IoT Needs Holochain
Holochain technology opens new doors for IoT devices in many different ways, it is able to do this because of its in-built flexibility, it is light-weight, its ability to work on or offline, its ability to mesh-network and the biggest thing is its own DNA.
Holochain DNA means that written into this entire infrastructures membrane are some features that no other technology has or or is capable of providing, there is no other technology out there that combines the features of Holochain its biggest role though across any sector or use case is its ability to maintain data integrity.
To say that the data interacting with Holochain is at next level security would also be understatement.
Its entire existence is based on its ability to validate & secure information from two to hundreds of billions of concurrent users and maintain data integrity with unlimited scaling.
This article will cover some recent independent scientific research into Holochain and IoT and also discuss some further use cases particularly when it comes to data protection.
IoT data protection is becoming more and more important as attackers have a growing base of devices to try and steal personal information.
Buckle up, lets do it!
What is Holochain?
Holochain is an open source framework for building fully distributed, peer-to-peer applications.
Holochain is BitTorrent + Git + Cryptographic Signatures + Peer Validation + Gossip.
Holochain apps are versatile, resilient, scalable, and thousands of times more efficient than blockchain (no token or mining required). The purpose of Holochain is to enable humans to interact with each other by mutual-consent to a shared set of rules, without relying on any authority to dictate or unilaterally change those rules. Peer-to-peer interaction means you own and control your data, with no intermediary (e.g., Google, Facebook, Uber) collecting, selling, or losing it.
Data ownership also enables new frontiers of user agency, letting you do more with your data (imagine truly personal A.I., whose purpose is to serve you, rather than the corporation that created it). With the user at the center, composable and customizable applications become possible.
Other ideal uses for Holochain include:
- Social networks
- Supply chains
- Peer-to-peer platform co-ops (e.g., cooperatively owned versions of Uber or Airbnb)
- Rating systems & reputational currencies
- Collective intelligence (e.g., governance, workflow, feedback systems)
- Collaboration (e.g., discussion boards, scheduling, wikis)
With that said you would think that Holochain is very big when in fact it isn’t it is lite-weight and low power which is why its also perfect for IoT.
You may also here about Holo, which is the company that has created Holochain, Holo is a hosting company that allows Holochain applications to be hosted Peer-to-Peer across the globe and is also responsible for the groundbreaking technology that allows these #P2P applications to be accessible via regular web browsers.
What’s the difference or relationship between Holo and Holochain?
A simple way to look at this, especially in relation to IoT is as follows:
Holochain is open source, it can be used by anyone, anywhere for free, it does not need to be hosted by Holo hosting it can be hosted by anyone the publisher decides.
Holo is the bridge that facilitates the Holochain applications being able to operate through regular web browsers. This hosting network by Holo is 100 percent peer to peer, there is no data centers in use it is all individual people across the globe using dedicated HoloPorts or the Holo Operating System installed on their devices to host sharded pieces of data.
Peers are paid by publishers in Holo’s internal currency which is named HoloFuel.
To get a better or further understanding of the relationship between Holo and Holochain please take some time to read an article I penned a while back which explains the difference in the two in-depth.
What is IoT?
The Internet of Things (IoT) is billions of physical devices around the world that are now connected to the internet, all collecting and sharing data and sending data to computing environments in the cloud.
There isn’t a single set of standards for IoT. However, there are a number of common Protocols, Transports and Frameworks.
Any device or physical object can be transformed into an IoT device if it can be connected to the internet to be controlled or communicate information.
Industrial IoT (IIoT) refers to the application of IoT technology in industrial settings, especially with respect to instrumentation and control of sensors and devices that engage cloud technologies.
Not going to spend too much time delving into what IoT is or can be used for there is a small list below which includes IoT and IIoT, really the list is endless.
low-power sensor technology
Smart Energy Grids
Smart Digital Supply Chains
Where Does Holochain Fit In?
The short answer to that is, everywhere.
Because Holochain is as I described in the beginning is an architecture that is built for maintaining data integrity. And every connected device needs to send and receive data.
I will go into actual use cases a little later but to give you an example a recent as early March 2021 independent computers scientists conducted a study on Holochain for its use in maintaining data integrity in the Health Care sector.
I will break down some of their findings a little later but to highlight the advantages of Holochain in IoT and IIoT let me quote this;
“The performance and thorough security analyses demonstrate that
a holochain based IoT healthcare system is significantly better
compared to blockchain and other existing systems.”
