NXM Labs reckons IoT security requires autonomous operation

NXM Labs is on the hunt for new business, arguing that its autonomous technology is the best way to deal with the practicalities of managing an IoT-scale project – that password-based systems can’t scale to these levels, and that new approaches are needed. With a chip-to-cloud offering, CTO and co-founder Jay Fallah says that NXM’s technology is the way to ensure that you can deploy, protect, and trust IoT devices in the field, at scale.

Fallah explained that the name stems from ‘Next Generation Machines,’ and that NXM’s initial focus was on autonomous and connected vehicles – founded around two and a half years ago in the wake of the infamous Jeep hack. However, NXM found that the concept of autonomous security was of great interest, and so it decided to make this the core focus moving forward.

Broadly, the crux of Autonomous Security (AS) is that a system can take lessons learned from one device and share them between other members, in an autonomous fashion that does not need human intervention. Fallah explained that cryptography is the core component, and that a blockchain mechanism is used to share the security updates and lessons between.

As a ‘chip to cloud’ offering, the first step in NXM’s process is having the CPU of the end-device create what it calls a Concrete ID (CID), which is stored in the protected memory of the CPU and also posted on the private blockchain. This CID then serves as the basis on which conventional Public Key Infrastructure (PKI) security can be built, and in combination, NXM says that they enable trusted communications between all devices that are registered on this blockchain.

Fallah said that the blockchain, the distributed ledger, is an effective means of keeping bad actors out of the system, and that it also enables better monitoring of the behavior of those devices within the ecosystem. The private blockchains use a token controlled by NXM, to ensure that the devices are operating within their means – that is, to limit the number of messages or transactions that take place, so that one device couldn’t flood the network.

NXM is using Ethereum, but not the public Ethereum blockchain, and makes use of the smart contracts functions in its Agile Crypto tool, to trigger a device to create a new public key if NXM gets so much as a hint of an insecurity. Triggering the contract forces the device to reset its public key, and Fallah said that this system lets NXM spot when a customer has been hacked far in advance of when that customer would normally discover the problem themselves.

He added that NXM had taken lessons learned from NFV and SDN, ensuring that the Control Plane and Data Plane in its system are kept separate – so that it doesn’t have to worry about co-mingling of control messages and data packets, nor the issues of surveillance capitalism, where data tied to identities become very valuable to marketers.

To this end, NXM makes use of Controller devices, such as smartphones, which are a way to manage the interaction between the sensor device, a blood sugar monitor in the example given, and the blockchain and cloud components. In theory, the Control Plane functions don’t have access to the contents of the data packet, but are simply there to ensure that whoever is receiving the data packet can trust that it has come from a properly authenticated device.

The combined public-private key is used to sign the data packets sent from the device, and is then also encrypted using the public key of the MQTT messaging broker that is assigned to the application, which brings the established world of MQTT to the table – with its pub-sub model, to send messages to the right places.

Fallah says that the NXM approach will reduce the data volume and velocity, in favor of improved veracity – that is, better trust in the data, and thus better value from smaller amounts of data transferred. This is especially true if the developer makes use of delta values, sending messages to update on variances, or only when thresholds are reached. This creates ‘clean’ data at the network edge, which NXM says can enable vast AI and ML applications, owing to the way this data is presented – as segmented and contextual, delineated by the namespace of the devices

So, NXM is trying to sell this concept to chip designers, module makers, hardware-based security vendors, and OEMs, hoping to get the IP embedded on chips. To this end, it is ensuring it remains silicon-agnostic, pitching it as a design that will work on any chip. NXM can also white-label the offering, and is doing so in IBM’s Hyperledger services. We checked whether NXM was planning on monetizing the tokens on the blockchains, and were relieved to hear that it was not – that the tokens are just a security function.

NXM is also planning on using its Autonomous Security architecture as a means to protect against future quantum computing attacks. There is a risk that quantum computing could crack the algorithms used in conventional cryptographic protection, and NXM’s Quake (Quantum Augmented Key Encapsulation) tool hopes to protect against this.

There is more information available in online documentation, but the short version of Quake is that it uses multiple randomized public keys to encrypt a data packet, so that a quantum computing attack would have to break each packet instead of just one algorithm. NXM is pitching Quake as a system that you can begin adopting today, as part of its Autonomous Security offering, which can be adapted and updated down the line as this post-quantum world emerges.