This interview is part of our new Blockchain In Cybersecurity series, where we interview the world's leading thought leaders on the front lines of the intersections between blockchain and cybersecurity.
In this interview we speak with Stefano Pepe, CEO of UniquID, to understand how his company is using blockchain to transform the cybersecurity business, and what the future of the industry holds.
1. What’s the story behind UniquID? Why and how did you begin?
SP: UniquID is the Identity as a Service (IDaaS) for the Internet of Things. We help enterprises drive confidence and efficiency in their IoT platforms by providing an interoperable and tamper-resistant digital authentication infrastructure that doesn’t use trusted central authorities.
I fell in love with Bitcoin in 2012, and I identified the risk of centralized techniques to command and control IoT devices. If we agree that cryptocurrencies are creating a new class of financial freedom, who is in charge to let us control the connected devices we buy and rent with our decentralized money? Essentially, even if we pay with bitcoins, someone might lock us out of our vehicles, homes or medical data. To find a solution, I started to work on UniquID in Rome, Italy in 2014, and soon I left the country to move to San Francisco, where Bitcoin, the cypherpunk movement and the Internet itself have deep roots. Today I actively support the Bitcoin movement, and UniquID is full into the motto from “don’t be evil to can’t be evil”.
2. Please describe your use case and how UniquID uses blockchain to transform cybersecurity:
SP: The Internet of Things (IoT) represents a revolutionary paradigm shift in computer networking. After decades of human-centric systems, where devices were merely tools that enabled human beings to authenticate themselves and perform activities, we are now dealing with a device-centric paradigm: the devices themselves are autonomous actors, not just tools for people.
Today, IoT Architects must design authorization platforms capable of centrally decide if two remote IoT devices (such as an electric car and a charging station) can securely exchange data or not. UniquID provides a peer-to-peer authorization model that reduces this central liability and migrates responsibility for authentication and authorization to a proven public blockchain, leveraging meta-data stored into microtransactions.
3. Could you share a specific customer/user that benefits from what you offer? What has your service done for them?
SP: Utilities in the electricity/water/gas space leverage UniquID to drive confidence in their IoT infrastructure of smart-meters, leveraging our IDaaS to improve the flow of time-series data across different devices, cloud platforms and vendors/partners. We lower by one order of magnitude the time allotted to manage the digital identity of smart-meters, leaving the IT operations free to spend time on more critical and less repetitive tasks.
Technically, we provide an Identity and Access Management (IAM) administration tool which is native for edge computing and distributed networks of devices, inspired by Infrastructure-as-Code principles. UniquID IDaaS automatically broadcast any new access rule in the blockchain (e.g. to provision a new set of charging stations), and all the systems connected to the same ledger got the update automatically – in the very same way a cryptocurrency wallet receives new incoming transactions.
4. What other blockchain use cases in cybersecurity are you excited about?
SP: I would follow closely OpenTimeStamps. If correctly implemented, it can simplify the transport of information across systems, leveraging the immutability of Bitcoin transactions to lower the friction in the system integration. We use it to certify events and logs across IoT platforms (regardless of their own standards), lowering the computational trust in applications and encrypted sessions normally sitting in the middle.
I’m also excited by the vision of Microsoft Sidetree, BlockStack, Handshake Protocol just to name a few. They are all tackling core, very challenging problems in the digital identity space, and I can see the value of having a decentralized, censorship-resistant identity infrastructure as available and accessible as the Bitcoin itself.
However, I don’t believe that “blockchains” are the answer for a decentralized identity revolution: even the most secure and broadly adopted distributed ledger (Bitcoin) can’t improve poor implementations on single nodes of the network (e.g., exchanges or custodial wallets). Therefore, we can afford to lose some cash but we cannot afford to lose our digital identity and the digital rights attached to them. Technically is a “token fungibility” problem.
Long story short, distributed computing is very hard, the value is still in the implementation, and the safest blockchain out there is useless if the application is not secure.
5. Where will UniquID be in 5 years?
SP: My vision is guided by three principles: accessibility, interoperability, confidence.
Accessibility: every device can join the UniquID network by broadcasting a micro-transaction (embedding a small library, I was inspired by Stripe), and communicate transparently, without constantly requiring passwords by the human user.
Interoperability: we provide a “digital passport” for IoT data, which points to a specific entry in the distributed ledger. Devices are able to exchange data across systems and standards, leveraging our passport instead of requiring custom-made system integrations.
Confidence: this is the most ambitious paradigm shift. Every UniquID-enabled device embeds micro-transactions that carry the rights on how/what data is being shared. Therefore, administrators issue these micro-transactions between devices, and the system trusts them instead of a central authority.
Our bold goal in five years is to see these principles applied to a large portion of IoT devices (tens of billions). As soon as Bitcoin transactions will be broadly accepted as the most trusted way to save money, UniquID will be there, ready to extend transactions with our IoT Identity and Access Management platform.