How to secure the IoT (Internet of things) with Blockchain?

I'm going to talk about how to secure the IoT  (Internet of things)  with blockchain . As we all know, the size of the IoT market worl...

I'm going to talk about how to secure the IoT (Internet of things) with blockchain. As we all know, the size of the IoT market worldwide has been increasing significantly over the past years. According to the projections by Statista, the number of connected devices will reach 75.44 billion by 2025. This means we will have a huge number of IoT devices connected to the Internet and affecting our lives. As a data-driven system, IoT is all about making business decisions based on the data collected by smart devices. We will have a bunch of smart devices that will be responsible for collecting data. They will be attached to physical assets and collect data. Those data will be transferred to backend systems for further storage and processing. And later on, those data after being further processed will be visualized and shown to business owners and/or customers. 

How to secure the IoT (Internet of things) with Blockchain?

Based on this data, customers can make decisions for whatever things they want to do. In practice, IoT systems are being realized using a Cloud-centric approach, which means we have different types of IoT devices - some of them are way smaller like sensors, actuators, etc. which will talk to the IoT gateway first. And then the IoT gateway will send the data to the Cloud. For the IP-capable IoT devices, they can directly talk to the Cloud backend so all those data will first go to a connectivity gateway on the IoT Cloud and the Cloud service will host a bunch of different types of services to support IoT applications, such as user management, device management, storage management, digital twins, etc. Based on those services, you can build different IoT applications and provide insights for your users. So users can access and visualize those data using different types of devices like laptops, phones, and tablets.

There are many popular IoT Cloud platforms on the market - Google, Amazon, Microsoft Azure, etc. Those Cloud services provide the Cloud management IoT components that will facilitate the development of IoT solutions. As we can see, IoT systems are quite complex so the data will go through different types of entities along the way, which makes securing IoT applications particularly challenging. We need to consider the security across different stages; for example, we need to consider secure hardware which will run secure OS by loading a trusted firmware into your smart devices which will be able to establish a secure communication channel with the Cloud backend. On the Cloud side, you need to host several security-related services to ensure confidentiality, data integrity, and availability based on those security services. Data is super important in IoT systems. To ensure data's trustworthiness, We need to consider security throughout the data life cycle of the Internet of Trusted Things, which includes data collection, data-in-transit, data-at-rest, data processing, as well as data retention. So we need to ensure that security has been properly implemented across the entire data lifecycle.

How can we use blockchain to realize this end-to-end security for the Internet of Trusted Things? 

Before we talk about that in more detail, let's look at what is blockchain. According to the definition from NIST, blockchains are tamper-evident and tamper-resistant digital ledgers which are implemented in a distributed fashion, which means there are no centralized authorities that control the platform. As you can see in the picture here, a blockchain is a chain of blocks and each block contains several transactions, which record the status of certain events. 

Blockchain has two major categories -

• Permissions and
• Permissionless blockchains. 

For the permissionless blockchains, which means everyone can join the network and can read the ledger data and validate transactions. So this type of blockchain is very open and the ledger replicates a high degree of trust for a permissionless setting. Permissioned blockchains, on the other side, are formed by a set of known transacting parties. All transactions will be validated and controlled by a selected set of nodes. So this type of blockchain is mainly for enterprise use cases and permissioned ledgers will replicate a high degree of transparency and accountability. Blockchain provides several salient properties. 

• The first one is decentralization, which means blockchain is run by a committee of nodes in a peer-to-peer manner. 

• The second one is immutability - blockchain uses cryptographic hash functions to link all of the blocks together to ensure data is immutable. 

• The third one is transparency - blockchain provides a fully auditable and valid ledger of transactions that can be shared in the entire network in a permissionless blockchain setting or shared by a set of nodes in a permission setting. 

• The fourth one is security and resilience- each blockchain node or entity is associated with a pair of private/public keys. Each transaction, you need to sign the transaction to put it into the blockchain. So only you or your device, which holds the private key, will allow the transfer of ownership of digital assets. 

• The last one is automation - blockchain enables users to build streamlined applications to deal with complex business processes that involve multiple intermediaries using a more powerful concept called "smart contracts". A smart contract is a piece of code stored on a blockchain that enables automation of complex business logic. 

How to secure the IoT (Internet of things) with Blockchain?

Blockchain already provides this number of salient properties - what are the implications of these properties for securing IoT applications? 

• The first one is decentralization, which means if you use blockchain in your system you can remove the single point of failure efficiently. Blockchain is run by several nodes ina peer-to-peer mode, which means there is no single point of failure in the blockchain systems. 

• The second one, immutability, which will ensure data integrity in your system. 

• The third one is transparency - using this property, you can track the status of your connected devices as well as the associated physical assets. 

• The fourth one is security and resilience, which will enable you to authenticate users and devices efficiently. Each user and device in the blockchain ecosystem is associated with a pair of keys. You can use public-key cryptography to quickly authenticate users and devices in your IoT system. 

• The last one is the smart contract - using blockchain technology you can use smart contracts to build trust among the different IoT processes and eventually eliminate trusted intermediaries and reduce system costs. You can see from the right figure, with blockchain technology and smart contracts you can build trusted IoT systems to power a wide range of IoT applications across different industry sectors.

How to integrate the blockchain into your IoT systems? 

