Blockchain-based cybersecurity for IoT

Arunmani Subramanian, VP - Emerging Technologies, YASH Technologies | Tuesday, 21 April 2020, 13:05 IST

Blockchain-based cybersecurity for IoT

IoT is persuasive and exciting owing to the innumerable innovation possibilities, which can open doors to incredible benefits for humankind in the coming decades. Connected devices can generate and transmit critical data for business benefits leading to efficiency improvement and quality decision making, yielding significant direct and indirect capital gains. IDC predicts that these devices are would grow to 41 billion capable of generating 80 ZB of data by the mid of the next decade.

IoT usage stands as a testimony to heterogeneity. IoT is leveraged across healthcare, agriculture, energy, retail, aviation, manufacturing, logistics, home automation to a large-scale smart city program. The application of IoT varies by domain. In the manufacturing vertical, IoT is leveraged for industrial automation, safety, security, optimizing the supply chain, better asset, and resource management. While in logistics, it can be leveraged for fleet management, predicting fleet maintenance, and improving safety measures through vehicle telematics. In a smart city program, IoT can be leveraged for optimizing logistics, public safety, and surveillance.

IoT technical implementations are often a cumulative effort of independent hardware vendors to device manufacturers, connectivity providers, solution providers, consultants or system integrators, and solution operator’s post-deployment. The devices itself can be a specialized microcontroller or sophisticated hardware, connecting to the edge device through different network protocols ranging to 3G to 5G, LoPWAN, CoAP, etc. The edge itself can diversify from being a mere gateway to a sophisticated appliance providing significant real-time functionality before typically leading to centralized data centers are cloud-based storage.

The variety, volume in business demand, cost of implementation, and other factors, lead to fragmentation and non-standardized technical implementation, exposing a large matrix of surface threats for the hackers to exploit. The common vulnerabilities exploited include insecure leaf devices, a subpar configuration in communication channels or the inadequate communication channels, poorly secured application layers leading access to central servers, and poor operations with a lack of monitoring/upgrades post-implementation. Potential exploitation in IoT can lead to loss of customer data, IP loss, direct financial loss resulting in operational risk, legal issues accompanied by penalties, and reputation loss.

IoT implementation needs to transform from a centralized system to a decentralized system to handle large scale and secure implementations. In the decentralized system, there is no single, trusted entity participating. Each communication made by any participating entity must be secured, authenticated verified, and validated before the proposal is accepted as the participation is in a trust-less environment.

‘Blockchain’ can be a promising solution in such trustless, decentralized, cryptographically secured applications.

Blockchain, as a trustless decentralized and immutable system, mandates every participating node to be identified by critical pairs or certificates and every communication encrypted by unique keys. The message is validated and verified for origin through certs and business rules through smart contracts before being stored in an immutable cryptographically secure storage. It creates a secured environment where every node is aware of the other participating node, messages secured with non-repudiation guaranteed, promoting privacy.  Blockchain features of immutable and decentralized data storage support essential aspects of cybersecurity design principles like audibility and fault tolerance.

Implementation of blockchain principles on IoT applications can create robust systems. IoT leaf devices can be designed as clients in a blockchain network. Once the device is a part of the blockchain, it inherently follows the decentralized, trustless execution in the form of secure communication, verification, validation, and immutable storage leading to data protection in rest and motion. In a blockchain world, threats typically exploit vulnerabilities at the clients than at the core of the cryptographically secure blockchain. In a blockchain-based IoT implementation, a leaf device’s vulnerability can be mitigated by enforcing manufacturers to produce devices that imbibe secure design principles. A few instances of such design principles including, the secure root of trust, secure storage of keys, upgradeable firmware, health monitoring, and reporting, and physical tamper resistance along with multi-line of defense. The proposed approach of blockchain secured IoT implementations needs to be analyzed for limitations in technologies for specific use cases in consideration.

Don't Miss ( 1-5 of 25 )