Blockchain: The Missing Link Between Security and the IoT?
The internet of things (IoT) has been associated with major cyberattacks, often involving the abuse of vulnerable connected devices, such as surveillance cameras, to facilitate malicious activities. Of course, concerns have been raised about the IoT’s capability to secure billions of devices connected to the unwieldy internet, calling for viable solutions that could fill the security gap. Here enters blockchain, a relatively nascent technology that promises to reduce the risk of IoT devices’ being compromised through a central authority and to improve the scalability of IoT implementations. In principle, it would enable protection of IoT networks in a number of ways, such as forming a group consensus on aberrant network behaviors and quarantining any nodes that may be performing irregularly.
Two key enablers merged into one: When the IoT meets blockchain
Within several decades, the IoT has significantly expanded its reach and connected numerous devices and networks in homes, workplaces, transportation systems, and even entire cities. The decade-old blockchain, on the other hand, is set to revolutionize business models through its encrypted and distributed ledger designed to create tamper-proof and real-time records. With the IoT and blockchain working together, the latter is expected to provide a verifiable and secure recording method for devices and processes associated with the former.
Blockchain works as a distributed ledger, where every deletion or modification of data is recorded, and as more entries, aka blocks, are put into it, a longer chain of events is created. Each transaction made is accompanied by a digital signature and can never be changed or deleted. Given its decentralized nature, blockchain, in theory, can prevent a vulnerable device from pushing false information and disrupting the network environment, whether it’s a smart home or a smart factory.
In the context of recent noteworthy IoT security incidents, blockchain can reduce the risk of distributed denial-of-service (DDoS) attacks that affect multiple devices at once: An outage in one device shouldn’t impact the others. We have noted that in securing smart cities, such an expediency is crucial to maintaining connectivity and functionality in services, especially for critical systems.
With blockchain, each device will have strong cryptography, further ensuring secure communication with other devices and affording anonymity in IoT use cases where privacy is of utmost concern. Adopters will have the ability to better track devices and distribute security updates, helping to fortify potentially vulnerable devices.
The merging of blockchain and the IoT is also expected to address the issue of oversight. In businesses, for instance, transactions made by multiple sources can be administered through an immutable and transparent record, where data and physical goods are tracked throughout the supply chain. In the event of an erroneous decision or system overload, the blockchain record should be able to identify the point — say, a device or a sensor — where something went wrong, and the business could take immediate action. Blockchain could also help reduce operational costs since it eliminates intermediaries or middlemen.
Read the whole article to find out more about:
- Blockchain implementations and use cases in the IoT
- Challenges in integrating blockchain into the IoT
- Security recommendations
Blockchain implementations and use cases in the IoT
Blockchain is more than the distributed ledger technology underpinning cryptocurrencies, most notably bitcoin. In fact, it is already being used in different industries, including in retail to simplify as well as secure the movement of products through supply chains and in pharmaceuticals to ensure the integrity of contracts, clinical trials, and the drugs themselves. With the integration of blockchain into these and various other sectors, quality levels of products and services are closely monitored.
In the IoT sphere, blockchain has been gaining traction as well. A blockchain-protected security platform for the industrial internet of things (IIoT) is already being offered by one company. Touted as the first and only one of its kind, the solution aims to address the IoT’s broad attack surface by having more participants in control of the consensus and increasing the redundancy in systems. A blockchain-focused research center has also been formed to promote the development and commercialization of the technology and its capabilities to revolutionize the IoT ecosystem.
Challenges in integrating blockchain into the IoT
Blockchain in the IoT is indeed gaining momentum, but not without a few roadblocks. For one thing, the key concept to blockchain is the series of transactions that have been made and how they form a chain. The chain is created by keeping a reference of previous transactions, hence the blocks. However, blocks are computationally intensive to create, taking multiple processors and significant time to generate. Since a single block is difficult to generate, tampering with it would be similarly tough: One has to tamper with the previous block and follow the chain created so as to change it completely.
This setup seems to be ideal for securing the IoT. However, the caveat is that IoT devices are relatively underpowered and underlying blockchain protocols create overhead traffic, with the generation of a block introducing potential latency. This situation doesn’t bode well especially for resource-constrained and bandwidth-limited devices and operations that need real-time updates or speedy responses.
In terms of security risks, researchers have classified threats related to accessibility, anonymity, and authentication and access control. Malicious actors may threaten accessibility by preventing users from accessing data or services through such means as denial-of-service (DoS) attacks and cloud storage compromise. Furthermore, they can attempt to identify a particular user by finding links between the user’s anonymous transactions and other publicly available information. They can also try to pass themselves off as legitimate users to gain access to data, although threats against authentication and access control can be detected since all transactions are recorded and verified by users in the chain.
Additionally, in our security predictions for this year, we forecast that blockchain will be exploited by threat actors to expand their evasion techniques. It is also not far-fetched to conjecture that IoT sensors and devices can be compromised to transmit wrong information to a blockchain. By virtue of the technology, if an entry is authenticated, it will be recorded in the chain. Adopters therefore need to ensure that sensors and devices have overrides at the ready in the event of a compromise and to grant access only to users who should be in control.
When run properly, blockchain can greatly benefit IoT systems by decreasing costs and pushing efficiency. Even so, the technology’s penetration into IoT-enabled environments is far from optimal. For example, up to only 10 percent of production blockchain ledgers are expected to incorporate IoT sensors by 2020. Moreover, there still is a long way to go before most IoT systems become computationally competent enough to handle bulky blockchain implementations.
While the elimination of the single point of failure has yet to be realized, securing the IoT still lies in the continuous deployment of security for all connected devices. Aside from timely software updates to prevent downtime, what IoT adopters, individuals and organizations alike, should look into is multilayered security with end-to-end protection, from the gateway to the endpoint, capable of preventing any potential intrusions and compromise in the network. This entails:
- Changing default credentials. Factory default credentials have notoriously enabled IoT botnets in compromising connected devices. Users are therefore advised to enable password protection and to use unique and complex passwords to reduce the risk of device hacking.
- Strengthening router security. A vulnerable router makes a vulnerable network. Securing routers through comprehensive security solutions allows users to take stock of all connected devices while maintaining privacy and productivity.
- Setting up devices for security. Devices’ default settings should be checked and modified according to users’ needs. Customizing features and disabling unnecessary ones are recommended for increasing security.
- Monitoring traffic in the network. Actively scanning for anomalous behaviors in the network can help users deter any malicious attempts. Automatic and efficient malware detection can be also employed through real-time scanning provided by security solutions.
- Implementing added security measures. Users are advised to enable firewalls and use the Wi-Fi Protected Access II (WPA2) security protocol for added protection. Solutions that employ web reputation and application control also allow for better visibility across the network.
This article was written by the Trend Micro Threat Research Team.