enzozo - Fotolia

How blockchain can secure the IoT

By doing away with a central authority in internet of things (IoT) networks, blockchain technology can reduce the risk of IoT devices being compromised by a single point of security failure

The unprecedented distributed denial of service (DDoS) attack involving as many as 100,000 compromised devices in the Mirai botnet that nearly brought the internet to its knees in 2016 was a stark reminder of the sorry state of internet of things (IoT) security.

At the heart of the problem is the security architecture of the IoT, an inherently distributed client-server model that uses a central authority to manage IoT devices, along with all the data generated across an IoT network.

For IoT data to be trusted, all trust requests are aggregated into a single location, creating a single point of security intelligence that has, at times, compromised IoT security, leading to Mirai-style botnet attacks, according to Joseph Pindar, director for strategy in the CTO office at Gemalto, and co-founder of the Trusted IoT Alliance, a non-profit group that advocates the use of blockchain to secure IoT ecosystems.

In these attacks, IoT devices are unable to adapt their behaviour because they are not considered “smart” enough to make security decisions without the help of the central authority.

Pindar said blockchain removes this single point of decision-making that leads to failure, by enabling device networks to protect themselves in other ways, such as allowing devices to form group consensus about what is normal within a given network, and to quarantine any nodes that behave unusually.

The second aspect, he said, is to form trust in IoT data by enabling what he called the five digital security primitives: availability, auditability, accountability, integrity and confidentiality.

In blockchain, data is automatically stored in many locations and is always accessible to users. For auditability and accountability, a private, permission-based blockchain is used – where all users are authorised to access the network – and because all data stored on the blockchain is signed, each device is accountable for its actions.

For integrity, blockchain is, at its core, a public ledger of data entries – every deletion or correction of data is entered – and as the entries are confirmed by the network, a complete chain of events is created, said Pindar.

Blockchain is already being used in industries such as retail, where blockchain startup BitSE’s Vechain platform is being used to demonstrate the provenance of high-value goods, including premium wines and Louis Vuitton handbags, to Chinese consumers who have a particular need to understand the authenticity of goods.

Pindar also gave the example of San Francisco-based Chronicled, which has applied blockchain to pharmaceutical supply chains to ensure tailored gene therapy drugs are delivered to the right person.

“By utilising a secure IoT platform, they are also able to attest to the quality levels of the drugs and to ensure that these drugs do not fail during the supply process, which could impact the efficacy when taken by the patient,” he said.

Securing operational technology

Blockchain can also help to overcome the prevalent mindset in managing and securing industrial IoT and operational technology (OT) devices: once a sensor, device or controller has been deployed and is working, it cannot be touched.

“Even if there is a known security vulnerability, it is not worth fixing it, because there is a chance that the security patch would cause problems elsewhere in the system that no one knows how to fix,” said Pindar.

“But as cloud computing has demonstrated, there are continual failures of devices and systems when operating at very large scale. Simply put, it is not possible to manage large-scale systems that are fragile and not resilient to failure – as is the case with many current industrial IoT and OT systems.”

Pindar said the solution is to allow continuous deployment of software updates, as well as blockchain technology after devices have been deployed, with little or no downtime through an over-the-air update system.

“This has been shown to actually increase the availability of systems compared to an ‘avoiding failure’ approach,” he said. “Therefore, a cost and operationally efficient way of providing over-the-air updates and patching to IoT devices and sensors would greatly benefit the industry as a whole.”

Read more about blockchain in APAC

  • Taiwanese e-commerce company OwlTing has integrated blockchain technology into its supply chain infrastructure to improve food safety for consumers.
  • Blockchain applications are upending traditional industries, with startup activity expected to ramp up in years to come.
  • Although blockchain is no silver bullet, experts say Australian organisations should embrace and invest in the technology.
  • Singapore fintech startup Invictus is tapping IBM’s blockchain technology and Bluemix cloud services to provide small companies with financing options from banks and other financial service providers.

According to market research firm Netscribes, the global blockchain technology market is expected to grow at a compound annual growth rate of 42.8% and reach $13.96bn by 2022.

The North American region accounted for the largest share of blockchain adoption in 2016, and is expected to dominate the overall market in the near future. However, the Asia-Pacific region is expected to adopt this technology at a faster rate owing to its wide adoption in China and India.

Read more on Blockchain