IoT Security using Blockchain
Two of the most talked about technologies in today’s world are Blockchain and IoT. They are at the initial stage of maturity and there are a lot of activities taking place in the development of them and finding interesting uses of the technologies. One of the key challenges of IoT world is security. In this article, my attempt is to critically view the use of blockchain technology to secure IoT.
The article starts with giving a very brief primer on blockchain followed by explaining the applicability of blockchain in IoT security.
Blockchain is a distributed database technology that provides very hard to tamper, ledger records. It allows storage of all transactions into immutable records and every record distributed across many participant nodes. The security comes from use of strong public-key cryptography, strong cryptographic hash and complete decentralisation.
Blocks are the key concept of the technology. They are small sets of transactions that have taken place within the system. Each new block stores reference of the previous transaction by including a SHA-256 hash of the previous transaction. In this way, it creates a ‘chain‘ of blocks and hence the name. Blocks are computationally difficult to create, and takes multiple specialised processors and significant amounts of time to generate.
Since generating a block is difficult and to tamper one block, one has to tamper the previous block and then has to follow the chain to change it completely, blockchain technology is considered to be tamper resistant.
Miners are the ones who run powerful computers to create blocks.
The following diagram explains a typical use of blockchain technology in cryptocurrency use case (e.g. Bitcoin).
So, the key strengths of blockchain technology can be summarised as:
- It is strongly tamper-resistant
- If is highly scalable due to not having any single point of failure and being peer-to-peer network
- It can serve as an immutable system of records for all stakeholders
How IoT can leverage blockchain technology
With IoT started getting into the mainstream industry, the key challenges of the technology is fast emerging. One of the key areas of IoT deployment is security. Following are the key security challenges for IoT infrastructure and services:
- With the prospect of devices in the infrastructure growing exponentially, it is a huge challenge to identify, authenticate and secure the devices.
- A centralised security model will be very difficult and expensive to scale, maintain and manage.
- A centralised security infrastructure will introduce a single point of failure and will be an easy target for DDoS attack.
- Centralised infrastructure will be difficult to implement in industrial setup where the edge nodes are widespread geographically
Blockchain technology seems to be a viable alternative due to the key strengths described above.
Cases where blockchain can be used
It can be used to create secured mesh network that will allow IoT devices to connect securely and reliably avoiding the threats of device spoofing and impersonation.
Every IoT node can be registered in the blockchain and will have a blockchain id which will uniquely identify a device in the universal namespace. For a device to connect another device, one will use the blockchain id as URL and will use its local blockchain wallet to raise an identity request. The wallet will create a digitally signed request and send to the target device which will use blockchain services to validate the signature using the public key of the sender. In this way, M2M authentication can take place without the need of any centralised arbitrator or service.
For a device that is constrained by a resource can be connected to proxies where the wallet can be stored. This will introduce some form of aggregation but it will be fairly limited.
The above possible solution will be applicable to a wide range of IoT services. Some of the examples will be intelligent healthcare connected vehicles, logistics, transportation etc.
Cases where blockchain is not the best solution
One key benefit of using blockchain technology is its use as a distributed recording system. It allows to securely write immutable records. To do that, it used strong cryptography and replication. For example, in supply change management, a consignment has to go via a series of activities and the status of the piece of an item can be monitored via RFID and recorded using blockchain technology.
However, this comes with its overhead. The replication introduces latency. Getting a block sometimes take longer. Strong cryptographic processes introduce latency. The latencies are not acceptable in a near-time and real-time service situation. Hence, blockchain is not best suited in a recording of raw data at the source.
A slight improvisation may make blockchain adapted to near-time situations. An introduction of aggregation caching node at the closest distance of the sources can be used as a broker between source and blockchain services. However, this will be a deviation from the key strength of blockchain and must be used after careful consideration.
With quantum computer becoming reality, the fear is that it would break public key encryption. Leading organisations in the world e.g. NIST has started initiatives to develop post-quantum cryptography (http://csrc.nist.gov/groups/ST/post-quantum-crypto/). So, that raises the question: how safe will blockchain technology remain in future? Difficult to answer. I will rather present some relevant data. D-Wave system announced the availability of 2000 qbit system (https://www.dwavesys.com/press-releases/d-wave-systems-previews-200…. Now, to factor 1024 bit RSA key, it takes 2000 qbits and majority uses RSA key size larger than that. Given, that D-Wave technology is disputed by experts and the scaling quantum computer is not similar to a normal computer, it is not deterministic how long before a large RSA key (> 1024 bits) can be brute forced.