-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensuring trust for non-Helium hotspots (HIP draft, DIY gateways) #15
Closed
Closed
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
8406181
WIP: Ensuring trust for non-helium hotspots
vihu 64dc2ee
WIP: Add a high level workflow for diy hotspots
vihu 2d936bd
Reword
vihu 421f77d
More rewording, comment feedback
vihu b53ed48
Start working on levels of trust
vihu b509656
Fix formatting
vihu e610763
WIP updates
amirhaleem e1e6fe1
Merge pull request #17 from helium/ah/update-diy-hotspots
vihu dc1ee7d
Rework levels of trust
vihu 9834784
More wip
vihu e5059a6
Update 0009-non-helium-hotspots.md
vihu e37df7f
Update 0009-non-helium-hotspots.md
vihu aea1569
Address review comment
vihu 0b10176
More details on lvl progression
vihu 7b715a0
Address more review comments
vihu File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,174 @@ | ||
| - Start Date: 02/19/2020 | ||
| - HIP PR: | ||
| - Tracking Issue: | ||
|
|
||
| # Summary | ||
| [summary]: #summary | ||
|
|
||
| Ensuring trust in the network when non-helium hotspots begin to | ||
| participate in the network. | ||
|
|
||
| # Motivation | ||
| [motivation]: #motivation | ||
|
|
||
| Helium's primary objective has always been to establish a decentralized | ||
| permissionless wireless network allowing anyone to be able to join and | ||
| provide RF Coverage with off-the-shelf hardware and open source | ||
| software. | ||
|
|
||
| This goal poses some interesting challenges specifically regarding | ||
| network growth. Once we allow non-helium hotspots to be able to join the | ||
| network, we lose the ability to verifiably prove that any sub-network | ||
| created by such new hotspots truly exist physically since it's easily | ||
| possible for dishonest actors to fake geographic locations and radio | ||
| transmit/receive and claim that they are providing network coverage. | ||
|
|
||
| # Stakeholders | ||
| [stakeholders]: #stakeholders | ||
|
|
||
| - 3rd party hotspot manufacturers | ||
| - DIY hotspot builders | ||
|
|
||
| # Detailed Explanation | ||
| [detailed-explanation]: #detailed-explanation | ||
|
|
||
| In order to ensure organic network growth while still maintaining | ||
| verifiable trust regarding the claim of location of newly joining 3rd | ||
| party or DIY hotspots we propose that every hotspot joins the network in | ||
| a probationary mode with limited PoC capability. | ||
|
|
||
| In the current network onboarding a helium manufactured hotspot allows | ||
| full proof-of-coverage priviledges as soon as the hotspots syncs fully | ||
| with the blockchain, however this behavior is insufficient to ensure | ||
| that non-helium manufactured hotspots or DIY hotspots by individual | ||
| developers adhere to the consensus rules and also honestly provide RF | ||
| coverage. | ||
|
|
||
| Currently we know that every single hotspot being added to the network | ||
| is manufactured by helium and has the required hardware to participate | ||
| in proof-of-coverage challenges, as soon as we allow other hotspots to | ||
| join the network we have no verifiable way of being able to separate a | ||
| virtual network from a real one. | ||
|
|
||
| To mitigate that, we propose introducing a probationary mode. Every | ||
| single hotspot which will join the network (including helium | ||
| manufactured) will do so in "probation". In probation mode, the PoC | ||
| activity of a hotspot would be limited to only participate in challenges | ||
| which involve the external device. | ||
|
|
||
| To gain full PoC priviledges, a hotspot must complete a pre-determined | ||
| number of successful challenges involving the external device. This | ||
| number can be set via chain variable on the blockchain. | ||
|
|
||
| Consider the below network where hotspot A-F are non-helium manufactured | ||
| hotspots, with the lines representing RF visibility between hotspots. | ||
|
|
||
| +------+ | ||
| | | | ||
| +-----------+ A | | ||
| | | | | ||
| | +------+ | ||
| | | ||
| +------+ | ||
| | | | ||
| | F | | ||
| | | | ||
| +------+ | ||
| | +------+ | ||
| | | | | ||
| | | B | | ||
| | | | | ||
| | +------+ +------+ | ||
| +------+ | | | | ||
| | | | | C | | ||
| | E +-----------------------------+ | | ||
| | | | +------+ | ||
| +------+ | | ||
| | | | ||
| | +------+ | ||
| | | | | ||
| +-------------+ D | | ||
| | | | ||
| +------+ | ||
|
|
||
| There exists no possible way to ensure that these hotspots do not form | ||
| part of a virtual network, since they can easily fake locations and RF | ||
| coverage and verify each other via the existing PoC mechanism. | ||
|
|
||
| Until and unless there is a helium (or an authorized retailer) | ||
| manufatured hotspot introduced in the above network, we cannot make any | ||
| conclusions regarding the claim of location of any hotspot A - F. | ||
|
|
||
| Reimagining the above network with the introduction of a helium hotspot, | ||
| consider the graph below: | ||
|
|
||
|
|
||
| +------+ | ||
| | | | ||
| | A +---------------+ | ||
| | | | | ||
| +------+ | | ||
| +--+---+ | ||
| +------+ | | | ||
| | | | X +<--+Helium Hotspot | ||
| | F | +---------------+ | | ||
| | | | +------+ | ||
| +------+ | | ||
| +---+--+ | ||
| | | | ||
| | B | | ||
| | | | ||
| +---+--+ +------+ | ||
| +------+ | | | | ||
| | | | | C | | ||
| | E | | | | | ||
| | | | +------+ | ||
| +---+--+ | | ||
| | | | ||
| | +--+---+ | ||
| | | | | ||
| +-------------+ D | | ||
| | | | ||
| +------+ | ||
|
|
||
| We can verifiably prove that A, B, D and E can successfully complete | ||
| PoC challenges which involve hotspot X. Since we know that hotspot X is | ||
| bound to be trustworthy by design and any hotspot which can participate | ||
| in a PoC challenge involving X can only do so if it's operating within | ||
| the rules set by the consensus mechanism and also has an operating radio | ||
| chip. | ||
|
|
||
| However, we still cannot make logical conclusions about C and F since | ||
| they have not had any PoC activity with X. Therefore both C and F remain | ||
| in probation mode but A, B, D and E can transition to full PoC activity | ||
| once they all successfully complete `N` PoC challenges successfully | ||
| involvind hotspot X. | ||
|
|
||
|
|
||
| # Drawbacks | ||
| [drawbacks]: #drawbacks | ||
|
|
||
| TBD | ||
|
|
||
| # Rationale and Alternatives | ||
| [alternatives]: #rationale-and-alternatives | ||
|
|
||
| - Why the limitation for PoC-ing with helium hotspots? | ||
|
|
||
| The helium hotspot solves the problem of seeding trust in a new network | ||
| by serving as a "trust authority". Furthermore, this authority can be | ||
| delegated to other 3rd party manufacturers. | ||
|
|
||
| # Unresolved Questions | ||
| [unresolved]: #unresolved-questions | ||
|
|
||
| TBD | ||
|
|
||
| # Deployment Impact | ||
| [deployment-impact]: #deployment-impact | ||
|
|
||
| TBD | ||
|
|
||
| # Success Metrics [success-metrics]: #success-metrics | ||
|
|
||
| TBD | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One drawback is that all new hotspots (including helium manufactured hotspots) would require an existing trusted hotspot within range. This represents a massive barrier to adoption since most people aren't within range of a trusted hotspot.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we'd have to create a scalable process to approve hotspots to be level 3B to solve this