Blockchain Technology for Secure IoT

Dr. Alex Norta, Dymaxion OÜ, Tallinn University

1

The professional home for the engineering and technology community worldwide

Agenda

• My quick introduction
• Motivation: Rise of the Machine-to-Everything (M2X) Economy
• Understanding IoT, blockchain and security
• The relationship between IoT, data, blockchain and security
• Application cases
• Most recent research results
• Conclusions
• open issues, limitations and future work

​

2

The professional home for the engineering and technology community worldwide

My quick introduction

​

​

https://www.researchgate.net/lab/Blockchain-Technology-Group-Alex-Norta

​

3

The professional home for the engineering and technology community worldwide

Motivation: Rise of the M2X Economy

• My quick introduction
• ​

​

4

The professional home for the engineering and technology community worldwide

Understanding IoT, Blockchain & Security:

• IoT build a bridge between the digital and physical worlds
• without human intervention
• IoT functionality
• (smart) sensor-laden devices
• autonomously exchange data across the internet
• receiving and transmitting the data to different devices
• allows more than one device to be connected with each other
• create real-time linkage
• Creation of business opportunities and opening of new markets
• now 55 billion IoT devices by 2025 up from about 9 billion in 2017
• nearly $US15 trillion in aggregate IoT-investment between 2017 and 2025
• potential to improve our lives, e.g., monitoring health patients, energy-use optimization, etc.

​

IoT - Internet of Things

5

The professional home for the engineering and technology community worldwide

Understanding IoT, Blockchain & Security:

• Significant problems of IoT
• billions of transactions per device (latency)
• lacking standards
• low computing power and data storage
• network connectivity
• Security- and privacy problems, examples:
• Amazon's Alexa spying on conversations
• hackable heart pacemaker
• hacked security cameras
• hacked baby monitor
• two-thirds of consumers think IoT devices are 'creepy'

IoT - Internet of Things

6

The professional home for the engineering and technology community worldwide

Understanding IoT, Blockchain & Security:

• Currently a centralized model for IoT-systems
• connects only to identified- and verified devices through cloud services that have high data-storage capabilities
• high maintenance costs
• extra infrastructure added with best IoT-solutions
• if a number of IoT-devices is interconnected at a time
• number of communication increases
• economic scalability-engineering issues
• if these issues go beyond a limit, disruption of cloud services occur leading to security issues
• Solution lies in a decentralized network!

IoT - Internet of Things

7

The professional home for the engineering and technology community worldwide

Understanding IoT, Blockchain & Security:

• Blockchain built to underpin and authenticate cryptocurrency transactions
• Accepted by many businesses, researchers, and customers for its underlying framework in crypto assets
• popularity of Blockchain to increase up to 20 billion $ by 2024
• 15% of banks will soon adopt Blockchain to overcome security issues
• EU blockchain initiatives
• Blockchain is a ‘cryptographically secured, immutable distributed ledger technology.’
• encryption and cryptography are the very essences of blockchain technology
• strong public/private-key cryptograph
• strong cryptographic hash

Blockchain

8

The professional home for the engineering and technology community worldwide

Understanding IoT, Blockchain & Security:

• Whitepaper of Satoshi Nakamoto

Blockchain

9

The professional home for the engineering and technology community worldwide

Understanding IoT, Blockchain & Security:

• Whitepaper of Satoshi Nakamoto

Blockchain

10

The professional home for the engineering and technology community worldwide

Understanding IoT, Blockchain & Security:

• Decentralized approach
• does not require a third-party presence
• blocks are the key concept of blockchain technology
• small sets of occurred transactions
• each new block stores a reference of the previous transaction by including a SHA-256 hash of the previous transaction
• creates a ‘chain‘ of blocks
• blocks are computationally difficult to create
• generation requires mining (time/resource consuming)
• to tamper one block: tamper previous block, follow the chain
• tamper resistant blockchain

Blockchain

11

The professional home for the engineering and technology community worldwide

Understanding IoT, Blockchain & Security:

• Nodes in the blockchain verify themselves at every entry
• creates a genuine entry
• information once entered in blocks cannot be changed
• cryptographic algorithms for validation:
• proof of work, proof of stake, and many more by now
• Adding a transaction
• everyone in the network validates through an algorithm
• takes a lot of processing time to create even a single block
• information is linked as chains with reference to previously added data in blocks
• approved transactions are gathered into a block
• blocks are distributed to each node in the network
• new block and successive blocks are validated with a single fingerprint corresponding to the previous block

Blockchain

12

The professional home for the engineering and technology community worldwide

Understanding IoT, Blockchain & Security:

• Participating nodes can see the blocks (pseudonymous)
• can not see the actual content of the transaction
• protected by private keys
• Each block contains the cryptographic hash of previous block timestamp and transaction data
• Blockchain records all the entries in different blocks across the chain
• Replicates copies of the ledger across a network of independent nodes
• blockchain is carrying the useful information needed by more than one source
• data is scattered all along the chain
• Smart contracts
• Turing-complete language in �protocol layer on blockchain
• potentially solves issues of scalability,
• reliability, privacy, security, trust, authentication

Blockchain

13

The professional home for the engineering and technology community worldwide

Understanding IoT, Blockchain & Security:

• Ethereum whitepaper

Blockchain

14

The professional home for the engineering and technology community worldwide

Understanding IoT, Blockchain & Security:

• Public smart-contract systems (Ethereum)
• allow any person, or system to
• access and view the ledger, propose adding new data blocks to the ledger
• validate transactions by following established protocols
• operate without any central authority
• parties having little-, or no knowledge of each other
• Permissioned/private smart-contract systems (Hyperledger)
• limit access to the ledger to certain known-, or trusted parties (verified identities)
• governance structure and authority to
• control access to the ledger
• governance structure and authority to
• control access to the ledger, apply and enforce rules
• establish functions and the related code
• respond to incidents, including cyber threats

Blockchain

15

The professional home for the engineering and technology community worldwide

Understanding IoT, Blockchain & Security:

• A small breach in the security system can allow hackers to access a whole lot of information
• If data is stored in one location, it is easy for hackers to target

Security

16

The professional home for the engineering and technology community worldwide

Relating IoT, Blockchain & Security:

• IoT-security
• increase of security costs to 20% annually by 2020
• from 1% in 2015
• IoT-bottlenecks and technical deficiencies
• device autonomy
• must be integrated in a heterogeneous IoT-system
• virtual identity
• creates trust issues and authentication issues
• point-to-point communication
• complex to coordinate and can easily be attacked
• data integrity
• potentially easy to compromise data

Security & IOT

17

The professional home for the engineering and technology community worldwide

Relating IoT, Blockchain & Security:

• Security threats for IoT
• unauthorized physical device access
• software attacks
• viruses and worms, DoS attacks, man-in-the-middle attack (password)
• harness unsecure IoT-devices to create massive DDoS attack
• access the data streaming through an IoT-network
• impersonation, device spoofing
• Today, solutions often revolve around identity management & encryption
• IoT-data protection needed throughout the device lifecycle
• Blockchain could mitigate providing a framework, automated security and attack prevention

Security & IOT

18

The professional home for the engineering and technology community worldwide

Relating IoT, Blockchain & Security:

• Blockchain is a fully decentralized system
• Centralization architecture of IoT is a single point of failure
• Secure infrastructure is far from the centralized model
• Every centralized network is potentially insecure
• user’s- and device’s identity always have to be private
• all data must remain
• fully private
• confidential
• have integrity
• be available
• Blockchains potentially solve these generic issues of centralized IoT-architectures

Security & Blockchain

19

The professional home for the engineering and technology community worldwide

Relating IoT, Blockchain & Security:

• Blockchain complements IoT
• creating an internet of trusted things (IoTT)
• blockchain to trace and authenticate IoT-data
• storing the IoT-data on a blockchain
• Every IoT-node
• can be registered on a blockchain with an ID
• uniquely identify a device in a universal namespace
• for a device to connect another device, use the blockchain ID as URL
• use IoT-device’s local blockchain wallet to raise an identity request
• send to the target device
• target device uses blockchain services to validate the signature using the public key of the sender
• Yields M2M authentication without the need of any centralized arbitrator, or service

Blockchain & IoT

20

The professional home for the engineering and technology community worldwide

Relating IoT, Blockchain & Security:

• Blockchains promise standardization across different parts of IoT
• tracking millions of connected devices
• lifecycle tracking of IoT-devices: list a history of connected equipment
• coordination between devices
• Decentralized IoT-systems with trust
• nodes reach a consensus to approve transactions
• Blockchains coordinate the transactional layer of an IoT-ecosystem
• Potentially solving the problems in IoT-security
• scalability
• privacy and confidence

Blockchain & IoT

21

The professional home for the engineering and technology community worldwide

Relating IoT, Blockchain & Security:

• Blockchains problems for IoT-system use
• amount of data processed by IoT-systems is enormous
• latency due to blockchain
• ledger replication introduces latency
• acquiring a block may consume extra time
• not acceptable in a near-time and real-time service situation
• blockchain is not best suited for recording raw data at the source
• blockchain scalability
• ledger-size may lead to centralization
• IoT processing power- and time hurdle, and storage issues
• perform encryption algorithms for all the objects involved
• devices may have very different computing capabilities and run heterogeneous systems
• not all of them will be capable of running the same systems
• very low storage capacity of most IoT-devices to store many blocks