The first layer is the asset layer, which means you attach your device to any physical assets which will send data about the status of your physical asset to a Cloud backend which will be the second layer. The Cloud backend will host all of the essential security services and other services to manage your IoT solutions. The third layer will be the blockchain layer, so the blockchain layer will store asset-related entries that are related to your different types of applications. We can see we have a hybrid architecture mixed with Cloud and blockchain which combine to form a very powerful backend to support your IoT applications. So when you integrate the blockchain into the IoT ecosystems, you can have multiple integration patterns that have been further investigated by the IIC. 

So we have defined these integration patterns which already cover a wide range of IoT applications and use cases. 

• The first one is from the asset to IoT Cloud to blockchain, which are very popular and typical integration patterns for enterprise and industrial IoT applications. 

• The second one is more focused on the low-power IoT devices, which need an IoT gateway or fog node to reach the backend. 

• There are certain integration patterns that more aim to target more futuristic computing paradigms such as edge and fog computing. This one does not use Cloud as one of the components, which means you will be more focused on the edge and fog computation in this case. 

• So the last one will directly go from your smart device to the blockchain, which is for completely decentralized applications focused on machine-to-machine communications. 

So now that we understand the basic integration patterns for the blockchain and IoT, I would like to provide a case study and share our experience on how we use blockchain to enhance the security of your IoT systems. So for today's talk, I'm going to focus on a more concrete example about home Internet Protocol (IP) camera systems. 

How to secure the IoT (Internet of things) with Blockchain?

Can we enhance the security of home IP camera systems using blockchain? 

When you combine these two concepts, can we get some new and very innovative ideas and build really useful systems? I believe many people here use IP cameras to monitor different types of events, to detect motions, and to observe interesting things. However, most of the existing home IP camera systems have been designed poorly. You already see much news in the media which report different types of attacks and hacks that have happened in the home IP camera domain. All kinds of malicious things - to monitor your kids, to steal your credentials, etc. When we further analyze these cybersecurity attacks against home IP camera systems, we can see there are many security concerns we need to consider when we design these types of systems. 

Firstly, home IP camera systems use the traditional username and password-based login solutions. Users in this case often use very poor passwords without multi-factor authentication enabled in the system, which leads to many significant attacks - the so-called "credential stuffing" attacks. So in this type of attack, hackers will use a leaked password to try to access your home IP camera systems.

Another security concern is about database breaches, which will lead to password leakage as well as ownership compromise. 

The third one is insecure device binding, which will enable an attacker to also take over the camera ownership. 

Last but not least is the data integrity for your local and Cloud storage - this is also another concern. Users want to protect the integrity of their data whenever they store data locally in the SD card of a home IP camera or store data remotely in Cloud storage. So they don't want any misbehaviors to happen, which will insert, delete, or modify the video clips collected by the camera. 

How to secure the IoT (Internet of things) with Blockchain?

How can we use blockchain to solve all of these security challenges? 

• The first idea is can we replace the traditional username and password-based login with a password-less solution. The answer is yes! The idea is that we can use a blockchain wallet which is automatically generated on your mobile app. Each blockchain wallet is associated witha pair of keys - the private key will be securely stored on the mobile phone inside the secure enclave. So the blockchain address will be passed to the IoT Cloud for user account registration and each user account, in this case, will contain a blockchain address and a random challenge. So the mobile app each time will start a random challenge to complete the login after the user's confirmation and the Java web token will be issued to the user to access Cloud storage or other Cloud services. After each successful login attempt, the random challenge will also be updated. In this way, a user does not need to remember their password as the blockchain wallet will manage the user's private key more securely. We can completely remove the username-password and similar types of login systems and facilitate users to just use one-click login using blockchain technology. This is the first idea of how we can address traditional login solutions. 

• The second one is how we can further secure the ownership of the camera. The idea, in this case, is that we will borrow the Resurrecting Duckling Security Model. From the figure, we model how baby ducklings will recognize their mother. So basically we treat the box as an egg and once you open your camera for the first time, it will look for a blockchain address and recognize it as their owner. The camera will associate its blockchain address with its owners and invoke a smart contract on the blockchain which will manage the ownership. Each device reset will restart the device binding process and the blockchain will serve as the ground truth regarding device ownership. In this case, we can see we can protect device ownership using blockchain technology instead of a centralized server, which enhances the security of the system and protects against hackers taking over the camera ownership. 

• The third idea is how we can use blockchain-based technology to ensure data integrity. The user can enable a data integrity feature on the mobile app and specify the period in days for checkpoint commitments. And then the camera can build a Merkle tree dynamically for all the video clips they collected. In the third step, the camera will invoke the checkpoint management smart contract for integrity checkpoint commitments. The user can verify the data integrity of the video clips retrieved from the SD card or their remote storage with the Merkle root. When the user retrieves the data from the local SD card or the remote Cloud storage, they can easily verify whether the data has been manipulated or not. In this idea, the blockchain provides a data integrity layer along with your Cloud application. 

So these are three ideas you can use the blockchain to protect your IP camera systems. I would like to highlight the design methodology here. In-home IP camera systems, we replace the traditional username and password-based login with a password-less login using a blockchain wallet. We further enhanced the security of device ownership using a smart contract on the blockchain. And data integrity of the local and Cloud storage is ensured by retrieving the Merkle root from the blockchain. We already use the blockchain for three purposes in this particular IoT application. For other applications, you can use blockchain in other fashions. 

If this article helps you to learn something, then please comment down below and follow us for more updates. Thank you!