The Internet of Things (#IoT) is an ecosystem of ever-increasing complexity; it’s the next wave of innovation that will humanize every object in our life, and it is the next level of automation for every object we use. IoT is bringing more and more things into the digital fold every day, which will likely make IoT a multi-trillion dollar industry in the near future. To understand the scale of interest in the internet of things (IoT) just check how many conferences, articles, and studies conducted about IoT recently, this interest has hit fever pitch point in 2016 as many companies see big opportunity and believe that IoT holds the promise to expand and improve businesses processes and accelerate growth.
However, the rapid evolution of the IoT market has caused an explosion in the number and variety of IoT solutions, which created real challenges as the industry evolves, mainly, the urgent need for a secure IoT model to perform common tasks such as sensing, processing, storage, and communicating. Developing that model will never be an easy task by any stretch of the imagination, there are many hurdles and challenges facing a real secure IoT model.
There are many views of IoT, from “system view” which divided IoT into blocks namely; Things, Gateways, Network Services, and Cloud Services, to “business view” of IoT consists of; Platform, Connectivity, Business Model and Applications. Regardless of the how we describe IoT, there is one common thread among all views which is “security is paramount”.
Prime example of how urgent is the need for security is the massive distributed denial of service attack (#DDoS) that crippled the servers of popular services like Twitter, Netflix, and PayPal across the U.S. on October 21st, 2016. It’s the result of a massive assault that involved millions of internet addresses and malicious software. One source of the traffic for the attacks was IoT devices infected by the Mirai malware which is a simple program available online. The attack comes amid heightened cybersecurity fears and a rising number of internet security breaches. In this attack, countless Internet of Things (IoT) devices that power everyday technology like closed-circuit cameras and smart-home devices were hijacked by the malware and used against the servers.
The biggest challenge facing IoT security is coming from the very architecture of the current IoT ecosystem; it’s all based on a centralized model known as the server/client model. All devices are identified, authenticated and connected through cloud servers that support huge processing and storage capacities. The connection between devices will have to go through the cloud, even if they happen to be a few feet apart. While this model has connected computing devices for decades and will continue to support today IoT networks, it will not be able to respond to the growing needs of the huge IoT ecosystems of tomorrow.
Cost is another big barrier, especially for the use of such centralized model in scaling up existing IoT solutions. There is a high infrastructure and maintenance cost associated with centralized clouds, large server farms, and networking equipment. The sheer amount of communications that will have to be handled when IoT devices grow to the tens of billions will increase those costs substantially. Even if the extraordinary economic and manufacturing challenges are overcome, each block of the IoT architecture will remain as a bottleneck and point of failure that can disrupt the entire network.
Other issues with the current centralized IoT model are; limited guidance for life cycle maintenance and management of IoT devices, moreover, IoT privacy concerns are complex and not always readily evident. Also, the uses of Internet of Things technology are expanding and changing—often in uncharted waters. In addition to the above list, new security technologies will be required to protect IoT devices and platforms from physical tampering as well, and to address new challenges such as impersonating "things" or denial-of-sleep attacks that drain batteries for example. Another challenging issue facing the development of IoT new security technologies is the fact that many "things" use simple processors and operating systems that may not support sophisticated security approaches.
#Blockchain is a database that maintains a continuously growing set of data records. It is distributed in nature, meaning that there is no master computer holding the entire chain. Rather, the participating nodes have a copy of the chain. It’s also ever-growing — data records are only added to the chain.
When someone wants to add a transaction to the chain, all the participants in the network will validate it. They do this by applying an algorithm to the transaction to verify its validity. What exactly is understood by “valid” is defined by the Blockchain system and can differ between systems. Then it is up to a majority of the participants to agree that the transaction is valid.
A set of approved transactions is then bundled in a block, which gets sent to all the nodes in the network. They, in turn, validate the new block. Each successive block contains a hash, which is a unique fingerprint, of the previous block.
Figure 1: Advantages of Blockchain Technology
The big advantage of Blockchain it’s public. Everyone participating can see the blocks and the transactions stored in them. This doesn’t mean everyone can see the actual content of your transaction, however; that’s protected by your private key.
A Blockchain is decentralized, so there is no single authority that can approve the transactions or set specific rules to have transactions accepted. That means there’s a huge amount of trust involved since all the participants in the network have to reach a consensus to accept transactions.
Most importantly, it’s secure. The database can only be extended and previous records cannot be changed (at least, there’s a very high cost if someone wants to alter previous records).
Figure 2: Key Benefits of Using Blockchain for IoT
Many experts believe that Blockchain technology is the missing link to settle security, privacy and reliability concerns in the Internet of Things and could perhaps be the silver bullet needed by the IoT industry. It can be used in tracking billions of connected devices, enable the processing of transactions and coordination between devices; allows for significant savings to IoT industry manufacturers. This decentralized approach would eliminate single points of failure, creating a more resilient ecosystem for devices to run on. The #cryptographic algorithms used by Blockchains would make consumer data more private.
