Using blockchain to solve IoT security challenges
It’s likely you’ve seen the word “blockchain” in the headlines in recent months in connection to the current craze surrounding cryptocurrencies. But did you know that blockchain could completely change our understanding of authentication models and help solve security issues with the Internet of Things?
With the massive DDoS ‘thingbot’ attack last year, known to many as the Mirai attack on the Dyn DNS hosting servers - which look popular sites like Airbnb, Amazon, PayPal and Twitter - it became clear that the devices are vulnerable to zombie-like manipulation due to their easy access (default passwords) and weak computing power that inhibits the installation of anti-virus/anti-malware.
In addition, and due to their weak computing power, it’s challenging to authenticate IoT devices because their “bare bones” architecture makes it difficult to track their activity over time. These vulnerabilities have caused the focus on IoT technology to shift from the benefits for improving efficiency and enriching data, to a deep-seated concern for their potential security risks.
One of the main issues with securing IoT devices is that current methods are based on a centralized, information-based model for authorizing and authenticating the devices. This is true not only for IoT devices, but the plethora of connected devices requesting access to a network.
While this model may be effective for small-scale networks with a limited number of devices, when it comes to larger networks with various kinds of devices, including IoT, the challenge grows significantly. That’s where blockchain enters the picture.
As opposed to the centralized, information-based model for managing access, blockchain is based on a distributed ledger of verified transactions that cannot be broken. It is a ‘permissionless’ and public system, but there are also ways to manage the blockchain in a way that is permissioned and private – suitable for IoT and other connected devices.
How would it work?
In effect, a “permissioned and private” blockchain could be used to safely on-board IoT and other connected devices, registering them in a private blockchain ledger. New devices attempting to access the network would have to be approved, and found to follow the same security policies to be verified and granted access to the chain – thereby eliminating the possibility for “zombie devices” like the ones that carried out the Dyn DDoS attack.
Through this model, IoT devices can communicate with like-IoT devices to determine if the “newbie” is up to par on its security settings, making sure that it only has access to data that authorized IoT devices have permissions for, and that it isn’t siloing data or acting as a ‘thingbot’.
For instance, if an employee wants to connect their Fitbit while at work, all they need to do is connect it with another IoT device, which would let the Fitbit know what it needs to do in order to be considered secure enough to receive a connection.
Since blockchain authentication leverages peer-to-peer communication, one of the primary benefits is setting a security standard across the board for all devices of the same type. In addition to setting this security standard, peer-to-peer communication further secures one of IoT devices’ key features – data mining and processing.
The way IoT devices process data could be considered complex, because they need to be in constant communication with the network. By enabling direct and verified device-to-device communication, the blockchain eliminates these issues with the potential to meaningfully enhance and completely automate data mining processes across the network.
Ultimately, blockchain helps enterprises save on the expenses associated with depending on various technologies for data mining. In addition, blockchain can help eliminate compliance concerns, as devices are sharing information with each other all the time, making sure that they are “up to par.”
While we are only beginning to understand the applications and benefits of blockchain technology, it is increasingly clear that a distributed, trust-based authentication model is a better way to help address IoT security threats. The centralized, information-based model that is commonly used today not only inhibits capabilities for automating authentication; it makes it easier for hackers to find a point of weakness and exploit it.
Due to a lack of built-in security features, IoT devices are often the weakest link in the network, which is why the distributed, permissioned, and private blockchain may be the key to current challenges with IoT security.