As Karim Attia steered his yacht, Serenity, from its slot in Barcelona’s historic Port Vell on Wednesday evening, two small onboard sensors dutifully recorded the temperature, humidity, and air pressure from around the vessel. Then, every two minutes, they logged that information in the Bitcoin blockchain, creating a permanent and unimpeachable record of the journey.
By the time the sun had set and Serenity slid back into her slot, the sensors had made 507 entries to the blockchain that would be virtually impossible for anyone else to change. If any of the passengers were to dispute the details of the trip, or if the coast guard were to investigate the vessel following an accident, the blockchain would reflect the true story.
Attia is a seed investor in a startup called ubirch, which developed the open-source software that captured the data from his yacht and entered it into the blockchain earlier this week. By doing so, the company created a record that, at least in theory, can never be edited or erased.
Increasingly, blockchains are being used in ways that have little to do with Bitcoin, and a lot more to do with embedding data for other purposes. One such application is the growing need to manage the deluge of data created by the connected sensors, gadgets, and appliances loosely defined as the Internet of Things.
In a nutshell, Ubirch wants to leverage the Bitcoin blockchain to secure all that data; to show how this would work, Attia lent his yacht and sailing skills to ubirch's founders for an onboard demo during Mobile World Congress.
There’s one important feature of the blockchain that makes this whole idea possible. Whenever someone makes a Bitcoin transaction, they can also attach a small amount—up to 40 bytes—of data to each entry, through a function known as OP_RETURN. Using that function, ubirch can store data on behalf of its clients.
To immortalize information in this way, ubirch must first make a small payment in order to initiate a Bitcoin transaction for each event it wishes to log. In the company’s model, that payment becomes less about Bitcoin itself and more about compensating miners, who are the custodians of the blockchain, for the services they provide in adding new entries and verifying the information within the updates.
Obviously, even the small amounts of money paid to embed data in the blockchain can add up. To reduce the cost for clients, ubirch actually records data in two steps. First, it adds every single data point from its clients’ sensors to the company’s own private blockchain. Then, it collects these data points into bunches, and adds these bunches to the Bitcoin blockchain every 10 minutes or so. Whenever ubirch adds a bunch of new data to the blockchain, it receives a hash (a string of numbers) that it can use to look up the entry to see how many miners have confirmed the transaction. This code is also good for verifying that the data has not been changed.
In order to pull all of this off, ubirch developed a program capable of: taking data points from sensors and translate that data into hashes for the ledger of its private blockchain and combining several of those hashes into entries in the Bitcoin blockchain. The upshot, says the company, is that this approach means clients pay only fractions of a penny for each data point logged by their sensors, instead of the full cost of a Bitcoin transaction.
Ubirch’s system can capture information from IoT sensors attached to pretty much anything a person may want to monitor. Aboard Serenity, two sensors recorded humidity, temperature, and air pressure, and reported the data once every two minutes.
Photo: Amy Nordrum
One sensor (yellow on the chart) sent data from the motor room just beneath the stairs that descend to the cabin; the other (green) one transmitted from on deck near the cockpit, in the open well where passengers can recline with a glass of wine.
As the yacht set sail, the temperature on deck dropped and the temperature in the motor room rose, as one might expect. Both sensors transmitted their data to ubirch over GSM, an early cellular and satellite network with reliable global coverage.
In addition to logging data to the blockchain, ubirch’s software also uses public-private encryption to verify that data has come from a specific sensor, and to protect the data as it travels to ubirch. Each sensor has its own private key, based on a mathematical formula, that it uses to encrypt the data it sends—which can then be decrypted using a public key it has previously shared with ubirch.
These security measures require the sensor itself to have an encryption layer. Ubirch provides this layer in its own sensors and can also apply it to most off-the-shelf sensors. (It prefers those models with an ARM Cortex-M0 processor or better.) Within that layer, the company uses a specific type of public-private encryption known as elliptic curve cryptography, which relies on the obscure mathematics of elliptic curves—rather than more common factoring algorithms—to generate 265-bit keys.
Michael Merz, co-founder and chief technology officer, says encryption is a critical step that many IoT manufacturers simply ignore, or sidestep with features such as firewalls that defend the network or device rather than keep the actual data secure. “It’s not the question to protect the device—the question is protecting the data against misuse and manipulation,” he says.
Stephan Noller, ubirch’s founder and CEO, says other startups are also using the ability to embed data on the blockchain as a business model, but they do not offer encryption of the data itself. “If the sensor itself is not secure, logging it into the blockchain is pointless because that information is not secure,” he says.
Though ubirch has worked with only a few clients thus far, ubirch’s founders have no shortage of ideas for how their technology might be used. The sweet spot seems to be cases where financial decisions are made based on specific data, and both the payer and recipient must agree that the data is valid.
Merz says an insurance company could base a customer’s car insurance payments on sensors that record driving habits. With ubirch’s system, both parties could be confident that the record is accurate. In fact, one of the startup’s first clients was an insurance company that wanted to place temperature sensors on electrical boxes, to record malfunctions that may lead to building fires.
For now, ubirch has 10 employees based in Cologne and Berlin, Germany. The company has raised between $400,000 and $500,000 in its first seed round, and is considering pursuing another seed round to boost it to a total of $1 million.
Attia, the seed investor and yacht owner, is enthusiastic about the company’s prospects. “IoT is happening everywhere, but the focus on security is the differentiator from everyone else,” he says.
Noller knows the importance of that security from personal experience. He had always enjoyed connecting items in his home to the Internet until, one day, a hacker infiltrated his system and turned off all the lights, closed the shades, and disabled the fire alarm. The hacker even shut off the heat to a warming unit for the family’s pet rabbit. “That puts the security risk very much in front of you,” he says.