Our Technology

Home / Our Technology

Blockchain & Open APIs

Being a new company, you might assume ClimateOrb would face difficulties when attempting to build up a respected reputation for providing certified and high quality data. This problem is overcome through our use of blockchain. Blockchain solves, security, safety and transparency issues. Not only does the hash and algorithm system make the data unhackable, but because each block contains archived metadata, it is impossible to manipulate any previously collected data. This means our data will be 100% reliable, for governments, businesses and individuals to utilise.

All the Data from the IoT Kit is put on the blockchain based cloud server, ( Endereum) across each user and device profile. The Cloud Based Data is then used to gain insights into localised air pollution levels and environmental indicators. In this way each user has ownership of their own data. Users will be rewarded for sharing the data their devices have collected so that it can contribute to the wider database. By creating a platform where users are incentivised to share their ClimateData, we can engage more individuals in the fight against air pollution. We want to empower a network of Citizen Scientists. This data will also help us in improving our machine learning models to power our next generation of ClimateOrb devices.

Data sharing rewards will come in the form of utility tokens, which will have the potential to create and support a campaign related to Climate Action on the ClimateOrb Platform or create a discount for eco-friendly, locally sourced products.

IoT Ecosystem

Embedded computing devices are increasingly integrated into objects and environments surrounding us. These devices utilize low-cost sensors for measuring environmental data for computing various parameters as IAQ, IEQ etc. The typical system structure of the IoT involves three tiers:
I. Low-power IoT devices
II. A potential gateway that interconnects IoT devices with the Internet
III. The backend where IoT data is stored IoT devices

IoT devices are typically equipped with resources in the order of few MHz of CPU, few 10s of KB of RAM, and few 100s of KB of ROM. Additionally, they can embed low-power hardware crypto accelerators, enabling a new class of secure applications. However, conventional security solutions for the IoT still utilize pre- shared symmetric keys for the secure communication.

Blockchain

ClimateOrb uses Ethereum Sidechain to timestamp the data blocks stored on the IPFS Network using multiple smart contracts to track various ClimateOrb products. PoA (Proof of Authority) Consensus Protocol will be utilized in the preliminary stages until the final ClimateOrb Chain is developed whose core features include lightweight, compatible with IoT devices and microcontrollers, private key generation and light node with transaction signing capabilities.

Proposed Architecture

ClimateOrb platform aims to create control and data level for the IoT distributed storage system. The control level involves Blockchain based authentication for the control of encryption private keys. This also takes care of access control to store access permissions securely. Access rights are granted per data stream and the data owner can revoke the sharing of a data stream. Initially, the data owner issues a transaction including the stream identifier (i.e., hash digest). To share the data stream with a service, the data owner issues a new transaction for the specific Smart Contract which holds:
1. The stream identifier
2. The public key address of the service

For any request to retrieve data, the storage node first checks the blockchain for access rights. In this case, a malicious storage node could hand out data without permission, However, the impact of this action is limited since:
a. Data is encrypted
b. in the case of DHT, each IPFS node holds a small random fraction of a data stream.
Moreover, economic incentives (i.e., collateral and reward) should encourage storage nodes to follow the protocol correctly.

The data level takes care of storing time-series data by storing data chunks which compose several consecutive data records, instead of storing individual data records. One specific data stream would be split into data chunks which are cryptographically chained together (i.e., each chunk holds a hash pointer to the previous chunk). Although chunking data prevents random access at the record level, there is a positive gain on the performance of data retrieval since in time-series data most queries require data that is co-located in time (e.g., all records of one day).

This way, the data itself is stored off-chain and only its identifier (i.e., hash pointer) is included in the blockchain, ensuring data immutability. Since adding an identifier for each chunk to the blockchain would not scale, our system adds only data chunks at given intervals into the blockchain. Due to the fact that all chunks are cryptographically chained together, all chunks that are between two intervals without their identifier in the blockchain become immutable too. The interval-time corresponds to the maximum time chunks needed to become immutable. It is tuned and defined by the application logic for serving the Global APIs.

Each data chunk is encrypted at the source with an efficient symmetric cipher. We rely on AES-GCM, as an authenticated encryption scheme. Our chunks have a plaintext field containing the key value of the chunk and the encrypted compressed data records. With authenticated encryption, both fields are integrity protected and authenticated. Additionally, to ensure data ownership, for instance towards the storage layer, each chunk is signed. This allows parties without access to the stream key to still be able to verify the owner of the datastream, albeit at a higher computation cost. Each chunk contains the unencrypted stream identifier linking it to the corresponding access control transactions.

IoT data is highly compressible due to high correlation in time. Hence, the platform compresses the data chunks before encryption. This reduces bandwidth and storage requirements significantly.

The platform integrates distributed data storage layer, however the design is agnostic of the storage layer. Hence, on-premise storage and storage on cloud services are compatible with the system.The IoT gateway serves as an intermediate storage node at the front of the storage layer. The IoT Device can push the chunks in a FIFO principle into the storage layer to maintain a reasonable local storage size.

For an adversary to alter access permissions in the blockchain it requires forging a digital signature or gaining control over the majority of the computing power in the blockchain network. The former is prevented with the security of signatures and the latter with the consensus protocol in the blockchain and its decentralized nature. Moreover, the adversary is not capable of learning sensitive information from the public blockchain, since only pseudo-identities and stream identifiers are stored there. Data Chunks are encrypted, integrity protected, and authenticated. An adversary with access to encryption keys cannot alter stored chunks, as it requires gaining access to the public-private key pair of the data owner. Even in case the owner’s key is exposed, chunks cannot be modified due to the blockchain immutability, except for chunks in the current interval.