Blockchain – the silver bullet for IoT’s security challenges?
Republished with the kind permission of author
Ms. Astrid Vikström
Head of Communications & PR, Nova and
SIA Intern (UK-based)
Originally published in Trade Finance Global, 19/07/2018
Cue the IoT
The Internet of Things (IoT) has emerged as an area of considerable traction with the advent of smart devices (cars, houses, gadgets) – a product group predicted by Cisco Inc. to include 50 bn connected devices worldwide by 2020. The paradigmatic shift to IoT brings with it significant new cyber security challenges (Jianli and Zhicheng, 2018), due to these connected devices having limited storage, network and computational capacity, exposing them to malicious cyber attacks or being hijacked to overpower targeted servers (Jianli and Zhicheng, 2018; Khan and Salah, 2018). BT has by many been hailed as the silver bullet for these security issues, as it in theory provides an access authentication and privacy protection solution currently missing in the IoT (Kshetri, 2017a).
Still, the technology remains in its infancy, and it seems too early in the development and application of the technology before a explicit strategy of how BT should be used to strengthen the IoT can be described (Dickson, 2016; Kshieri, 2017b).
What is the IoT?
IoT architecture consists of four building blocks (i) ‘things’, (ii) gateways, (iii) network infrastructure and (iv) cloud infrastructure (Ahmed, 2017). Current IoT systems rely on centralized communication models (Ahmed, 2017), and are expensive because of the high maintenance costs associated with the servers and networking equipment needed to run them. Considering this, the projected multiplication of connected devices presents a momentous challenge to be overcome (Dickson, 2016).
The current centralised structure of the IoT is vulnerable to malicious attacks because of connected devices’ limited capability to run encryption, authentication and access control programmes, making data security and privacy a concern (Dickson, 2016; Ahmed, 2017; Jianli and Zhicheng, 2018). Additionally, the cloud servers constitute a bottleneck single point of failure that if compromised can disrupt entire networks (Ahmed, 2017).
Why decentralisation?
It is suggested that a decentralised approach to the IoT would solve these issues. As a standardised peer-to-peer communication model only engaging those units directly involved in the transaction, it would be able to significantly reduce need for centralised data centres by distributing the storage and computation needs across the devices connected to the network, preventing entire networks from collapsing by failure in one unit (Ahmed, 2017).
BT (a decentralised, shared and immutable database ledger registering and storing anonymous transactions in a peer-to-peer network, comprised of time-stamped blocks of data validated by the adjacent blocks involved in the transaction (Khan and Salah, 2018), has been hailed as the silver bullet for the IoT’s security challenges by providing the robust cyber security solution, and privacy protection it is missing (Kshetri, 2017a).
The big advantages of BT is its transparency without revealing the exact content of the transaction. BT maintains a public ledger that permanently records the transactions flowing between the blocks in the chain. Crucially, and this is potentially the strongest selling point for BT, transaction data is not stored or collected centrally, but protected and shared only among the parties involved in the transaction (Kshieri, 2017b). It is hailed as being more democratic, as there is no central authority that approves transactions or sets rules (Ahmed, 2017).
Single points of failure are theoretically eliminated because of the decentralised structure where each block contains a full copy of all the transactions preceding it (Ahmed, 2017), also addressing the issue with disaster recovery (Dai, et al., 2017). However, a decentralised model brings its own security challenges.
Is blockchain technology scalable?
Technical issues with the scalability of the BT model model due to processing power and time, as well as the storage and process capacity of individual devices, currently present a challenge to the proliferation of BT (Dickson, 2016; Ahmed, 2017; Dai et al., 2017). Furthermore, a lack of people with thorough understanding of how BT works, combined with regulatory and compliance issues, are other challenges that need to be overcome before BT in IoT can take hold substantially (Ahmed, 2017). BT is by definition self-regulated, a politically divisive issue as there is concern that such an approach would not sufficiently resolve the issue of illicit and fraudulent use of this decentralised technology (Trautman, 2016).
What does this mean for the future of IoT and blockchain?
Substantial security measures must be built in as a foundation of BT-based IoT systems. Additionally, as IoT systems interact, a universal (or at least widely agreed upon) interoperability standard is essential (Ahmed, 2017; Dickson, 2016). Crucially, it seems like some of the key security challenges associated with centralised cloud computing can be addressed using the decentralised BT model, which enables verification of the attributes it carries. The constant verification of transactions taking place, combined with identification and authorisation processes as well as access management systems without the need to channel them through a centralised authority, do present an interesting opportunity to address security and processing capacity issues with the centralised model (Kshieri, 2017b). The field is receiving more attention as of late, which likely means that the current technological shortcomings BT is faced with soon will be overcome, consider for example the ramifications of IBM’s quantum computer.
Thus, it must be emphasised that applications of BT still are in early stages of development, with a long process of perfecting the technology before it can be introduces on a systemic scale (Dai, et al., 2017; Kshieri, 2017b). Thus, it is still too early to conclude that BT will, or will not be the answer to the security challenges of the fast evolving IoT industry.
What can be established is that there are some promising opportunities present for the IoT where autonomous decentralised networks will have a decisive role (Dickson, 2016), especially in when combined with AI and machine-to-machine learning.