The Beginner’s Guide to IOTA

The Beginner’s Guide to IOTA

IOTA is a distributed-ledger protocol powered by the Tangle, a DAG-based data structure. With its feeless transactions and tremendous scalability IOTA seeks to be useful in the age of the Internet of Things

What is IOTA?

IOTA is a public and permissionless protocol that aims to be the backbone of the emerging machine-to-machine economy and enables seamless interoperability of devices in the age of the Internet of Things. It can also be used by people as a conventional cryptocurrency. IOTA is powered by the Tangle technology.

The Tangle

Instead of a blockchain, IOTA uses the Tangle, a special architecture based on a Directed Acyclic Graph (DAG). This may sound rather complex but in reality a DAG is simply a way of representing data, much like blockchain. However, whereas a blockchain is a chain of blocks each referencing (validating) the one before it, the Tangle is a web where each transaction references two earlier transactions.

Low load (top) and high load (bottom) Tangle

There is no mining in IOTA as each participant in the network has to validate two past transactions to send a new one. It follows that the more the network grows, the more scalable it becomes.


Making a transaction includes four steps:

  • Signing: a node creates a transaction and signs it with the private key.
  • Tip selection: the node randomly selects two tips (unconfirmed transactions, grey squares in the picture above) using the Random Walk Monte Carlo algorithm.
  • Proof-of-Work: the node checks if the two transactions are valid and then attaches a small proof-of-work. This process is necessary to prevent spam attacks.
  • Broadcast: the node broadcasts the transaction to neighboring nodes and it is further propagated through the network using a standard P2P gossip protocol.

The transaction is considered 100% confirmed when 100 randomly selected tips all have a path to the transaction (confidence) or when a milestone references the transaction. Milestones are empty transactions issued every two minutes by the coordinator, an entity controlled by the IOTA Foundation. The coordinator is a temporary solution used to protect the network from attacks in its infancy stage.

A transaction has four properties:

  • Height: the length of the longest path from the transaction to the genesis;
  • Depth: the length of the longest path from a tip to the transaction;
  • Weight: the amount of proof-of-work done by the author node (usually 1);
  • Cumulative weight: the sum of its own weight and the weights of transactions that directly or indirectly validate it.


The smallest unit of IOTA the cryptocurrency is Iota but most operations are done in mega Iotas (MIOTA, or Mi). One mega Iota equals one million Iotas. The total supply of 2,779,530,283,277,761 Iotas has already been distributed and no more coins can be mined. The number of tokens is not arbitrary. IOTA uses ternary-based logic (as opposed to binary) and this is the largest 33-digit ternary number.

111,111,111,111,111,111,111,111,111,111,111 (base-3) = 2,779,530,283,277,761 (base-10)

There are no transaction fees in IOTA which makes the cryptocurrency a good choice for micro- and nanopayments. The same feature coupled with IOTA’s infinite scaling potential allows a great multitude of interconnected devices to constantly exchange information in the Internet of Things economy.

IOTA Foundation

IOTA was created by David Sønstebø, Dominik Schiener, Sergey Ivancheglo, and Serguei Popov.

The IOTA Foundation is a non-profit organization behind the IOTA technologies. The Foundation houses researchers, industry experts, developers and engineers who work on the development and adoption of the IOTA protocol.

The IOTA Foundation is headquartered in Berlin, Germany.

Additional Info

  • IOTA raised 1337 BTC (approx. $0.5 million) in ICO in December 2015.
  • The IOTA network becomes stronger when the number of transactions increases. A stress test conducted in April 2017 showed a throughput of 112 confirmed transactions per second in a network of only 250 nodes.
  • IOTA uses Winternitz signatures which make the Tangle impossible to compromise even by a quantum computer, anticipated to arrive within the next two or three decades.
  • To keep the ledger at a reasonable size, the IOTA Foundation creates a Snapshot every two months. A Snapshot is a pruned version of the ledger, it removes all events and addresses which do not have a positive balance. Full nodes can keep the unpruned version if they choose so.
  • IOTA used its own ternary based hash function called Curl, which was found to have critical vulnerabilities by MIT. Curl produced the same output to different inputs. IOTA later replaced it with Kerl.


