Blockchain: The ultimate game-changer for IoT security?

    Blockchain: The ultimate game-changer for IoT security?

    Tech giants and start-ups create IoT Blockchain consortium
    Blockchain: The ultimate game-changer for IoT security?

    The Internet of Things (IoT) has a problem: security. Is Blockchain the answer to all its woes?

    IoT has burst onto the tech scene in recent years and continues to grow in both value and adoption at a rapid rate.

    It’s a technological concept that spans every single vertical market, creating both opportunity and disruption along the way. However, for every bank that is looking to leverage these technologies to create a better customer experience, there’s another company that fails because of a lack of faith in its security.

    Analyst house, IDC, might predict that IoT adoption is set to rise exponentially in the coming years, but security, and a lack of in-house skills to manage that security risk, still feature at the top of business leaders’ concerns.

    Enter the Blockchain

    One solution that is widely tipped to sway the balance in favour of IoT adoption is Blockchain.

    Blockchain is a distributed database of online records. Typically used in financial transactions for the cryptocurrency Bitcoin, the peer-to-peer Blockchain technology records every transaction in an exchange to form an online ledger system.

    The benefit of such a system is three-fold: it is distributed, permission-based and, above all, secure.

    Distribution is important because it allows for a shared form of record keeping. This means that every person within a business network has oversight of every transaction made via the Blockchain and, with permission, they can trace the record back to its source.

    No one has sole ownership of the block, or transactions, within the chain, and no one can delete the record. Similarly, no malicious malware can infect the system through a user because others in the ledger will be able to detect the attack and therefore deny it access. Hence it is said to be secure.

    Impact on IoT

    Blockchain technology – which is being tested by over 40 banks worldwide — is not only available for use in financial transactions, however. Any transaction or record can be made a part of the Blockchain, so it’s use can extend to digital communications, product identification, or even to customer claims. The auditing of the validity of digital transactions between machines and things is of particular use for IoT applications.

    IoT consultant, John Soldatos, has written at length about this. He argues that since “The 100.000.000 units of the Bitcoin are programmable and can be linked to digital properties other than currencies such as credits or digital votes. This gives rise to the use of the Blockchain for supporting IoT applications. Instead of auditing the exchange of units of a digital currency, the Blockchain could audit the validity of digital transactions between machines and things.

    San Francisco-based tech firm, Chronicled, is one such company using Blockchain to validate a product’s identity, possession, and provenance.

    The firm has built an IoT & Blockchain Laboratory where it has already trialled the technology on connected sneakers – to detect counterfeit goods – furniture showrooms – to allow for interactive shopping – and drone delivery.

    Elsewhere and the Isle of Man government (just outside the UK) is testing Blockchain in conjunction with IoT devices to protect them, assigning unique identities to physical items to affirm their authenticity.

    Security above all

    If IoT devices are to communicate and interact in this manner, though, they must be secure and trustworthy. Businesses or consumers that feel the security in IoT devices is inadequate – an accusation that has been leveled at Taiwanese networking equipment manufacturer, D-Link, recently – will turn away from the technology. Can Blockchain provide that trust?

    Clive Longbottom, an analyst at Quocirca, is positive about its use to secure IoT.

    “When applied to the IoT, Blockchain can provide the much-needed verification of data source, preventing the man-in-the-middle (MiTM) attacks that threaten to become commonplace,” he told Internet of Business.

    “The problem for Blockchain here will be in dealing with the volume of data and the speed of it.

    “It may well be that a ‘new’, fully-metadata driven IoT Blockchain is required that is focused purely on the actual transaction, rather than the data the transaction covers is required – but any such Blockchain approach must also be provably secure, and must work alongside existing data-rich Blockchains.”

    Longbottom is referring to the sheer amount of data flowing through IoT devices and how it can be manipulated that worries businesses and governments.

    Last year we witnessed a taste of the damage that can be done when IoT devices are infected by bots, like the Mirai botnet, for distributed denial of service (DDoS) attacks. The most memorable instance of this shut down popular websites like Twitter, Netflix and Spotify, but the implications for more critical national infrastructure is very apparent.

    However, as well-known IoT author, W. David Stephenson, has written, the hope is that Blockchain’s decentralized nature provides a more efficient means of handling the massive amounts of data that flow through IoT devices.

    According to Datafloq, the peer-to-peer approach used in Blockchain would also “eliminate single points of failure, creating a more resilient ecosystem for devices to run on. The cryptographic algorithms used by Blockchains, would make consumer data more private.”

    A better answer than current firewalls and anti-virus software, perhaps?

    Related: IoT Blockchain alliance to deliver security for connected devices

    A tailored approach

    Longbottom’s idea of Blockchains tailored to the needs of IoT has been suggested before, and has been gaining support. It’s an argument that David Bannister, principal analyst at Ovum has promulgated where finance is concerned.

    It has also been tried and tested by Guardtime and Intrinsic-ID. The companies believe that a combination of Blockchain and physical unclonable function (PUF) technology “represents a new level of security and governance for customers who wish to deploy IoT devices at scale.”

    They say that by using PUF Technology to authenticate a device and registering that device with ownership information on a Blockchain ledger, the provenance and integrity of every piece of data generated can be cryptographically proven and linked back to an authenticated device with an end to end chain of custody.

    Similarly, Accenture has developed a Blockchain-powered ‘smart’ plug, to help users cut electricity bills. In this instance, instead of simply resolving and confirming transaction records, Blockchain can supposedly negotiate deals on behalf of the customer, to find cheaper tariffs.

    Enrique Velasco-Castillo, senior analyst at Analysys Mason, told IoB that “the public, immutable, and decentralized features of blockchain technologies makes them a potentially viable alternative for these use cases. Nevertheless, innovators still need to surmount key challenges around scalability, security, and regulation that have so far prevented blockchain applications from becoming widely adopted.”

    Perhaps then, Blockchain’s use lies in a specific, tailored approach to IoT applications to maintain security. And if it truly does reduce the cost and complexity of doing business across a network of people and goods, as IBM suggests, this technology will soon become a no-brainer for business.

    Related: How secure is the Internet of Things?

    January is Blockchain month at IoB. To find out what other content we’re doing, click here