01 Feb How Blockchain Can Enhance IoT Security? (2021)
Blockchain And The IoT Security
By doing away with a central authority in the internet of things (IoT) networks, blockchain technology can reduce the risk of IoT security breaches or IoT devices being compromised by a single point of security failure.
The unprecedented distributed denial of service (DDoS) IoT security breaches, involving as many as 100,000 compromised devices in the Mirai botnet that nearly brought the internet to its knees in 2016 was a stark reminder of the sorry state of the internet of things security (IoT security). This incident evidently shows the internet of things security vulnerabilities and challenges.
At the heart of the problem is the IoT security architecture, an inherently distributed client-server model that uses a central authority to manage IoT devices, along with all the data generated across an IoT network.
For IoT data to be trusted, all trust requests are aggregated into a single location, creating a single point of security intelligence that has, at times, IoT security breaches, leading to Mirai-style botnet attacks, according to Joseph Pindar, director for strategy in the CTO office at Gemalto, and co-founder of the Trusted IoT Alliance, a non-profit group that advocates the use of blockchain to secure IoT ecosystems.
In these IoT security breaches, IoT devices are unable to adapt their behavior because they are not considered “smart” enough to make security decisions without the help of the central authority.
Pindar said blockchain removes this single point of decision-making that leads to failure, by enabling device networks to protect themselves in other ways, such as allowing devices to form group consensus about what is normal within a given network, and to quarantine any nodes that behave unusually.
The second aspect, he said, is to form trust in IoT data by enabling what he called the five digital security primitives: availability, auditability, accountability, integrity, and confidentiality.
In blockchain, data is automatically stored in many locations and is always accessible to users. For auditability and accountability, a private, permission-based blockchain is used – where all users are authorized to access the network – and because all data stored on the blockchain is signed, each device is accountable for its actions.
For integrity, blockchain is, at its core, a public ledger of data entries – every deletion or correction of data is entered – and as the entries are confirmed by the network, a complete chain of events is created, said Pindar.
Blockchain is already being used in industries such as retail, where blockchain startup BitSE’s Vechain platform is being used to demonstrate the provenance of high-value goods, including premium wines and Louis Vuitton handbags, to Chinese consumers who have a particular need to understand the authenticity of goods.
Pindar also gave the example of San Francisco-based Chronicled, which has applied blockchain to pharmaceutical supply chains to ensure tailored gene therapy drugs are delivered to the right person.
“By utilizing a secure IoT platform, they are also able to attest to the quality levels of the drugs and to ensure that these drugs do not fail during the supply process, which could impact the efficacy when taken by the patient,” he said.
Securing operational technology
Blockchain can also help to overcome the prevalent mindset in managing and securing industrial IoT and operational technology (OT) devices: once a sensor, device or controller has been deployed and is working, it cannot be touched.
“Even if there is a known IoT security vulnerability, it is not worth fixing it, because there is a chance that the security patch would cause problems elsewhere in the system that no one knows how to fix,” said Pindar.
“But as cloud computing has demonstrated, there are continual failures of devices and systems when operating at very large scale. Simply put, it is not possible to manage large-scale systems that are fragile and not resilient to failure – as is the case with many current industrial IoT and OT systems.”
Pindar said the solution is to allow continuous deployment of software updates, as well as blockchain technology after devices have been deployed, with little or no downtime through an over-the-air update system.
“This has been shown to actually increase the availability of systems compared to an ‘avoiding failure’ approach,” he said. “Therefore, a cost and operationally efficient way of providing over-the-air updates and patching to IoT devices and sensors would greatly benefit the industry as a whole.”
According to market research firm Netscribes, the global blockchain technology market is expected to grow at a compound annual growth rate of 42.8% and reach $13.96bn by 2022.
The North American region accounted for the largest share of blockchain adoption in 2016 and is expected to dominate the overall market in the near future. However, the Asia-Pacific region is expected to adopt this technology at a faster rate owing to its wide adoption in China and India.
The above content has been re-blogged from ComputerWeekly.com and was written by TechTarget’s Aaron Tan.
Blockchain as a Service (BaaS)
So what’s next for Blockchain technology in the coming year? We think that Blockchain will make big waves in the cloud industry as applications are starting to make moves in this sector. Back in 2015 Microsoft took a chance and was one of the first software vendors to provide Blockchain as a Service (BaaS) on its Azure platform and AWS has even jumped on the bandwagon.
Seeing as these two cloud visionaries have begun offering Blockchain, married with the fact that it has taken so many other sectors by storm we can only predict that the concept of BaaS might really take off. Let’s see if more cloud providers are ready to make Blockchain a real enterprise service in the coming months and year!