Much has been said in recent years about the fragile state of IoT security. Just imagine the number of IoT attacks increased 600% between 2016 and 2017. Given the fact that every human will have more than four connected devices by 2020, we cannot ignore IoT vulnerability to cyberattacks. No doubt, security is the number one challenge in the internet of things development.
Both consumers and organizations have security concerns associated with IoT adoption. “IoT Cybersecurity Readiness Report” reveals that 57% of organizations name security risks as a top barrier to the increasing use of IoT technologies. These concerns are well-founded: 61% of those who have already deployed IoT solutions faced an IoT‑related security incident, such as malware attacks and phishing. In general, the survey shows that organizations have little confidence in their resilience to IoT-based cyberattacks.
As organizations are increasingly worried about how to protect themselves against attacks, they invest much money in IoT security products. Gartner forecasts that global spending on IoT security will reach $3.1 billion in 2021.
So what’s wrong with the existing security architecture used by IoT manufacturers?
Connected devices are designed principally for users’ convenience: they enable easy network access, usually automatic or by entering a simple password. This facilitates our lives and allows people to use their devices easily from anywhere in the world via the internet. At the same time, this opens numerous doors for cybercriminals, who can access internet-connected devices and steal personal information, such as financial details or health information. The price for convenience is sometimes too high, especially when hackers compromise someone’s physical safety.
Most regrettably, 70% of users say the benefits of digital devices outweigh the security risks. This means that most consumers know about the vulnerability of their IoT devices, but continue to use them anyway. As usability and convenience remain more attractive to users than security, IoT manufacturers make them a priority in order to stay competitive on the market. As a result, most devices have poor authentication, encryption, and access control mechanisms.
Currently, IoT uses a client/server model or a centralized model of networking. IoT devices use a single gateway to transfer data between them and connect through a cloud server. This model has been utilized over decades, but it is no longer suitable for the increasing number of IoT devices and volumes of data they share. The centralized architecture has a number of shortcomings:
The Mirai incident is one of the examples proving that the centralized model is not reliable. Being the largest DDoS attack ever, Mirai caused a temporary failure of many popular websites, including Amazon, Reddit, CNN, Netflix, the Guardian, Twitter, Spotify, and GitHub. The Mirai botnet first attacked Dyn, a popular DNS provider, and then the internet’s biggest websites through the unprotected network. As a result, the companies lost millions of dollars and their reputation was compromised.
Blockchain—a decentralized distributed ledger—is a revolutionary technology that could become the key to overcoming IoT security challenges. A blockchain-based approach to IoT networks may solve many of the problems faced with the current model and improve security.
The following features make blockchain an effective weapon in combating IoT cyberthreats.
In a blockchain ledger, data is stored on various nodes all over the world, which eliminates the single point of failure. Before adding any data to the network, all nodes must approve and verify it. Thus, no change is allowed without a common agreement from all network participants. This approach is named peer‑to‑peer communication and is intended to protect blockchain transactions from malicious parties. Since there is no single server, there is no chance of a man‑in‑the‑middle attack, when hackers grab the information sent between a server and a computer.
Blockchain is public, which means that it’s accessible to everyone in the network. All network participants can see the common history of stored blocks and transactions, but they need a private key to see the content. This gives a complete transparency to all operations and keeps data safe at the same time. Once a piece of information is stored on a blockchain, it is impossible to change it.
Blockchain uses advanced encryption algorithms to secure data, which makes it more private. This is done primarily for financial operations to be carried out without risks. Using the blockchain model, IoT devices may send and receive messages in the same way as financial transactions to enable secure data communication between connected things.
The decentralized, public, and secure nature of blockchain makes IoT companies seek help from this technology. The application of blockchain in IoT will enable direct information sharing between connected devices rather than relying on a centralized network, thus enhancing security and privacy. This approach can be used in a variety of industries: healthcare, retail, oil & energy, smart building, and manufacturing to name a few.
IBM and Samsung have recently developed a PoC for a blockchain‑enabled IoT system called ADEPT (Autonomous Decentralized Peer‑to‑Peer Telemetry). It uses smart contracts and peer-to-peer messaging to create a distributed IoT network. ADEPT may find its application in a smart home, where a Samsung washing machine, for example, can become a semi-autonomous device capable to perform self-service and maintenance. If the machine goes out of order, it will notify operator about the breakage and install software updates on its own. Using ADEPT, the washing machine can communicate with other smart devices in a network to optimize energy efficiency. For instance, it may postpone a cycle of washing for several hours if the TV is on. Moreover, it allows the machine to manage the supply of detergent it uses: pay for the order itself and receive a delivery confirmation from the retailer. The washing machine’s owner then will receive a notification about the purchase on the smartphone. This is less futuristic than it may sound, and the systems similar to ADEPT may gain the market soon.
Another example shows how the combination of blockchain and IoT can be used in the pharmaceutical industry. Chronicled, calling themselves the IoT and blockchain laboratory, applied a combination of these two technologies to pharmaceutical supply chains. The developed solution allows drug makers, wholesalers, and hospitals monitor each step of drug shipment and makes it difficult for criminals to unload stolen meds. This is what Joseph Pindar, founding member of the Trusted IoT Alliance, said about the solution: “By utilizing a secure IoT platform, they are also able to attest to the quality levels of the drugs and to ensure that these drugs do not fail during the supply process, which could impact the efficacy when taken by the patient.”
Security of IoT devices and networks is a complex problem requiring a comprehensive approach and creative solutions to deal with it. One possible means of enhancing security and reliability within the IoT ecosystem is the application of blockchain technology. By decentralizing IoT networks with blockchain and eliminating single points of failure, connected devices get additional protection and become less vulnerable to malware and other attacks. Other advantages of a decentralized IoT infrastructure include more autonomous operations and lower costs of network and infrastructure maintenance.
However, blockchain is not a panacea for all IoT security challenges. To authenticate and protect the fast-growing network of connected devices, a well-thought-out strategy and a combination of several approaches to IoT security are necessary.