Energy Web is a non-profit organisation focused on building open-source, decentralised operating systems to help decarbonise the global economy. Energy Web offers its open-source stack to organisations to build their applications, or Energy Web will assist organisations in developing applications of the open-source stack.
The EW-STACK is a suite of open-source tools built off the Energy Web Chain, the world’s first public, enterprise-grade blockchain tailored to the energy sector. With this technology, the Energy Web community has grown into the world’s largest energy blockchain ecosystem, developing 46 projects of impactful action in 21 countries for 41 partners.
As more IoT devices are deployed in the field and distributing energy assets becomes increasingly common, protecting the infrastructure security of these systems is of utmost importance. Energy Web wanted to provide a highly secure solution for energy assets that is just as simple as their EW-STACK when it comes to security at the device level.
Three methods to achieve security
Targeting aggregators and original equipment manufacturers (OEMs), Energy Web identified three methods of storing private encryption keys within a device – firmware, which is not safe and easy to tamper with; or an embedded secure element or trusted platform module (TPM), which would place the onus on OEMs to add integrated circuits and that was a burden Energy Web didn’t want to pass down.
The GSMA initiative IoT SAFE addresses how the SIM or eSIM can be employed as a secure hardware element for chip-to-cloud security. It still needs to go further to meet the needs of OEM and aggregators. Building on IoT SAFE, Kigen’s OPEN IoT SAFE offers a solution for Energy Web to use the eSIM as a hardware wallet anchored to an open-source, publicly accessible blockchain.
Energy Web has partnered with Kigen, a pioneer in IoT security through eSIM and iSIM hardware and KORE Wireless, an MVNO, to implement the OPEN IoT SAFE based solution, which is an open-source method for third parties to use Energy Web cryptocurrency features to store their private encryption keys and sensitive credentials in the crypto-safe enabled through OPEN IoT SAFE infrastructure.
This provides the device with the same kind of tamper-resistant protection as the storage of authentication credentials used at the network level. It also secures data communications at the packet level and, as Energy Web operates in a blockchain environment, the solution offers a decentralised approach to device-level security.
The result
This opportunity, created through the partnership of Kigen and KORE and used by Energy Web, is a means by which an enterprise can essentially own the SIM card. Before eSIM and integrated SIM (iSIM), SIM cards were removable and treated primarily as property of the mobile network operator (MNO) distributing the SIM connected to its network.
Now it’s an open platform that allows the organisation delivering the use case to own the SIM for its purposes. Specifically, in the case of Energy Web, OPEN IoT SAFE enables an enterprise – a third party – to store its credentials and own the encryption key, which genuinely makes this a multi-tenant solution.
OPEN IoT SAFE initiates a secure channel, based upon (datagram) transport layer security ((D) TLS), using credentials – a private key – stored in the OPEN IoT SAFE applet to sign as part of the handshake. Then, once the secure channel is established, Kigen also plays an additional role in authenticating transactions by signing them with its private key, held in IoT SAFE, and sharing Kigen-signed transactions back to the validation nodes for verification.
Organisations using Energy Web’s technology can build their applications via the world’s first open-source technology stack focused explicitly on the energy transition towards efficiency and renewables. This enables the ability to provide information to third-party IoT providers via a SIM card which in-builds device-level security and can authenticate data for a user’s cloud service.
Securely communicating data at the packet level and authenticating transactional data flowing through the secure channel is a significant step toward creating end-to-end security.
Comment on this article below or via Twitter: @IoTNow_
