On 30 September 2020, public distributed LEDGER (DLT) IOTA announced the launch of IOTA Access, an open-source framework that builds access control systems. An example is a car owner’s ability to enable someone to access and use their car remotely. IOTA Access isn’t limited to vehicles, it works with any IoT resource, such as embedded sensors or smart locks. Regarding smart vehicles, IOTA has previously worked with Jaguar Land Rover on an IoT smart wallet project, which is a partner on this project, alongside STMicroelectronics, NTT DATA Romania, RIDDLE&CODE, and numerous others.
IOTA Access aims to securely control smart devices, granting and revoking access to the devices anytime and anywhere. It allows users to specify conditions for granting access.
Business owners using IOTA Access can charge users for access to their resources, also with enforceable conditions. Every interaction between the digital devices will be registered and secured immutably on the Tangle, notably not a blockchain. The Tangle is a directed acyclic graph, which IOTA claims is a faster and cheaper alternative to blockchains. An added advantage for something like office building access is there is an audit log of all usage, permission changes and payments.
One of the questions is why a decentralized system is required? Firstly there’s the concept of a single point of failure. If there was a centralized database that goes offline, people could get locked out of cars or worse. By having numerous nodes with the same data, a DLT provides redundancy.
Secondly, it means there is no honeypot for hackers to target. If someone wanted to steal a car and knew the car manufacturer had a centralized database, they could hack the database to alter data and give themselves access to many cars. Data stored on DLT is much harder to change because of the many nodes that store copies.
Porsche has also explored using blockchain for remote car access.
IOTA security track record
However secure a DLT might be, the security weak points will more likely be in the communication with the DLT or the apps that can control the access. The nature of IOTA Access has security at its core.
But that’s not an area that IOTA has a strong track record. However, the involvement of numerous other organizations could be a huge help here.
In early 2020, IOTA had to halt part of its network to investigate thefts in the Trinity Wallet, the main IOTA wallet released by the IOTA Foundation. Even before the thefts, IOTA had serious security vulnerabilities although they were subsequently rectified. Trinity Wallet has since been subject to three security audits. While this time, the vulnerabilities were in the wallet app rather than the DLT, security will nevertheless be a prominent discussion point in IOTA Access.
We hope to be able to update this with more details later.
