Securing IoT with Blockchain

2 weeks ago
Eric Vanderburg

While blockchain has earned its most significant claim to fame by making possible the rise of cryptocurrencies like bitcoin, researchers continue to propose a number of new uses for this technology. This includes everything from linking global supply chains to guaranteeing the validity of election results. And, given the recent concerns about the security risks posed by the Internet of Things (IoT), the blockchain has also been proposed as a potential security fix for any physical infrastructure deploying Internet-connected devices.

There are two primary aspects of the blockchain that make it attractive for securing the Internet of Things:

• It is inherently decentralized and highly scalable
• It provides ironclad guarantees against data tampering

From a purely theoretical perspective, then, it is possible to see how the blockchain could be used to secure the Internet of Things. Any network, no matter its size, could be protected from hacker attacks and other security risks. And, in fact, researchers such as Ahmed Banafa of San Jose State University have already started to provide the theoretical underpinnings for how such a system would work.

Thus, for example, companies would have a security safeguard if any Internet-connected device within their network had been compromised. Say, for example, a hacker has compromised an Internet-connected sensor at a major manufacturing facility and then attempts to send deliberately false data to other nodes in the network, all in the hopes of shutting down or sowing chaos within the facility. In today’s security environment, that is a genuine risk.

However, if that sensor were part of a company-wide blockchain network, the other devices in the network would know that the data was false and would not accept it. Moreover, the system would self-regulate and find some way to quarantine the rogue device – or perhaps kick it off the network entirely.

Australian researchers, for example, have shown how such a concept might work on a much smaller scale. As they point out, the modern smart home, with all of its Internet-connected thermostats, refrigerators and digital entertainment devices, presents a compelling test case for a blockchain security solution.

Say, for example, hackers attempt to enlist your Internet-connected home cameras as part of a massive botnet attack on servers outside of your home. A blockchain-powered security network would recognize that a large amount of packets of data were trying to be sent out of the home, and would immediately shut down the attempted botnet attack.

One major issue still to be resolved involves the sheer amount of processing power required by each Internet-connected device in the network. In short, it is not just enough to be hooked up to the Internet – every device would also have to have the processing ability to participate in the blockchain fully. The current IoT, with its Internet-connected belt buckles and Internet-connected light bulbs, is not even close to having this type of processing ability.

A potential solution to this problem is an IoT framework known as ChainAnchor. This is a blockchain-powered security solution that involves device makers, data providers and independent third parties that are all part of a network. The clever little twist of ChainAnchor is that all three of these players take the anonymized data coming from IoT devices hooked up to this network and sell or license it. In theory, this would provide sufficient incentives for device makers to make each new device capable of participating in a blockchain.

Of course, there are some crucial issues to be worked out before we can realistically talk about using the blockchain to secure the Internet of Things. But as you can see, steps are being taken in the right direction. With the size of the Internet of Things growing each year exponentially, a decentralized blockchain system might be the only real scalable solution that we have.

This article was sponsored by TCDI, a cybersecurity, computer forensics, and eDiscovery company.