Official website

Official blog








Trinity wallet

Full node + light node

Latest IRI



Stack exchange



Illustrated introduction

Education Youtube channel

IOTA Simply Explained


All-in-one IOTA thread

Tangle visualizer

Another visualizer

Related news

How IoT is Shaping the World of Retail Business

Traditional retail’s evolution over the past decade has been driven by digital technology, such as Artificial Intelligence, Machine learning, Big data and the Internet of Things. The latter is forecasted to be deployed by 80% of the global retailers by 2021, as IoT continues to penetrate the retail market.  Read the full story

Altcoin Explorer: Using Social Incentives for a Sustainable Ecosystem on IOTA – Part 2

In part 1, we through the network design and criticisms of IOTA owing to their in-house cryptographic implementations. Most of the positives of the network shine through in the tokenomic framework and an overview of the protocol, November 15, 2019. Tokenomics and Business Development IOTA is a fully issued cryptocurrency with nil inflation or dilutionRead MoreRead More. The post by Ashwath Balakrishnan appeared first on BTCManager, Bitcoin, Blockchain & Cryptocurrency News\
BTC Manager

Using security orchestration to simplify IoT defense in depth

Even as the technology industry continues to scramble to protect personal computers, datacenters and other traditional IT systems from increasingly sophisticated cyberattacks, a new attack target has emerged – the Internet of Things (IoT). To protect their IoT applications from attack, organizations are working to adopt for the IoT the same cybersecurity strategy which has proven to be highly effective for traditional IT infrastructure – Defense in Depth. A Defense in Depth strategy leverages edge device, network and cloud security capabilities, along with end-to-end encryption, to create layers of protection that make it harder for an attacker to effect an IoT application, and easier to detect, isolate and remediate successful attacks. Implementing an IoT security Defense in Depth strategy is complicated, and often requires the creation of a large, dedicated IoT security team to effectively execute. However, a security orchestration approach to IoT security can simplify the implementation of a Defense in Depth strategy, and addresses the cost, complexity and other problems that have made it difficult and expensive for companies to build robust end-to-end security into their IoT applications. The Unique Challenges Involved in IoT Security IoT applications can be attractive targets for cyberattacks for a wide variety of reasons. An attacker may want to penetrate the application to steal data or disrupt operations in ways that either subtle (to make minor adjustments to sensor data to mislead business intelligence systems relying on that data) or overt (to disable the entire application with ransomware). They may want to penetrate the application in order to leverage the aggregate processing horsepower or internet bandwidth of a large number of IoT devices to mine cryptocurrencies or to operate mercenary “DDoS for hire” botnets. Or they may want to leverage an insecure edge device to launch a “pivot attack” on the network to which that device is attached. For example, in 2018 Darktrace reported an incident they investigated where a casino network was compromised and its high-roller database was extracted through an internet-connected thermostat used in the casino’s lobby aquarium. There are almost as many reasons to hack into IoT applications as there are IoT applications themselves. Securing IoT applications against these myriad forms of attack is also more complicated than for traditional IT systems. First, the edge devices used for IoT applications are often low cost and easily obtainable, making it relatively easy to perform “tear downs” to identify exploitable vulnerabilities. Second, these edge devices are often deployed in accessible, unsupervised locations, which makes it easier to tamper with them without being detected. And third, IoT application edge devices are often deployed in large numbers with tight constraints on their bandwidth and battery power, making it more difficult to deploy security updates in a timely fashion. Benefits of Defense in Depth A Defense in Depth cybersecurity strategy can address many of the unique challenges related to IoT application security. Such as strategy strives to slow down and dramatically increase the cost of an attack by forcing the attacker to circumvent multiple security mechanisms in order to gain access to the target. This discourages most attackers who don’t have a specific interest in the IoT application. For example, crypto-miners and DDoS botnet operators will in general move along to easier targets if they are frustrated by an attack. At the same time, Defense in Depth also slows down more persistent attackers, while also providing the IoT application owner with more opportunities to detect their efforts and deploy countermeasures before the attackers can achieve their goals. Defense in Depth takes many forms, and IoT application designers should strive to deploy as many of them as possible. For example, designers should ensure their Defense in Depth strategy forces an attacker attempting to intercept communications from an edge device to the cloud to compromise a cellular carrier firewall to access a private APN, then a VPN tunnel between the device and the cloud, and then penetrate application-layer