Story image

Is blockchain a solution to IoT security problems?

29 Oct 18

Article by TIBCO global chief technology officer Nelson Petracek

The Internet of Things (IoT) has captured businesses and popular imagination over the last few years.

These smart, sensor-laden devices can autonomously exchange data across the internet without human intervention, creating business opportunities and opening new markets.

However, IoT has significant problems.

 It’s ripe for manipulation by criminal elements, who can harness unsecure IoT devices to create massive DDoS attacks, or simply access the data streaming through the IoT network for illicit gain. Put simply, IoT presents a challenge from a security perspective, and without standards, the situation is going to get worse.

In fact, Gartner predicts that by 2020, addressing compromises in IoT security will have increased security costs to 20% of annual security budgets, up from less than one percent in 2015.

Despite the costs, there’s no doubt that business is doubling down on IoT.

Analysts report that there will be more than 55 billion IoT devices by 2025, up from about 9 billion in 2017.

The same report finds that there will be nearly $US15 trillion in aggregate IoT investment between 2017 and 2025, and it also reports that companies’ plans to invest in IoT are accelerating.

Another technology that has recently captured our collective imagination is blockchain, which was built to underpin and authenticate cryptocurrency transactions.

Australia’s CSIRO summarises blockchain as a ‘cryptographically secured, immutable distributed ledger technology.’

Put another way, blockchain is a system of tracking almost anything, from transactions to digital identity to the provenance of goods, in a way that can’t be faked or forged.

Could using blockchain to trace and authenticate IoT data, regardless of what that data is be the answer to the problems plaguing the Internet of Things?

Blockchain broke into the business world with the rise of Bitcoin, but its uses have grown exponentially since then.

Despite this, Gartner’s hype cycle finds that blockchain has moved into the third stage of its lifecycle – the trough of disillusionment.

From here, only the most promising of blockchain technology applications will survive.

Using blockchain to determine provenance

One company that is exploring the use of blockchain with IoT is Sydney-based and China-backed startup Ultimo Digital Technologies (UDT).

The company is headed up by John Baird, a former CSIRO experimental scientist and the chair of the cybersecurity advisory council advising the New South Wales government.

UDT is experimenting with blockchain and IoT to track the integrity of goods such as baby formula and wine, both of which are easily forged and then sold to unsuspecting consumers.

China, in particular, has had massive difficulties with fake baby formula, with one instance of forged formula resulting in deaths and extended illnesses among the babies fed the illegitimate foodstuff. Wine forgery also remains a problem in growth markets like China.

The UDT trials involve using microchip embedded labels, the details of which are stored in the blockchain.

This enables the goods to be tracked from the moment they are produced, through the supply chain and to the point of sale and the final consumer purchase.

By storing the data in a blockchain, the details can’t be forged, ensuring the integrity of the end product.

So where can blockchain and the Internet of Things work together?

It’s worth considering the threats faced by IoT, including unauthorised physical access to the device, as well as software attacks, such as viruses and worms, in addition to the denial of service attacks taking down IoT networks, and the potential for man in the middle attacks, where passwords are guessed using brute force methods.

Blockchain could mitigate these threats by providing a framework for more automated security and attack prevention.

These advances using blockchain include creating a distributed system of record for sharing data across a network of key stakeholders, as well as embedding business terms for automating interactions between nodes in the system.

It also could enable consensus and agreement models for detecting bad actors and mitigating threats.

Using these techniques, a blockchain-enabled IoT deployment could improve security by allowing them to register and verify themselves against the network.

More importantly, because there is no central system to attack with blockchain, threats like denial of service attacks would be deterred by the nature of the system.

Blockchain would enable real-world business benefits, such as allowing data tracking and the creation of an immutable history of why certain decisions were made by an IoT device.

It would also permit secure software updates, as well as payments and micropayments for the completion of an IoT service or product delivery.

One last hurdle

Despite these business benefits, blockchain and IoT are still unlikely bedfellows.

That’s because the current performance and scalability of IoT are incompatible with blockchain functions.

Basically, what’s needed is a new type of blockchain that can support those predicted 55 billion devices.

And that hasn’t happened yet, however, chances are that it will, and soon.

Blockchain represents the best potential answer for solving the problems that ail IoT.

It won’t solve every problem, but there’s a good chance that blockchain will improve IoT and make it fit for purpose – that’s because, like it or not, we’re in the age of IoT now, and it’s only going to grow from here.

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.