Blockchain & IoT

22

The professional home for the engineering and technology community worldwide

Relating IoT, Blockchain & Security:

• Each CRUD (Create, Read, Update, or Delete) operation on IoT-data can be registered as a transaction record on a blockchain block
• Blockchain identity
• control access management
• monitor the information collected by the sensors
• greater transparency and potential convenience
• store data in chains of transactions
• prevents data modification when verified by authentication system
• disallowing data duplication by any wrong data
• no third party for data transfer between IoT-devices

Blockchain & IoT & Data

23

The professional home for the engineering and technology community worldwide

Relating IoT, Blockchain & Security:

• Blockchains potentially enable a resilient IoT-ecosystem
• adopting a standardized, point-to-point communication model
• reduce installation and maintenance costs in Big Data centers
• reduce storage of IoT-devices
• preventing errors in nodes due to a collapse, or attack
• blockchains replicate and restore
• blockchains record transactions, or digital interactions securely
• each block registers the operations
• with a timestamp
• verifies that they are in the correct sequence
• without manipulations
• safe, auditable, transparent, potentially efficient, interruption-resistant
• No data leaks as in centralized IoT-systems

Blockchain & IoT & Data

24

The professional home for the engineering and technology community worldwide

Relating IoT, Blockchain & Security:

• Multi-Factor Challenge-Set Self-Sovereign Identity Authentication (MFSSIA)

Blockchain & IoT & Data

25

The professional home for the engineering and technology community worldwide

Relating IoT, Blockchain & Security:

• Multi-Factor Challenge-Set Self-Sovereign Identity Authentication (MFSSIA)

Blockchain & IoT & Data

26

Inspired by: Leiding B, Cap CH, Mundt T, Rashidibajgan S. Authcoin: validation and authentication in decentralized networks. arXiv preprint arXiv:1609.04955. 2016 Sep 16.

The professional home for the engineering and technology community worldwide

Other Blockchain Usecases

• Blockchains to secure IoT-systems to determine product provenance
• easily forged products sold to unsuspecting consumers
• track the integrity of a food, e.g., baby formula, wine
• Microchip-embedded labels & stored on blockchains
• product-tracking lifecycle
• starts from the moment of production
• throughout the entire supply chain
• at the point of sale
• during the final consumer purchase
• by storing the data in a blockchain
• product details can not be forged
• ensures the integrity of the end-product
• https://openledger.info/insights/blockchain-iot-use-cases/

27

The professional home for the engineering and technology community worldwide

Application Cases: Blockchain in e-Healthcare

• https://www.ijecer.org/ijecer/article/view/302

28

The professional home for the engineering and technology community worldwide

Application Cases: Counterfeit Prevention

• https://www.zdnet.com/article/ip-australia-and-nrl-trial-blockchain-to-combat-counterfeits/

29

The professional home for the engineering and technology community worldwide

Application Cases: Facility Management

• https://medium.com/coinmonks/blockchain-in-facilities-management-refocusing-on-the-office-experience-7e9efbe9ab29

Commercial Real Estate

30

The professional home for the engineering and technology community worldwide

Application Cases: Energy Management

• https://www.sciencedirect.com/science/article/pii/S1364032118307184

31

The professional home for the engineering and technology community worldwide

Latest Research Results

• https://www.mdpi.com/2079-9292/12/12/2564

32

The professional home for the engineering and technology community worldwide

Latest Research Results

• https://www.mdpi.com/2079-9292/12/5/1233

33

The professional home for the engineering and technology community worldwide

Latest Research Results

• https://www.mdpi.com/2079-9292/12/5/1233

34

The professional home for the engineering and technology community worldwide

Latest Research Results

• https://www.mdpi.com/2077-0472/13/2/274

35

The professional home for the engineering and technology community worldwide

Conclusions

• IoT-systems with centralized architecture are a single point of failure
• Conceptual security properties exist:
• confidentiality, integrity, availability + (privacy, authentication, non-repudiation)
• Blockchain-technology for framework securing IoT-systems for large-data management
• Limitations, open issues and future work
• the current performance and scalability of IoT are incompatible with blockchain functions
• new type of blockchain needed for predicted 55 billion connected IoT-devices
• novel consensus- and validation algorithms needed for IoT peer-to-peer communications
• IoT-platforms are a massive source of raw data
• need to
• combine and understand unstructured data
• extract intelligence, advanced analytics
• extract actionable intelligence for decision-making

​

36

The professional home for the engineering and technology community worldwide