IOTA Smart Lock — Proof of Concept
The full article was originally published by Stefano Della Valle on Medium. Read the full article here.
Exploring the idea behind our upcoming new innovative solution
Note: this is a translation of a post that was published on LinkedIn in italian a few months ago. A prototype has been realized since then, we will soon release additional information about this solution.
Opening a lock is a very common action, and nowadays we perform it many times everyday without realizing how complex it is on many layers.
In time, locks and keys have become more and more sophisticated, especially in the digital era with electronic locks and digital keys.
The “hidden” function of keys
We are so used to using keys that we sometimes forget that they have two different functions:
- mechanically or electronically activate the lock;
- granting the right and faculty to use the first function.
The second function seems implicit, but it is not: if I find someone else’s lost key I can physically open its lock, but I don’t have the legal right to do so.
On the other hand, if I have guests in my home, I might give them the house keys, and at the same time I also explicitly give the permission to lock and unlock the door.
Keys can be both strong and weak at the same time
A perfect example of how a key/lock system can be very resilient to breaking but very weak when it comes to verify the usage authorization are “keyless” security systems of modern cars.
These systems work with a central unit in the car which identifies the key thanks to radio encrypted messages. It is impossible to clone the key and create alternative messages to unlock the car.
Just like mechanical keys, whoever holds the key can open the lock, but they don’t necessarily have the authorization to do so.
In addition, with these systems it is also possible to unlock the car even without physically holding the key and without using force: only two people and two transceivers are needed.
The first person follows the car’s owner, while the second person waits beside the car. The two transceiver create a radio bridge between the key and the car: the key receives the signal from the car and it activates. Car and key “think” they are in proximity and exchange information. The car unlocks and security systems are deactivated.
With this example, we can see how hard it is even with digital systems to fight potential unauthorized accesses, and how modern solutions end up creating even more attack opportunities. The real problem though is still the total absence of usage authorization control, which is practically impossible with legacy systems and still not completely solved with digital solutions.
IOTA Smart Lock
The goal of this project is to enable an authorization control process for digital keys, and we aim to accomplish it by separating the two functions of keys which we discussed above.