Note I have highlighted the last four words, it has been found by these scientists to be better than any existing technology, that's kind of a big deal.
This is not the only independent study of Holochain for IoT there was also one in late 2020 conducted by a collaboration of 4 Middle Eastern Universities and a British one to highlight the advantages of Holochain in IoT for maintaining Log Preservation Files.
You see again, it always comes back to maintaining data integrity and this is Holochain’s bread and butter and also why Holochain enables GDPR requirements to be met and exceeded.
Holochain IoT in Healthcare
I will summarize and quote some pertinent points in the above linked research article for use of Holochain in IoT.
IoT based healthcare technologies offer numerous advantages including constant patient monitoring at a low cost, less error and significant saving in time. It also enables authorized doctors, staff and other technicians to access patient information online and real-time which improves the efficiency of the service significantly.
IoT devices are lightweight and resource-constrained with limited memory,
low computation power, and limited energy supply and this is what makes Holochain attractive to IoT, it is a very lightweight technology but still powerful enough to maintain data integrity and serve the correct information to those who need to access it whilst providing a robust defense against any attacks through its DHT consensus and validation rules.
It uses peer validation (Other devices on each particular network), gossip and cryptographic signatures.
Vulnerabilities and Threats facing IoT in Healthcare
Cyber-attacks on Health care devices can have devastating effects and even cause loss of life. An attacker with access to medical imagery data could alter the results of a CT scan, interfere with a patients pacemaker or remove or insert medical evidence which would then not only affect the patient but the doctors involved the patients family, cause legal action and disrupt entire hospitals or clinics.
“The real risk is that a hacker could potentially take over the communication to the medical device; switch it off, make it malfunction, or falsify the information that is sent to the doctor. Researchers have also shown that it is possible to do something called a battery-draining attack on a pacemaker implant. Many recent cyber-attacks have shut down hospitals/healthcare
systems and caused deaths. In 2017, the global ransomware attack, WannaCry, took hold across multiple continents and inflected over 600 organizations including 34 hospital trusts in the UK that were locked out of their digital systems and medical devices, such as MRI scanners . WannaCry impacted patient care directly, costing the organization £92m
($116.4m) and leading to 19, 000 cancelled appointments. These examples are just a sample of how AI can automate the manipulation of medical datasets, expanding a cyber attack’s impact through health and biotech industries.”
Why Blockchain is Not Suitable for IoT
Over the years there have been many attempts by blockchain to infiltrate the healthcare sector going back as far as 2017. Blockchain is ideal for storing of records, maintaining a ledger of events in the form of hashes and keeping an immutable record of events.
But as far as running an IoT device for healthcare blockchain struggles due to its own inherent design that requires complex and time consuming validation, the need for global or partially global consensus and its use of smart contracts and its inability to scale efficiently.
Smart contracts as the recent Decentralized Finance (Defi) boom has show are far from safe or immutable in some instances. There has been many hacks, thefts, alterations and other external manipulations that have resulted in hundreds of millions of dollars stolen.
If a smart contract is hacked or exploited in health care there could be devastating affects.
“Despite the above-mentioned benefits of blockchain, there are a number of challenges that make the blockchain-based system mostly impractical for large-scale deployment. As mentioned before, the complexity and resource requirements (both in terms of storage, processing and communications)
increase rapidly with the increased IoT network size as the hash length of blockchain will grow with more transactions. Every new entity involved will need relatively larger memory space to store a longer hash. This will also inevitably require much more spectrum/bandwidth for distributed authentication.
This is particularly challenging for healthcare systems as many of entities in the network are envisaged to be operating on energy and resource constraints. Therefore, a lightweight solution is of paramount need in order to enable a practically implementable secure IoT healthcare system.”
Holochain IoT in Health Care
There are several areas in which Holochain is ideal for IoT in health care and rather than going into detail with all of them I will outline them and provide a brief summary of the benefits.
The research article offers a comparison and the reasons why Holochain is more suitable than blockchain but rather than demonstrate why they are saying this or trying to regurgitate the entire article I think its more important to look at the reasons for using Holochain in IoT regardless of any blockchain differences.
Holochain is a superior technology that stands on its own and doesn’t need constant justification, more so with Holochain it is a case of education as once people understand its capabilities it is very apparent how game changing this technology actually is.
You can read for yourself in the article the reasons why but below are the 8 different areas the scientists have highlighted and gone into detail about.
