Project Proposal: Block chain reporting of Scientific Instrument's Data

Disclaimer: I am not sure if this is possible, but I would like to get the concept out there.

Most scientific research is currently funded, by government and private industries, some data is reliable, while some data we can not trust, and some data can go either way based on your personal views of who created the data. A research project’s results are only as good as the data that is collected during the experiment. What I am proposing is to create a new environment for true data that can be traced, while eliminating the financial and political burden on researchers.

If we can integrate ELK boards into scientific instruments, this will allow results to be published to the block chain directly. We will be able to determine who published the data first and we can guarantee those are the actual results the instrument created. The lab or researcher that produced the data can be paid through Ethereum and continue providing true data. This will allow researchers to concentrate on their task of producing results instead of “who will pay me for this work and my interpretation of the results a researcher entered themselves.” A community of scientist can then purchase the data to interpret the results knowing the who what when where and how of the data, and that it has not been skewed. It can also make the results more widely available for researchers across the world to interpret.

The idea is that we will get better data-sets, faster (since they are published as soon as the reading is taken), and remove political motivation from the equation (the entity funding the research can not choose the data the lab releases).

A great example would be climate change data we can remove the political and financial motivations of providing data that benefits the entity funding the experiment and get true data.

Another use case would be patient data, a lab can send the results to the patient and then the patient can send that data to any doctor they choose. The patient would also get the benefit of holding their own data (encrypted on the chain) instead of leaving it in the hands of Doctors and labs. The doctors and labs also benefit from not having to manage/store patient data and can concentrate on the patients health or the lab work requested. Lots of Doctors have retired or closed practices cause they do not want to handle IT.

This concept can create a shift in how we fund and process research. We can leave the job of obtaining the results to lab technicians, who will only want to produce more reliable data, while allowing the interpretation to a community that can specialize interpreting the data.

One major issue is tampering of the ELK/instrument, so the results published are skewed. Maybe some kind of checksum and sensor test can be added to the process and reported to the chain with the results.

This can also prevent researchers from publishing fake data, and save investors a lot of money.

The process will allow interpreters to break down exactly how the data was created and fine tune experiments and tests, since they have the machine data also. They maybe able to find a bug in a particular experiment/test and try a new approach since the data is coming from a standardized system that is fully traceable.

Please anyone feel free to offer ideas and possibilities.

Ideas on what instrument would be best to start with?

Experiments and industries that can benefit the most?

Earth is our one and only home!

3 Likes

That’s a very good idea.
Maybe, to help prevent skewed or tampered data would be some kind of proof of stake for the publisher of data. If the data is proven wrong (the way to prove wrong would need to be clearly defined), a big penalty would be taken from the publisher and redistributed to all other researchers with no data issues.

1 Like

Thank you for your thoughts, With that feature the researchers are staking their reputation and investment in that device as well as providing incentive to researchers for honest results. I would agree equal distribution to honest accounts from delinquent researcher’s funds is a great strategy to inspire legitimate behavior.

If the device is a node and it is connected all the time it can then be subjected to random audits, the ELK runs a basic linux OS, I am not sure how robust it is, so it maybe possible to add auditing software.

If the device is online all the time the stake can also impose penalty for consistent audit absences.

Trust levels can be used to easily identify what a device’s history is composed of.

The device can also invoke a physical tamper like the ones from clothing stores, where it inks the clothes, but only on certain devices that should never be open, and of course if a seal is broken ELK will send a broken seal Tx.

On serviceable devices, service can only be preformed by verified trusted technicians, a smart contract or signature system can be used with in an allotted time to send a Tx proving the intent to access the device and explain why a broken seal Tx has been sent.

This can also create jobs and business of certified service agents and support agents, so the researchers can concentrate on their jobs.

Picking the right devices to break into the industry will be important or a fully open source project could mature, but it will be slow to adopt.

1 Like

Hi Justin. Great post! A few thoughts:

This is a bit of an implementation detail…but it’s something I think that is important for all sensitive IoT. I’d like to advise against putting sensitive data on an immutable ledger, even if it’s encrypted. Per https://github.com/ipfs/faq/issues/4 comments and a security talk I recently attended—the Eavesdropper attack is when an attacker just stores publicly available data for later decryption. Even if its 20 years later, would you want someone to have access to all your encrypted medical or other sensitive data?

In light of that…it seems as though there are people working on this very issue!

Medicalchain uses blockchain technology to securely store health records and maintain a single version of the truth. The different organisations such as doctors, hospitals, laboratories, pharmacists and health insurers can request permission to access a patient’s record to serve their purpose and record transactions on the distributed ledger.

But to your point:

That’s a fantastic idea! The way I see it is that IoT would be an enabler for these types of trusted data producers/consumers. I love the idea that you propose that researchers can focus on making the data without worrying about getting paid. What if there were a bounty system for creating data, similar to the incredible gitcoin.co paying developers to work on open source software? It’d be interesting if the payment were calculated as dataPoint * userMetrics—then researchers could get paid per data point, while focusing on customer metrics such as quality, quantity, price or whatever.

1 Like

"*

If the device is a node and it is connected all the time it can then be subjected to random audits, the ELK runs a basic linux OS, I am not sure how robust it is, so it maybe possible to add auditing software."

  • Suggestion: any piece of OS or app software could be fingerprinted (one hash per version of the SW) by its creator and the fingerprint stored on-chain, accessible by anyone. Checking that the Elk software has not been tampered with would mean fingerprinting the Elk OS and apps and comparing them to the fingerprints stored on-chain.
  • Also, once a new version of OS or app is available, it could be flagged as mandatory upgrade if it resolves security issues. That mandatory update would have an implementation date to let systems some implementation time. Any Elk not at the latest mandatory state would be excluded from any incentive scheme and maybe also from data collection as it would be “unsafe”.
  • Random audits could be centrally triggered by Oracles that Elks would regularly and automatically consult (part of the OS?).