The ledger used in Blockchain is tamper-proof and cannot be manipulated by malicious actors because it doesn’t exist in any single location, and man-in-the-middle attacks cannot be staged because there is any single thread of communication that can be intercepted. Blockchain makes trustless, peer-to-peer messaging possible and has already proven its worth in the world of financial services through cryptocurrencies such as Bitcoin, providing guaranteed peer-to-peer payment services without the need for third-party brokers, disrupting what we call FinTech.
The decentralized, autonomous, and trust-less capabilities of the Blockchain make it an ideal component to become a foundational element of IoT solutions. It is not a surprise that enterprise IoT technologies have quickly become one of the early adopters of Blockchain technology.
Blockchain can keep an indisputable record of the history of IoT smart devices. This feature enables the autonomous functioning of smart devices without the need for centralized authority. As a result, the Blockchain opens the door to a series of IoT scenarios that were remarkably difficult, or even impossible to implement without it.
For example, by leveraging the Blockchain, IoT solutions can enable secure messaging between devices in an IoT network. In this model, the Blockchain will treat message exchanges between devices similar to financial transactions in a bitcoin network. To enable message exchanges, devices will leverage smart contracts which then model the agreement between the two parties.
One of the most exciting capabilities of the Blockchain is the ability to maintain a duly decentralized, trusted ledger of all transactions occurring in a network. This capability is essential to enable the many compliance and regulatory requirements of industrial IoT (#IIoT) applications for example without the need to rely on a centralized model.
In summary, key benefits of using Blockchain technology in securing IoT can be abridged in three points: build trust, reduce costs and accelerate transactions.
In spite of all its benefits, the Blockchain model is not without its flaws and shortcomings:
· Scalability issues; relating to the size of Blockchain ledger that might lead to centralization as it's grown over time and required some kind of record management which is casting a shadow over the future of the Blockchain technology.
· Processing power and time; required to perform encryption algorithms for all the objects involved in Blockchain -based IoT ecosystem given the fact that IoT ecosystems are very diverse and comprised of devices that have very different computing capabilities, and not all of them will be capable of running the same encryption algorithms at the desired speed.
· Storage will be a hurdle; Blockchain eliminates the need for a central server to store transactions and device IDs, but the ledger has to be stored on the nodes themselves, and the ledger will increase in size as time passes. That is beyond the capabilities of a wide range of smart devices such as sensors, which have very low storage capacity.
· Lack of skills; few people understand how Blockchain technology really works and when you add IoT to the mix that number will shrink drastically, creating a challenging task in hiring the required teams to administrate and run Blockchain projects.
· Legal and compliance issues: It’s a new territory in all aspects without any legal or compliance precedents to follow, which poses a serious problem for IoT manufacturers and services providers. This challenge alone will scare off many businesses from using Blockchain technology.
Developing a secure model for the Internet of Things requires unprecedented collaboration, coordination, and connectivity for each piece of IoT ecosystem. All devices must work together, be integrated with all other devices; all devices must communicate and interact seamlessly with connected systems and infrastructures. Creating such a model is possible, but it can be expensive, time-consuming, and difficult.
In order for us to achieve that optimal secure model of IoT, security needs to be built-in as the foundation of IoT ecosystem, with rigorous validity checks, authentication, data verification, and all the data needs to be encrypted at all levels. For example at the application level, software development organizations need to be better at writing code that is stable, resilient and trustworthy, with superior code development standards, training, and threat analysis and testing,
Without a solid bottom-top structure we will create more threats with every device added to the IoT. What we need is a secure and safe IoT with privacy protected. That’s a tough trade-off but not impossible and Blockchain technology is an attractive option if we can overcome its drawbacks.
A version of this article first appeared on MIT Technology Review : A Secure Model of IoT with Blockchain.
Ahmed Banafa is an expert in new tech with appearances on ABC, NBC , CBS, FOX TV and radio stations. He served as a professor, academic advisor and coordinator at well-known American universities and colleges. His researches are featured on Forbes, MIT Technology Review, ComputerWorld and Techonomy. He published over 100 articles about the internet of things, blockchain, artificial intelligence, cloud computing and big data. His research papers are used in many patents, numerous thesis and conferences. He is also a guest speaker at international technology conferences. He is the recipient of several awards, including Distinguished Tenured Staff Award, Instructor of the year and Certificate of Honor from the City and County of San Francisco. Ahmed studied cyber security at Harvard University. He is the author of the book: Secure and Smart Internet of Things Using Blockchain and AI.