As you can see all of these things make up a perfect case for the adoption of Holochain into IoT regardless of the industry, these features still exist and will apply.
Reduced Network Traffic
Low-Complexity Transaction Validation
Efficient Consensus Mechanism
Communication Resource Efficiency
Operating Time and Memory Efficiency
Efficiency in Large-Scale Networks
Better Protection Against Consensus Based Attacks
Summary of article
The article as mentioned after a review by Paul d’Aoust from Holochain did have some errors although none of those errors affected the entire premise of the article nor the facts about Holochain be a superior alternative to not only blockchain in IoT but any other current technology.
For the record the errors were one being the mention of the use of a “Holochain currency”, Holochain doesn’t have a currency, it is free and open source for anyone to use without needing any digital currency.
HoloFuel is the digital currency for Holo hosting as I mentioned above.
The article also seems to reference every “Agent” as being a node when it came to the cloud. With the Holo hosting cloud an agent doesn’t need to be a full node (participating in hosting) it can simply be an end user or agent who has their own source chain in the DHT. The same as I could log into Facebook I don’t need to be hosting it.
That said you can be a Holo Host and be a node & a user in fact Holochain is so lightweight you could host be a Facebook on your phone and run a full node.
Paul went on to say “in our new DHT implementation — in development right now — agents will be able to choose how much of DHT to replicate according to their means, so IoT nodes could even just be responsible for their own source chains and nothing else. “
Holochain in Iot Log Preservation
In late 2020 a group of computer scientists from 4 different universities reviewed Holochain for use in IoT log preservation;
Department of Computer Science, COMSATS University Islamabad, Islamabad Campus, Islamabad 45000, Pakistan
Department of Computer Science, College of Computer and Information Sciences, King Saud University, Riyadh 11633, Saudi Arabia
Warwick Manufacturing Group, University of Warwick, Coventry CV4 7AL, UK
Department of Information Technology, The University of Haripur, Haripur 22620, Pakistan
It is important to note that this study was conducted before Holochain released the latest Holochain RSM version, there is a considerable difference between the two with RSM being much faster as the graph in the image above shows.
The article addresses the problem of edge computing and FOG enabled edge computing and the maintaining of integrity of and preserving the smart environment logs connected to cloud storage.
This is found to be challenging due to the black-box nature and the multi-tenant cloud models which can pervade log secrecy and privacy. The existing work for log secrecy and confidentiality depends on cloud-assisted
models, but these models are prone to multi-stakeholder collusion problems.
For a forensic data collection, an edge cloud environment must be taken into account for possible security risks, such as log leakage or forensic data removal. Unlike traditional cloud infrastructure, the edge-cloud services are supported using fog nodes. Security monitoring is inadequate with edge nodes delivering services because they are locally isolated from the cloud This geographical division of management is the main target of malicious users or attackers. Moreover, the log data of edge nodes cannot be securely stored and maintained at cloud storage. Furthermore, several manipulated log data can be entered, and log removal may be performed to prevent forensic investigators for the reincarnation of crime scenarios using the logs.
Once again the focus here is on data integrity and how Holochain can ensure log integrity and improve the security of edge computing.
This is in a way ironic as Holo hosting is as we have discussed is peer to peer cloud hosting of Holochain applications and stands to be in direct competition to the “edge” cloud, so to have the Holochain architecture used to secure the current centralized cloud again speaks volumes for its scope and versatility.
This doesn’t mean that other cloud services cannot use Holochain for these suggested purposes, as we try and point out as often as possible, Holochain is free, its open source anyone can use it, it doesn’t require Holo hosting.
Some may say well how is that good for Holo hosting? The answer is it is very good, in fact its perfect. If Holochain is used as an application framework by centralized companies especially if it used in a viral way to protect previously unprotected data like these examples in IoT then this awakening will flow onto Holo hosting as application creators/publishers will realize not only the innovation of Holochain but its ability to secure data and maintain their end users rights to privacy and the right to be forgotten.
Getting back to the topic of Holochain in IoT, I will list below some of the findings from the study in various areas, again I will not regurgitate the entire article but share with you some important findings.
What I find really interesting about this article is unlike the previous one where there was some defenses already in place this particular one highlights that their research concludes that there currently isn’t any protections in place.
This means that as a new technology Holochain has been discovered as a means to plug a leak where previously there was no plug at all.
This in itself highlights the innovation of the technology and I am sure that when alpha testing is complete we will see Holochain starting to be implemented across the globe for IoT once word gets out of its existence.
I find this proposition even more exciting than a use case in Health care simply because Holochain can do something that no other technology currently can.
The paper states;
Cloud-connected IoT edge nodes are fragile on security management as they are geographically distributed from the cloud, which makes it easy for an adversary to launch an attack and remove the logs. Moreover, edge nodes are not energy efficient and have potential problems for continuous
log collection and preservation.
For instance, malicious users, attackers, edge-nodes, and the attacks of the rogue gateway and the rogue data center may be disguised as regular fogs between the data center and the users. In May 2018, an IoT system with routers, surveillance cameras, and digital video recorders was disabled for four days after an attempt was made to hinder the service.
There are many intrusion attempts at these service endpoints and the processing of forensic data are critical for ensuring the protection of endpoints and for resolving protection accidents.
As you can see from the above article showing existing models for security and validity there is a common thread, a lack of data integrity.
Much like the previous article about Holochain there is a list of performance or descriptions of how these scientists would improve the security and data integrity of edge computing, they are as follows;
Provenance of PPL (past performance logs or proof of past logs)
Holochain is introduced at the 2nd layer which is the log preservation layer.
“The importance of preserving digital information is to make sure that none of the malicious entity can perform modification and tempering to digital assets generated by layer one. In this layer, the aforementioned objective is achieved by preserving the integrity of logs and generating secure PPLs that builds resistance to tempering and provides log verifiability as well. This layer provides crucial safeguarding mechanisms to ensure log integrity, temper resistance, log verifiability, and provenance.
To ensure all the aforesaid security requirements, the proposed architecture PLAF provides a holistic solution that is secure and scalable at once which can easily be executed on a fog node even comprises of a Raspberry-Pi. In layer two, the Data Preservation Module (DPM) is deployed on a fog node controller to perform log preservation via Holochain for secure, scalable, and robust logs preservation. DPM runs beside the CMM and DSM at fog node controller. In layer two, DPM sends the request to fog worker nodes and receives the responses from them. These worker nodes run the instances of Holochain nodes. These Holochain nodes manage the DHTs of log metadata. Following the details about fog worker and controller nodes executing the DPM, module procedures are given.
Data Preservation Module (DPM)
This module governs log data preservation to ensure log integrity, privacy, and peer-to-peer data sharing via Holochain. Holochain used for secure and scalable log preservation schemes which establish the peer-to-peer network communication of all Holochain nodes distributed among fog worker nodes. “
As you can see by the image above the scientists have compared Holochain with other technology and it is the same result, miles in front. This again was the older version of Holochain, before Holochain RSM so I have taken the liberty of adding a likely position if the test was recreated based on the earlier comparison between the two.
There is not really that much further to add from the article that I haven't already covered here.
Summary of Article
I will allow the article to speak for itself and give you the summary from the scientists rather than my version.
Holochain offers an agent-centric and relativistic environment to create the underlying validity of data. Holochain guarantees data integrity for distributed applications by carefully collecting data from the local immutable chain of each fog node. This effectively allows for an update to conventional double accounting with the use of cryptographic signatures as accounts are linked to unchanging chains. Each node manages its local transaction chain in this double-entry accounting system instead
of a global coins leader as in Blockchain.
Holochain does not waste computing power as it is wasted in Blockchain because it is not dependent on some kind of global leader consensus. Moreover, Holochain is not dependent on the references to the proof-of-work, the proof-of-stake, or leading selection algorithms to ensure the data
integrity for peer-to-peer applications.
This means that each balance of a fog worker node is stored on its chain, and when two fog worker nodes are transacted, they only have to test the background of their counter-party to make sure that they have credits. Third-party authorization or consensus is not needed in this case.
Re-reading the above I have realized that although I have conveyed the intended message in relation to both articles about Holochain and IoT I still haven't explained in layman's terms how it would work, this is because you the reader may have varying levels of understand of Holochain DHT applications.
If you don’t have a fairly good understanding I will try and break it down a little here briefly.
Each individual Holochain application is its own DHT and each agent or person or identity within DHT has its own source chain.
For example if I am a medical doctor and I am using a Holochain application developed to manage X-ray images that I can scan and send to other professionals in my field who are using the same Holochain application.
So in this scenario I have my own source chain on the application (This doesn’t mean I am “hosting” the application or that I am a full node) although technically my source chain is also a node it isn’t in a hosting sense. So I want to send the image I just scanned with no patient identifying details to others to share what I have found in this X-ray.
