Blockchain-based IoT Security Solution – A novel approach

As we edge closer to Industry 4.0, we will see a multitude of organisations –private enterprises or public sector services – leverage on new technologies to raise their efficiency for tomorrow’s economy. One of the technologies that is transforming the business landscape is the Internet of Things (IOT), especially as it is projected that there will be over 50 billion internet-connected things over the next decade. 

In the IoT systems of today, the aggregated data is mostly maintained in central servers. This implies devices can only access this data through a centralised network, but we look towards the large number of devices and expansion of IoT ecosystem, hence it won’t be an effective approach. On top of that, the reliance on these new systems will inevitably leave them prone to attack, as Gartner shows that by next year alone, more than 25 percent of identified attacks will happen within the IoT ambit. However, budget allocations for IoT security remain insignificant. Blockchain is touted to be a General-Purpose Technology (GPT) that will have a profound positive impact on humankind. This is one of the important means to solve the issue of IoT security.  

Here, we will deliberate how a more decentralised blockchain-based solution can be adduced to address the issue of IoT security – namely by way of a credibility verification solution, which allows for more efficient and effective peer to peer messaging and communication between different IoT devices. 

Outline of vision

In a Network of Plentiful Things (aka the Internet of Things on a much larger scale), this verification structure can validate the authenticity of the device that is transmitting the flow of data. With the continuous proliferation of IoT, security privacy and credibility are attracting continuous attention, so establishing an affordable, practical and resilient credibility verification mechanism is the requirement that is being addressed here. Leveraging this solution like this may provide a permanent, efficient and affordable solution for ensuring privacy and security of IoT solutions.  

A blockchain-based credibility verification solution for IoT security will have the following benefits: 

  • Robust, highly reliable, tamper-proof data that is an accurate representation of historical transactions performed on different devices
  • Elimination of single centralized control authority that will require heavy capital expenditure on building huge internet infrastructure
  • Improved privacy and trust on the IoT data

Details of the solution

The technology solution for blockchain-based credibility verification comprises three main parts:

  1. Credibility verification framework

The devices used in IoT have a very small resource footprint and are closely managed by device gateways.  Device gateways – in addition to managing the end devices in the IoT chain – will also store the information of the corresponding devices connected to them (including their identity and the public keys) in the blockchain-based distributed ledger. The distributed ledger is now responsible for credibility verification and the credibility information can be stored locally on the device gateways or a separate storage in the cloud.   

  • Unique device identification and private key

The device gateway will have the device identity, the gateway identity and the public keys of all the devices the gateway is managing. The gateway will also contain the private key for itself and the block head and the cryptographic hash, which is considered as the ‘Proof of Work’ (POW) for each block.

  • Credibility verification process

The primary objective of this process is to prevent any device spoofing (ensuring that the device that is being communicated with is a legitimate device). So, the device will have to perform three specific activities: 

  • the device, when it joins the network, must share its certificate to confirm that it belongs to the network; 
  • when the device is accessed by the gateway, it must confirm that the device is the original one; 
  • the data sent by the device must be proven that it is the original data. 
  • Trustworthiness in the blockchain used

The previous three mechanisms used to verify the devices’ identity and ensuring IoT security will only work if the blockchain is trustworthy, that the last mile problem is addressed and the devices that come into the network are genuine devices. Operationally, this credibility verification method is a little more complex compared to the centralised verification concept that is currently in trend, but this will ensure higher levels of IoT security and will protect the entire Network of Plentiful Things.   

Market landscape of the solution

Who are the customers for this solution?

Communication service providers, enterprises, and system Integrators – namely those who are primarily focused towards building and implementing and hosting end-to-end IoT solutions for their customers (who could be businesses or end customers) – would be this solution’s the target customers. The customers could also be large enterprises who are looking to build their own IoT solutions and would like to invest in the infrastructure for the same.   

The last mile hurdles

The last mile is crucial to this solution due to the involvement of physical devices. Once the device comes into the blockchain, it is deemed to be safe and immutable. Yet, how do we ensure that spurious devices do not make their way into the IoT system; there must be proper identification and certification mechanisms for the devices that are being accepted into the IoT ecosystem and the organisations must ensure the same. 

It is of paramount importance to have devices properly certified and the right configuration loaded on the devices prior to them entering the production environment. Hence, organisations must employ the utmost care to build standard operating procedures (SOPs) to onboard new devices into the IoT ecosystem so that all aspects are taken care of. 

Caveats to keep in mind

Blockchain is a very relevant technology for IoT applications, however, the following issues need to be considered for this approach to be widely used:

  • Many devices may not be online all the time and so they will be the gateway

Hence, Layer 2 solutions such as the lightening network will become relevant to use the blockchain as an anchor of trust but conduct most of transactions off the blockchain and utilise it only for verification purposes  

  • Limitation in scalability of POW algorithms

Using other algorithms such as Proof of Stake instead of Proof of Work help solves the scalability problem indirectly by splitting the validation responsibility to different nodes that are chosen randomly

  • Limitation with the storage facility

The storage available at the edge (devices and gateways) is very small. In the case of decentralised ledgers, there is a need to find an associated storage solution such as cloud storage to ensure all the records are retained. 

  • Lack of human resources

IoT and IoT security are areas where there is a serious lack of skills, adding the blockchain will further exacerbate the issue. Obtaining resources with right skills is an issue that must be taken seriously and addressed very carefully.  

Despite the nature of the issues, IoT will inevitably become more mainstream in the lifestyle of humans, and so the use of the blockchain will certainly drive down the cost of verification, while also make the whole IoT system a lot more secure and efficient.  

Print Friendly, PDF & Email
Srinivas Bhattiprolu
CCSP, CISM- Senior Director, Solutions for Asia Pacific and Japan, Nokia Software
Rusdi Rachim
CISSP-ISSAP, ISSMP, CISA, CISM, CRISC, CGEIT- Leader-Information Security in Telco industry

One thought on “Blockchain-based IoT Security Solution – A novel approach

  • December 11, 2019 at 2:13 am
    Permalink

    A very interesting and insightful article.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *