How Blockchain Could Improve Internet of Things Security

Internet of Things Vulnerabilities

The network of internet-connected devices that makes up the Internet of Things (IoT) is designed to bring added efficiency, convenience, and personalization to consumers and businesses. But these benefits may not be realized unless the security, privacy, and ownership frameworks that these systems rely on are reexamined and updated to counter emerging challenges.

Several high-profile hacks on IoT networks display the danger in not securing these systems appropriately. During the 2016 Mirai botnet attacks, hackers were able to inject malware into a large swath of IoT devices, mainly security cameras. Devices were then used to overload Domain Name Service (DNS) providers and websites with spam messages, knocking out their service. In December 2019, hackers were able to infiltrate a smart security camera in a child’s bedroom and talk to the child.

While the era of IoT is full of promise, vulnerabilities in IoT networks can cause concern and slow the pace of adoption. But, with blockchain technology as its core architecture, IoT could become a more secure and decentralized system, providing end users with more privacy and control.

The Current IoT Architecture

Internet-of-Things networks currently use four connectivity models:

• Device to device: One device communicates with another device using Bluetooth or a similar protocol. This model is a popular implementation for smart homes, since the amount of data transferred and the space between devices is small.  

• Device to cloud: Using Wi-Fi or cellular connections, an IoT device connects to a cloud service, allowing users to access data from anywhere. This model allows homeowners to access home security camera footage from work. 

• Device to gateway: This model adds an intermediary device between the IoT device and the cloud. As an example, a fitness watch connects to a smartphone app, which acts as the gateway and shares information to a cloud service. 

• Backend data sharing: This model allows third parties to access IoT device data.

However, the connectivity models cited above come with certain loopholes that pose problems: 

•  For example, connected IoT devices can act as a path for hackers to jump from device to device. These kinds of chained attacks can allow hackers to exploit data from more than just a single IoT device. For instance, in a corporate scenario, a hacker could jump from a security camera behind the reception desk to the WiFi router, and with those two devices could then find ways to siphon data from the network-attached storage.

• Moreover, by jumping from device to device, hackers can obfuscate their tracks, making them nearly impossible to trace in the network. Attacks typically start because simple or default factory passwords are still in use. Hackers can have access to factory password lists or try various simple and popular passwords to gain access to IoT systems.

• In addition, cloud storage of IoT data, which is typically controlled by a central authority, can be vulnerable. Many cloud providers have been hacked, as attackers see an attractive target in large repositories of data from a huge number of users. Once hacked, attackers then could leak or use customers’ personal information for gain.

Integrating Blockchain and IoT

Blockchain technology can offer a number of benefits over the current standardized IoT architecture. Fundamentally, blockchain provides a decentralized network in which to share data. Implementing blockchain in IoT networks could help foster a decentralized structure that mitigates single points of failure. In addition, all transactions are recorded to the blockchain, which allows hacks to be tracked more efficiently and combatted more quickly.

To understand this fully, we must start with blockchain’s use of public-key cryptography. Public-key cryptography is a security system that utilizes corresponding pairs of keys — one key is public and can be shared, while the other is private and should be known only by the owner. This system allows data to be encrypted with the receiver’s public key, and only decrypted with the receiver’s private key. In this way, no unintended party can spy on the information being sent.

In addition to enhancing security of data transfer, public-key cryptography also enhances privacy because the mechanism of data transfer is pseudonymous, where personally identifiable information (like email addresses or names) are not used. Additionally, with privacy as the default, public-key cryptography allows only those with specific permission to view content, which means blockchain IoT users would not have to worry about how their data is collected, stored, or shared.

While there are real benefits to combining IoT and blockchain technology, there are still roadblocks for adoption. The scalability of blockchains today is unable to handle the billions of IoT devices currently on the market. As innovation continues in this area, blockchain-based IoT technology may very well develop into a secure and robust architecture on which myriad IoT devices can operate.