Blockchain-based IoT security solution – A novel approach

Edging closer to Industry 4.0, a multitude of organizations –private enterprises or public sector services – will leverage on new technologies to raise their efficiency for tomorrow’s economy. One of the technologies that are transforming the business landscape is the Internet of Things (IoT). It is projected that there will be over 50 billion internet-connected things over the next decade.

Central servers in the IoT systems today mostly maintain the aggregated data. This implies devices can only access this data through a centralised network. We look towards the large number of devices and expansion of IoT ecosystem, hence it won’t be an effective approach. On top of that, the reliance on these new systems will inevitably leave them prone to attack. Gartner shows that by next year alone, more than 25 percent of identified attacks will happen within the IoT ambit. However, budget allocations for IoT security remain insignificant. Blockchain is a General-Purpose Technology (GPT) that will have a profound positive impact on humankind. This is one of the important means to solve the issue of IoT security.  

Here, we will deliberate how we can use a credibility verification (decentralized blockchain-based) solution. This allows more potent peer-to-peer messaging and communication between different IoT devices, to address the issue of IoT security.

Outline of vision

In a Network of Plentiful Things (IoT on much larger scale), this verification structure can validate the authenticity of the device transmitting the data flow. With the continuous proliferation of IoT security, privacy and credibility attracting continuous attention, the requirement of establishing an affordable, practical and resilient credibility verification mechanism is being addressed here. Leveraging solution like this may provide a permanent, efficient and affordable solution for ensuring privacy and security of IoT solutions.  

A blockchain-based credibility verification solution for IoT security will have the following benefits:

  • Robust, highly reliable, tamper-proof data, an accurate representation of historical transactions performed on different devices
  • Elimination of single centralized control authority that will require heavy capital expenditure on building huge internet infrastructure
  • Improved privacy and trust on the IoT
Details of the solution

The technology solution for blockchain-based credibility verification comprises three main parts:

  1. Credibility verification framework

The devices used in IoT have a negligible resource footprint and device gateways closely manage them.  Device gateways – in addition to managing the end devices in the IoT chain – will also store the information of the corresponding devices connected to them (including their identity and the public keys) in the blockchain-based distributed ledger. The distributed ledger is now responsible for credibility verification. The credibility information can be stored locally on the device gateways or a separate storage in the cloud.  

  • Unique device identification and private key
    The device gateway will have the device identity, the gateway identity and the public keys of all devices being managed. The gateway will also contain the private key for itself, the block head and the cryptographic hash, which is considered as the ‘Proof of Work’ (POW) for each block.
  • Credibility verification process
    The primary objective, of this process, is to prevent any device spoofing and ensuring communication with a legitimate device. So, the device will have to perform three specific activities: 
  • the device, when it joins the network, must share its certificate to confirm that it belongs to the network
  • the accessing gateway must confirm the originality of the device.
  • the data sent by the device must be proven that it is the original data. 
  • Trustworthiness in the blockchain used

The previous three mechanisms, used to verify the devices’ identity and ensuring IoT security, will only work with a trustworthy block-chain, last mile problem addressal and if only genuine devices come into the network. Operationally, this credibility verification method is a little more complex as compared to the currently trending, centralised verification concept, but this will ensure higher levels of IoT security and protection of the entire Network of Plentiful Things.   

Market landscape of the solution

Who are the customers for this solution?

The target customers of this solution would be communication service providers, enterprises, and system Integrators – namely those who are primarily focused towards building and implementing and hosting end-to-end IoT solutions for their customers, which could be businesses or end customers. The customers could also be large enterprises who are looking to build their own IoT solutions and would like to invest in the infrastructure for the same.   

The last mile hurdles

The last mile is crucial to this solution due to the involvement of physical devices. Once the device comes into the blockchain, it is safe and immutable. Yet, how do we ensure that spurious devices do not make their way into the IoT system? For devices that the IoT system accepts, there should be proper identification & certification mechanisms and the organisations must ensure the same. 

It is of paramount importance to have devices properly certified and the right configuration loaded on the devices prior to them entering the production environment. Hence, to take care of all aspects, the organisations must employ utmost care to build standard operating procedures (SOPs), to onboard new devices into the IoT ecosystem.

Caveats to keep in mind

Consider the following issues in order to use Blockchain, widely, for relevant IoT applications:

  • Many devices may not be online all the time and so they will be the gateway
    Hence, Layer 2 solutions, such as the lightening network, will become relevant to use blockchain as an anchor of trust but conduct most of transactions off the blockchain and utilise it only for verification purposes  
  • Limitation in scalability of POW algorithms
    Other algorithms, such as Proof of Stake instead of Proof of Work, help solve the scalability problem indirectly by splitting the validation responsibility to randomly chosen different nodes.
  • Limitation with the storage facility
    The storage available at the edge (devices and gateways) is very small. In the case of decentralised ledgers, there is a need to find an associated storage solution, like cloud storage, to ensure all the records are retained. 
  • Lack of human resources
    IoT and IoT security are areas with serious lack of skills, adding the blockchain will further exacerbate the issue. This serious issue of obtaining resources with the right skills ought to be addressed carefully. 

Despite the nature of issues, IoT will inevitably become more mainstream in the lifestyle of humans, and so the use of the blockchain will certainly drive down the cost of verification, while also make the whole IoT system a lot more secure and efficient.  

 

Podcast
Your browser doesn’t support HTML5 audio

Topic:

Cyber Security

The only proven crime is hack.

Subscribe