFEkmis=\n=kQyC\n-",
    "key":"b63539592500d7cc"
  }
}

Anyone can check that sign.value is a valid signature for body using the key 0xb63539592500d7cc that we have published in the PKS.

You may ask yourselves, how can I verify it? You will see it later ;). Now the important question is, what is done with the signed message? The signed message is sent to the IOTA public address using the IOTA Transfer Service provided by Firma (Important: NEVER show your seed).

iota-service.png

The system uses one of the addresses derived from the seed as IOTA public address so the public address will not be known until a location is transmitted.

After each transaction, an entry, similar to the following, will be added to kura.log:

2018-02-16 10:34:15,334 [pool-68-thread-1] INFO i.c.j.f.s.p.t.TransferServiceProvider - Transaction https://thetangle.org/transaction/SVZDF9IEQCIZBBLNRX9PZKBOUQZGCPJBQINOVMNLSLWNW9FGGLGCATURHUNDLDADMUEGBZNLQJBCA9999 completed (148 seconds)

Following the transaction link, it is possible to verify that it is an IOTA transaction with the signed message.

public-transaction.png

If you click on the IOTA’s address you will get the list with all the messages signed by Firma and sent to this address.

all-public.png

Maybe you are wondering, why so many pending transactions? In IOTA you decide how much POW to do, the more you do, the faster your transaction will be validated. At the beginning of our tests, we did not think that it would be necessary to increase the value in the short term… If you want to use Firma, you can modify ‘weight’ in the code to do more POW (or you can add a ‘weight’ parameter to the service).

Anonymous system

Do you want to store information anonymously? Being able to show it to a third party, and all of the above without risking the anonymity of the rest of your information? If so, perhaps you might be more interested in this part.

We have designed this system keeping in mind the families and the relatives of the nursing home residents. We believe that for ethical reasons (and possibly also for legal reasons) the location of nursing home’s residents should not be publicly exposed. To protect the privacy of a message that can be consulted by anyone, the only solution we conceived is the encryption of it.

A simple solution could be:

  • A unique PGP key is generated for each resident’s device.
  • The key is provided securely to relatives.
  • The locations of this device are encrypted with the PGP public key.
  • Only relatives can decrypt the location’s messages.

This approach is valid, but for us, it is not enough. It is due to a simple reason, how can a family member use a transaction as an evidence of a fact?

  1. Showing his/her private key.
  2. Downloading the message of the transaction and decrypting it.

We believe that the second option is much better than the first one. Currently, the second option is completely secure as long as private keys are not compromised. But when we say that it is not enough for us, we are not saying it from a security perspective, but from the user’s experience. We think that the user’s experience improves by doing the following:

  • A unique Device Identification Word (DIW) is generated for each resident’s device.
  • The DIW is provided securely to relatives.
  • For each message, a unique IOTA address and encryption key are generated deterministically. Since each key is unique, it is not necessary to use asymmetric cryptography. Instead, we use AES.
  • Using the DIW, relatives can generate the same addresses and encryption keys, being able to decrypt the location’s messages.

We believe that this approach improves the user experience without compromising security. Relatives can do the same as before (download and decrypt), but now they can directly use the IOTA transaction as evidence of a fact, with the benefits that this entails.

For the rest, the system works in the same way as the public system does, and its configuration is similar too.

anonymously-transfer

But, are you able to find the relationship between these two transactions?

anonymously.png

Firma web

This is the most beautiful part :).

Starting from Graba’s website, we have developed a website that allows us to test all the previous functionality.

FW

We must clarify that the web is not designed to be used for an end user. However, it would be very easy to adapt it for that purpose. It is also not adapted for a Nursing Home, BUT doing that is only a matter of changing the terms used (Publicly -> Staff, Device -> Resident, and so on).

Functionality

It has four sections, Publicly, Admin, Device and Anonymously.

Publicly

Are you using the public system? Then you can validate the signature of a transaction in this section.

publicly-validate

Admin

Are you using the anonymous system? Then you need to know the DIW of the device. Using the password set in the web’s configuration service you can calculate the DIW of any device using this section.

admin

Device

Do you have the DIW of a device and do you want to know its anonymous locations? You can do it in this sections.

device-locations

Anonymously

Do you have the data of an anonymous transaction and do you want to validate it? You can do it here.

anonymously

2 comments on “Firma: In IOTA We Trust”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s