“The device can also invoke a physical tamper like the ones from clothing stores, where it inks the clothes, but only on certain devices that should never be open, and of course if a seal is broken ELK will send a broken seal Tx.”

  • Very nice idea. That could also be part of the OS and triggered by an un-maskable interrupt, even if the Elk is in deep sleep mode. The Elk could also block any external interaction with itself, except for sending the “broken Seal Tx” to the chain and waiting for an authorization to resume (that would be triggered by the verified trusted technician proof-of-maintenance transaction). A special case would be getting a unique Elk-specific individual master key code to unlock it (online or locally entered), that would revert the Elk to its factory mode (losing everything in the process, but allowing the recovery of the HW in case it is needed).
1 Like

That’s a great idea @Justintheblock. One other industry that I felt could benefit from this setup is car insurance. You could have an instrument that records your driving activity to a blockchain and the data can only be decrypted by you. An insurance company could reduce your premium by X% in exchange for getting that data, with the hypothesis that you’d be a more careful driver knowing that your insurance company knows your driving behavior (and driving irresponsibly could perhaps void the insurance).

1 Like

Thank you nathan,

Improving any aspect of health care is a win win in my book. Its an off topic but I was working out a strategy yesterday to mask exposed data by hiding in plain sight. In college I used to leave money in public places to see if anyone would take it. To a degree that’s what a private key is.

I like the gitcoin,the bounty idea would decentralize the workforce and the results will be less bias, since its an open market, with reputations. Research companies can evolve faster since they are not stuck competing for large/long term contracts mostly, they can diversify quickly, by acquiring new clients on the bounty platform. It also give the researchers the option to work on what they like not what they have to work on to make ends meat, which usually leads to more productivity.

The biggest concern would be adoption by these communities, people do not like change.

1 Like

Thank you GdB,

I really like your suggestions, A hardware/OS finger print that is compared to an immutable ledger sounds great.

Updating is also very important and is a potential security risk from my experience, I do not know much about fingerprinting yet, but is there a way to know each devices new finger print prior to preforming the upgrade, to eliminate any chance of infiltration during the process or does that not matter in this environment?

For the random audits, being part of the OS would mean its fingerprinted and on the block chain, so I would agree.

There is also the possibility of using a custom Arduino shield to add a separate layer of security to ensure the sensors are not tampered with also, but that might be over board.

Your last bullet hit the nail on the head. That made me think of sloppy technicians we would not want to lose hardware on a technician or researchers learning curve. That will stifle adoption.

I want to thank everyone for their amazing input!

1 Like

Thank you ielashi,

This idea reminds me of Progressive car insurance “snapshot” but better cause it can be universally adopted by any car insurance company and you are in control of the data release. You could also sell the data to car manufactures or create a rewards program or an open market to sell your data on, instead of allowing corporations to profit off the data you provide. A device like this should be mandated in all public transportation especially taxis and government vehicles, when I see city workers beating up a state vehicle, that costs everyone money and causes more stress on our environment for no reason, this could deter that habit. Remember earth is our one and only home.

Basically, fingerprinting would mean creating a hash of the code (not the data). The code could be all of the OS, or even better, each specific modules of the OS independently (Loader, scheduler, file system, etc.).
The hash would be created offline when the software is created, and stored on chain. The Elk would create its own hash when needed and compare it to the on-chain hash. That part of the process on the Elk would need to be embedded when the HW is created, and untouchable by anyone for tampering-prevention reasons. The same would apply for the OS Loader/Updater module.
In my view, adding other HW pieces increases the risks of hacking and failure.

1 Like

I have always wondered about the exposed data by certain entities if it was authentic, tampered or maybe politically corrected. One of the most important data is population health and how such data may affect some countries, general opinion and of course economies. There was a medical program held in Egypt that was meant to check, “cure” and treat people from HIV/Aids, the ministry of health announced a list of numbers stating people checked, treated, receiving antidotes etc,. Now how would such numbers be authentic if it’s totally centralized by the government and it may be politically corrected or tampered just to proof that a million dollars paid program was totally successful and that we should carry on more of such programs paying a lot of money. So your idea @Justintheblock is really useful for such cases like this, adding a version of Elk board into medical instruments and publishing data onto public ledgers may really help a lot. But there are a lot of questions… should data be pinned to each and every person’s ID “encrypted” (which I think @nathanjmartin has a real good point not to)? and for sure how parties are incentivized to publish actual data?

Should we rely on some centralization to secure the software and not exposing the code to the public searching for back doors and software cracks? Just like hardware wallet Ledger or Grid+ which both has high level of hardware and software security. Trezor (which is an open source) faced a huge attack last week by accessing the physical hardware with really cheap tools and digging out the seed. What do you think about that @GdB?

1 Like

You are right. Security by obscurity is by far not the best option.

Fingerprinting open-source software and keeping the fingerprints on the blockchain would allow anyone to check and validate the original code, the compiled code, and the fingerprints. The implementation on an IoT systems (open-source and open to validation by anyone) would recalculate its own fingerprint and submit it for validation, That would close the security check loop while avoiding security by obscurity issues.

Fingerprints would be calculated by module, to allow devices to only select the subsets they need in each IoT device (like for example skiping the USB module or the TCP module if your implementation does not need it).

2 Likes

Totally agree with you :+1: just like linux distros.