Blockchain of Things
Block #3: IoT without security = Internet of Threats
Blockchain technology is no longer in its infancy, but it’s still very new. Similar statements can be made about the Internet of Things (IoT). The buzz around blockchain applications in IoT, however, is far more recent. The union of the two verges on the untested — and currently, the unapplied.
Let’s back up a little bit and get some definitions out of our way:
The blockchain is a shared, immutable ledger for recording the history of transactions. It fosters a new generation of transactional applications that establish trust, accountability, and transparency from contracts to deeds to payments.
The internet of things, or IoT, is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
Currently, the data exchange on IoT devices is through a centralized server. This actually causes the formation of ‘data troves’. A data trove can be defined as treasure(device-related data) concentrated at a single site. If an attacker targets this site and is successful in gaining access to this data, all the other members of the network would be compromised.
Let’s look at some ways blockchain technology can help decentralize data exchange. A blockchain based solution will always ensure:
- Trusted Transactions: All transaction are recorded in the ledger and are immutable once confirmed. Also, the ledger is distributed and hence anyone can download and audit the transactions.
- Trusted Data Access: The access rights for data can be decided by the data owner.
- Trusted Privacy Preserve: Data owners can protect their personal information while exchanging data since they will only give out their public keys to others.
This could be fulfilled using a layered architecture of this sort:
We’ll look at the layers bottom up:
Data Layer:
- IOT Data: Storage clouds, database clouds, wireless sensor nodes.
- Blockchain Node data: Stored on the blockchain network, used to record the whole data exchange process.
Network Layer:
- Various networks of devices: Peer to peer device networks, websites, storage clouds.
- Blockchain network: Nodes that store copies of all transactions.
Management Layer:
It controls the user’s security and manages permissions on the platform. Along with that, it keeps track of data access rights, exchange relationship, and transaction history. Also, data auditablility is dependent highly on this layer.
Interaction Layer:
It’s an interface for data exchange parties to interact with each other through web pages or mobile devices connected to the internet.
When included in the network stack, the layers would look something like this:
The union of IoT and blockchain stands on 4 pillars:
- Consensus
- Ledger
- Cryptography
- Smart Contracts
These 4 pillars actually help us come up with a communication model comprising of:
- Peer-to-Peer messaging: For establishing consensus
- Distributed Data Sharing: To maintain the distributed immuted ledger.
- Autonomous co-ordination with the devices: This can be achieved using smart contracts that govern transactions executed whenever any data is read by the sensor.
All of these components of the communication model are backed by cryptographic algorithms such as Elliptic Curve Digital Signature Algorithm(ECDSA) that enables exchange and access to data using public and private keys.
Another interesting goal that this combination can achieve is identity and access management for devices. Usually, the data coming from an IOT device is considered more reliable. But this wouldn’t hold true if the device itself is compromised. Cryptographic hashes of a device’s firmware configuration and the state can help us verify that the data is not coming from a rogue device. We can use the hashes to verify if the device is genuine and software settings haven’t been tampered with.
We could define a tuple that is used to represent an IoT device in the network:
< ID, Kpub, Kpriv, π(nonce, firmware, Kpub) >
Where,
ID — Unique identifier/ Shorter version of the public key
Kpub — Public key
Kpriv — Private key
π(nonce, firmware, Kpub) — A hash generated using irreversible hash functions on:
- A randomly generated nonce.
- Firmware configuration and state of the device.
- The public key for the device.
π(nonce, firmware, Kpub) basically forms the hardware root of trust for the device. Let’s call this ‘Proof of firmware’.
The feasibility of such an algorithm could be tested using low power autonomous mesh networks of sensors connected to a decentralized blockchain network. The transaction pool could have high variability, but the branching factor and maximum size of the transaction pool could be bounded.
Testing parameters could be:
- Block arrival time, taking the size of the network into consideration.
- Stabilization time for various network sizes
- Testing lossy links in the network
Let’s look at ways in which such an algorithm could help:
- A Sybil attack is when reputation system is subverted by forging identities in peer to peer networks. In much more simpler words, a Sybil attack is when malicious devices are able to impersonate other devices in the network. The algorithm could help in preventing such an attack.
- Also due to the nonce in hardware root of trust, it provides dynamic authentication and can avoid replay attacks.
There are however some challenges of using IoT with blockchain which is also a potential research area in the blockchain space:
- Storing Ledger on all the peers
- Scalability of the system(Block size, block arrival time)
- Handling the growing number of devices and communication cost between those devices.
- Handling latency and bandwidth for various devices in the network.
- Differentiating malicious nodes within the network
- Firmware update management, firmware tampering detection, spurious component detection.
On a lighter note…
