IoT Anti-Counterfeit

Introduction

With the advent of 5G, the number of UICC-based IoT devices is going to explode.  A large variety of devices will be IoT enabled and the assimilation of it into our daily life will be inevitable. Be it supplier, manufacturer, retailer, or consumer; to guard against counterfeit IoT devices infiltrating their network is of utmost importance.

The vision of this article is to discuss the use of a decentralized system with blockchain and IoT to help all parties in the supply chain and the consumers to detect counterfeits, prevent unauthorized action on the IoT device, and provide visibility and an undisputable trace of the IoT provenance data. No central authority or repository is required to authenticate the information.  The mission is to set up a decentralized network using blockchain technology that is capable of monitoring each IoT device (which can be a manufacturing part or sellable goods) registered in the network from its origin to the hands of the consumer and beyond. 

Each IoT device needs to be equipped with GNSS (such as a SIM card) capabilities and will report its location to the network at a regular interval.  The network will record each update and store the information in the blockchain or decentralized storage.  A user on the front end can then be built to help register and visualize the provenance data of each device.  The system is positioned as a “Source of Truth” to serve suppliers, manufacturers, retailers, and consumers worldwide to find out the genuineness of manufacturing parts or sellable goods. 

Suppliers and manufacturers will be allowed to register IoT devices onto the network and the system will continuously keep track of the whereabouts of the devices.  A one-time registration fee can be considered for each registered device to cater to the usage of block-chain and maintenance of the whole system. 

The following is a high-level diagram of the intended system flow between different components:

As depicted in the above diagram, any retailer for IoT devices can extract the SOT (Source-of-truth) ID pre-registered by the manufacturer in the SOT platform.  The SOT ID listed can be used by the consumer to authenticate the genuineness of the device manufacture, location, and owner to avoid purchasing counterfeit or pilferage products online.

The following is a high-level architecture of the core components of the proposed system:

Blockchain

Blockchain implementations with Smart Contract are required to allow for the registration of individual IoT devices.  However, as transactions are normally charged within a blockchain, images or subsequent updates of IoT locations and owners should be carried out outside the blockchain to make the model much more economical for widespread use.  Storage systems such as IPFS are very suitable for such use cases.

Smart Contract

This is the key component for storing the IoT registrations into the blockchain.  Smart contracts permit trusted transactions and agreements to be carried out among disparate, anonymous parties without the need for a central authority, legal system, or external enforcement mechanism.  The use of Smart Contract helps to enforce the genuineness of the information stored which serves as the heart of the whole solution.

IPFS

IPFS stands for InterPlanetary File System and is a lot more economical than storing information directly onto a blockchain.  Key information of the IoT registration will have to be recorded as a transaction in the blockchain but additional information can be stored in IPFS to avoid the excessive charge.  IPFS is a peer-to-peer storage system and is very suitable for distributed use:

This system makes the information stored close to the edge of where the IoT device and the requesters are located, making the communication very efficient.  However, as most IoT devices are relatively simple and low-powered, connecting directly from the IoT device to IPFS is not recommendable.  A mediator is required to communicate with the IoT device with a simple communication protocol while serving requests to other IPFS clients.  One of the appropriate mediators will be an MQTT Broker.

MQTT Broker

MQTT stands for Message Queuing Telemetry Transport and is a very lightweight communication protocol suitable for IoT device use.  The MQTT broker can serve as a mediator between the IoT device and the IPFS Network.  While talking to the IoT devices with a lightweight communication protocol, the broker will send the information collected from the IoT devices to the IPFS network for sharing.  In addition, every IoT device registered into the blockchain system will also be registered into the MQTT broker to secure the authenticity of the IoT device.

DApp

The key component bridging the blockchain system and IPFS is a distributed application (DApp) that creates transactions into a blockchain using Smart Contracts.  Manufacturers of IoT devices and register the device into the blockchain system using DApp.  Multiple programming languages provide libraries to support Smart Contract manipulations and can be easily embedded into websites or mobile apps.  This application will provide a registration function to the system and pass the registered information to the MQTT Broker for updates.  In addition, this application can also serve consumer requests for IoT genuineness by accessing the information stored in IPFS.

Summary

As the pace of IoT devices is expanding exponentially over the next few years, systematic approaches are required to protect consumers from purchasing counterfeit products online.  This article has outlined one of the approaches that can help improve the genuineness of online purchases with the key technologies required that are already available and implementable today.