encryption to get at the actual data. No system can be made perfectly secure, but like medieval castles, IoT Defense in Depth mechanisms like those described above complement each security mechanism (moat, castle wall, keep) with another, making it much more difficult for an attacker to fully penetrate the application. When properly executed, such a strategy will frustrate attackers and cause them to give up, and also increase the probability that an attack is detected before it can succeed or cause significant damage. Large, Dedicated IoT Security Teams – Effective, But Resource-Intensive However, implementing an IoT Defense in Depth security strategy is complicated, as companies need to manage security on different types of devices, multiple connectivity service providers and various cloud service providers. They need to ensure all these security mechanisms are kept in synch and work smoothly together. The entire process is both difficult and time-consuming – much more so than web or other types of applications. Some larger companies have succeeded in implementing IoT Defense in Depth strategies by creating dedicated teams of experts versed in the security of the key elements of an IoT application (edge device, network connectivity and cloud management). These experts implement a Defense in Depth strategy by ensuring each element of the application has the most up-to-date security possible, while also coordinating to protect the points where each element integrates with the others. This approach can be effective, especially as the resulting Defense in Depth strategy is specifically designed to address the vulnerabilities of the company’s particular IoT applications. However, this approach is complicated, and requires the investment of extensive time and resources. For example, an IoT security team still has to manually configure their VPN for different devices, different network connectivity service providers and different cloud service providers. All the edge device and network firewalls must be kept in sync, with trusted hosts added to white lists, along with new ports and protocols. This approach, using different interfaces to adjust the security of each element of an IoT application, also increases the chance of human error, leaving open a vulnerability that an attacker could exploit. In addition, the costs and difficulties involved in recruiting, hiring, retaining and coordinating large teams of dedicated IoT security experts make this approach difficult, if not impossible, for small and medium-sized firms, preventing them from implementing strong IoT security Defense in Depth strategies. Security Orchestration: A Different Way to Easily and Cost-Effectively Implement IoT Defense in Depth Increasingly, companies are considering an alternative approach for implementing an IoT application Defense in Depth strategy – security orchestration. For most companies, a security orchestration approach allows them to implement a robust Defense in Depth strategy with a much smaller dedicated security team, and thus lower initial and ongoing costs. A security orchestration approach simplifies the implementation of an IoT Defense in Depth strategy by providing companies with a solution to orchestrate the deployment and management of layers of protection around all elements of the IoT application – edge device, network connectivity and cloud. Security orchestration solutions not only provide multiple layers of protection for the IoT application, but also simplify security management by allowing the IoT application’s owner to define a high-level security plan, and then apply and manage this plan from a single “pane of glass.” Using this single interface, users can configure and update security provisioning on all their devices, connectivity providers and clouds, and easily designate who their edge devices can and cannot communicate with (using whitelists and blacklists) and how they communicate (ports and protocols). Key Considerations When Adopting a Security Orchestration Approach for Your IoT Application For a security orchestration approach to be effective, the security orchestration solution needs to be built and maintained by a company with its own experts in all elements of IoT security – edge device, network connectivity and cloud. In addition, security orchestration does require IoT application owners to use a single solution (compromising devices, network connectivity and cloud management software) for their applications, limiting their flexibility when it comes to “mixing-and-matching” elements from different providers in their applications. However, such an adjustment is well worth the benefits of a more cost-effective and robust Defense in Depth IoT security strategy, especially for small and medium-sized firms where investment in a large, dedicated IoT security team is cost-prohibitive. In a world where IoT applications are playing an increasingly important role in companies’ digital transformation strategies and the number of cyberattacks continues to grow, security orchestration offers companies an opportunity to implement a simple, affordable end-to-end IoT Defense in Depth strategy that allows them to better protect their IoT data from being stolen, altered or lost. The post Using security orchestration to simplify IoT defense in depth appeared first on SC Media.
SC Media

Hot news

By continuing to browse, you agree to the use of cookies. Read Privacy Policy to know more or withdraw your consent.