When I have sent the image to populate in the application so others may view it, other random source chains (other approved doctors using this particular application) will see my sent message and through “gossip” begin to validate this message as being authentic, this is where random select peers will view the message, the message header, verify the cryptographic signature I have used and once a certain amount of other agents have seen and verified this message it will posted to the DHT (The application).
This all happens in milliseconds, evidence of that now is Holochains proof of concept application called Elemental Chat where users are sending instant messages that are all validated by other nodes on the network.
So back to my doctors X-ray application what if an attacker was able to see the application and send a fake X-ray or alter or remove a current X-ray to try and alter the doctors findings/studies/opinions for his or her own financial gains?
What would happen is as soon as the attacker sent a message across the application (DHT), random nodes would see an entry and immediately detect it as being incorrect or unlawful according to the application rules. They would all say to each other (all agents/nodes not just the random peers) hey guys, we have a problem here, XXX entry was not cryptographically signed correctly the source code was not from our DHT or application DNA, or someone has attempted to alter our own DHT, so let’s take action.
The nodes will then blacklist this foreign/incorrect entry and it would be told to fork off “literally it would be forked into its own version of the application” which is obviously false and it would do nothing.
At the same time a “Warrant” would be issued by the validating nodes blacklisting this node and informing the required people according to the rules written into the application.
So any further attempts by this bad node would not even reach the application or DHT. This again all happens in milliseconds as the nodes on the network are constantly pinging each other 24/7 going you okay? Yes I am okay, Frank you good? Yeah all good, etc etc
Now apply those same scenarios with IoT devices, they don’t need to be people, it can just be the IoT devices talking to each other, (gossiping) ensuring data integrity of whatever it is they are monitoring and you can see it fits in with or without regular human intervention, AI style.
Holochain as I mentioned above is very very fast and if you remember it is like a torrent, the heavier the workload and more end users, the faster it becomes.
With that said what will also be customizable in Holochain is the number of required agents/nodes to validate entries such as the one I just described.
For example depending on the size of the hApp (Application) and the number of users and the content of the data being sent it may be the case that the publisher decides to lower the number of validating nodes if the entries are for example just like sending a tweet, not too much harm can be done by a tweet, (actually it can but in a different way) so there may be less validating nodes required to verify a sent tweet or message.
Compared to say a finance application or for the purposes of this topic a healthcare application it may be the case that Phizer has created an application for uploading data from doctors or hospitals around the world and this information is critical to the health and well-being of their vaccine patients.
Obviously something like this you would want to set a high number of validating peers to ensure information received is one hundred percent correct and also this would likely have many different users across the globe so even with validation being high, it is more or less parallel with the number of users and the information required to be validated and ensure integrity.
This is where Holochain is so flexible and able to scale as needed, regular applications that need to add more and more people are also adding more and more chances of a bad actor being added, with Holochain each user has their own source chain which the application creator can validate as being correct and adding more users to a Holochain application is the opposite of regular applications as you are adding more and more gate-keepers or validators of information.
Another IoT Example
As I just described above increasing the number of nodes improves Holochains security, so for example in an IOT environment you may have a sensor for example that is fitted to electric/power/energy polls that traverse several thousand miles.
Each of those sensors is sending information back to a control center advising them that their wiring is intact and there are no issues.
Because Holochain is so light-weight and low energy these sensors could be sending the signal via Bluetooth 5 depending on how far apart they are spread and each one of them is doing the same thing, monitoring and checking an reporting.
If one reports “Everything is okay” the others will then check that the signal was cryptographically signed and coming from another peer and not an intruder, they will gossip it to each other and send the information back to the control center.
Again in a matter of nano seconds.
And just like the scenario above, if say a Terrorist intercepted these sensor and was planning an attack on this particular countries power grid and first trying to trick it into believing everything is okay, it would try and alter or change one of those messages or several of them.
And the same would apply the bad actor would be forked out and a warrant sent to the control center advising them that the network was under attack.
You can apply this Holochain IoT scenario to any situation like above, log files, patient files, aircraft sensors basically anything that needs to maintain data integrity.
I hope this was of some help to you to understand the value and innovation of Holochain as a new technology and how it can and will be applied to IoT and IIoT, I am very excited for its future and I think once the world finds out about it they will also appreciate it and use it to help themselves to improve their lives by being in control of their data.
Thanks for taking the time to read this, I hope it was helpful. If you want to contact me you can do so here.