Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Proof of Authenticity of General IoT Informatio...

Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain

The slides I used at my paper presentation on September 30, 2025, at IEEE Region 10 Humanitarian Technology Conference (HTC) 2025, held at Chiba University of Commerce, Japan.

Avatar for Kenji Saito

Kenji Saito PRO

September 30, 2025
Tweet

More Decks by Kenji Saito

Other Decks in Technology

Transcript

  1. Generated by Stable Image Ultra Proof of Authenticity of General

    IoT Information with Tamper-Evident Sensors and Blockchain Kenji Saito Graduate School of Business and Finance, Waseda University Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.1/17
  2. Motivation & Problem IoT data often traverse untrusted services; integrity

    may be lost Humanitarian context: disasters, unstable networks, life-critical decisions Goal: Verify content, origin, time, and location of sensor/actuator data even under data loss and untrusted intermediaries Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.2/17
  3. Background: Blockchain Original goal: a remittance system that cannot be

    censored by anyone The requirement can be broken down into the following four properties: 1) Self-sovereignty — Users can participate in the system only at their own will without requiring permissions from others 2) Censorship resistance in the narrow sense — Recordings directed by the user cannot be stopped by the will of anyone else 3) Fault Tolerance — Recordings directed by the user will not be stopped by a system breakdown or failure. 4) Tamper-resistance — Records cannot be deleted or changed later, and records that were not there in the past cannot be falsified Henceforth we will assume that blockchains to be used in our proposal satisfy these properties (because existing blockchain systems have problems) Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.3/17
  4. Design Principles Tamper-evident devices digitally sign readouts Tamper-evident devices alone

    cannot protect past data (public key revoked) Timestamped evidence is required Evidence linked via redundant hash chains (a-past linkage) Cost-efficient anchoring: aggregate digests into Merkle trees; commit only the root to an evidence service Separation of roles: service vs. independent “blockchain” evidence service Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.4/17
  5. Merkle Proof and Cost Reduction Many evidences → one Merkle

    root on-chain Verifier reproduces the root from a leaf using provided siblings On-chain contract stores the root and block number Gas fee is minimized Actual time is estimated from the block # evidence 1 digest digest digest digest digest digest digest duplicate in case of odd number record can retrieve information Colored items are information disclosed to parties requiring certification Merkle root Merkle tree digest digest digest digest digest digest (Ethereum) blockchain … evidence 2 evidence 3 evidence 4 evidence n public information private information Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.5/17
  6. Digest-Anchor Smart Contract (Excerpt) Minimal interface store(), isStored(), getStored() Saves

    block number for each digest (proof-of-existence) contract BBcAnchor { mapping ( uint256 => u i n t ) public _digests ; constructor ( ) public { } function getStored ( uint256 digest ) public view returns ( u i n t block_no ) { return ( _digests [ digest ] ) ; } function isStored ( uint256 digest ) public view returns ( bool isStored ) { return ( _digests [ digest ] > 0 ) ; } function store ( uint256 digest ) public returns ( bool isAlreadyStored ) { bool isRes = _digests [ digest ] > 0; i f ( ! isRes ) { _digests [ digest ] = block . number ; } return ( isRes ) ; } } Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.6/17
  7. System Overview: Atomic Action On request, device returns signed readout

    to service and commits evidence to blockchain evidence service atomically If the action fails, absence is observable; otherwise evidence matches readouts (failure of the atomic action can be recovered through this proposal) Service User Sensor/Actuator Blockchain Service Environment threat : loss of integrity (false information may be reported to users) (including other services) records are not controlled by the services or blockchain itself atomic action allows verification of authenticity (tamper-evident) Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.7/17
  8. Sensor Data Structure & Witness Readout = data body +

    witness w/ <random, search-key> Witness section: public key and signature For stream data, periodically placed Public key identifies device selective disclosure is possible digital signature digital signature digest evidence digest digest public key algorithm public key algorithm search key readout sporadic data example final digest of readout stream data example sensor data data body a-past digest previous digest location sensor data time random number witness section Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.8/17
  9. Redundant Digest Chaining (a-past) Each readout links to previous and

    a-past readout ⇒ sparse DAG Tolerates up to a − 1 consecutive losses; verify via nearest reachable checkpoint witness checkpoint readout general readout evidence blockchain service witness * To verify authenticity of a readout in a stream: 1) Find the nearest checkpoint that reaches the readout in question in the directed acyclic graph. 2) Verify the evidence of the checkpoint. data data data data data digests Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.9/17
  10. Simulation Setup 10,000 readouts; loss probability p ∈ [0, 0.5]

    Checkpoint every s readouts; links to prev and a-past Verifiable if reachable from a checkpoint through available digest chain Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.10/17
  11. Results: Signature Interval s (a = 10) Smaller s (frequent

    checkpoints) ⇒ higher verifiability Trade-off: signature cost vs. weakness 0 10 20 30 40 50 0 20 40 60 80 100 Data Loss Rate (%) Verifiability (%) s=1 s=2 s=4 s=8 s=16 s=32 s=64 Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.11/17
  12. Results: a-past Offset a (s = 100) a = 1

    behaves like singly linked list (fragile) a = 3 ∼ 10 dramatically improves loss tolerance 0 10 20 30 40 50 0 20 40 60 80 100 Data Loss Rate (%) Verifiability (%) a=10 a=9 a=8 a=7 a=6 a=5 a=4 a=3 a=2 a=1 Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.12/17
  13. Saturation for Large a (s = 100) Diminishing returns beyond

    ≈ 10 Practical recommendation: moderate a (3∼10) 0 10 20 30 40 50 0 20 40 60 80 100 Data Loss Rate (%) Verifiability (%) a=50 a=40 a=30 a=20 a=10 Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.13/17
  14. Contributions General method for tamper-evident IoT logging with atomic action

    Tamper-evident devices alone cannot protect past data (public key revoked) Cost-efficient blockchain anchoring via Merkle aggregation Although this is a well-known practice a-past redundant chaining robust to bursty losses; checkpoints for streaming Applicable to humanitarian deployments (disaster response, low-infra regions) Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.14/17
  15. Discussion & Limitations Assumes tamper-evident hardware (e.g., PUF-based identity) Anchoring

    frequency vs. gas-fee trade-offs; batching policy matters Adaptive a and s can react to changing loss profiles a and s need not to be constant Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.15/17
  16. Related Work (Positioning) Signature amortization chains (efficient but sensitive to

    missing events) Blockchain-based mobile IoT logging (reliable if uninterrupted) PUF-enabled continuous auth (assumes stable comms) Ours: explicitly handles unintentional data loss with sparse DAG links Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.16/17
  17. Conclusion Verifiable IoT data under untrusted services and losses Moderate

    redundancy (a = 3 ∼ 10) + reasonable s works well Next: adaptive policies; field trials in humanitarian scenarios Code/Example: https://github.com/beyond-blockchain/bbc2-examples/tree/develop/file-recorder This demonstrates how we can provide proof of authenticity of general files with fault-tolerant backchaining Dropping a file into the designated directory automatically generates its proof of existence (requires BBc-2) Proof of Authenticity of General IoT Information with Tamper-Evident Sensors and Blockchain — IEEE R10 HTC 2025 – p.17/17