05 Jun A blockchain future for Internet-of-Things security
Technologies have changed the way we live, particularly in our data-driven society. This is partly due to advances in semiconductor and communication technologies, which allow a multitude of devices to be connected over a network, providing us with ways to connect and communicate between machines and people (e.g. machine-to-machine). Such a trend is also commonly referred to as the Internet-of-Everything, comprising the Internet-of-Things (IoT), Internet-of-Medical-Things (IoMT), Internet-of-Battlefield-Things (IoBT), Internet-of-Vehicles (IoV), and so on. Given the pervasiveness of such devices in our society (e.g. in smart cities, smart grids and smart healthcare systems), security and privacy are two of several key concerns. In data-sensitive applications such as IoMT and IoBT, ensuring the security of the data, systems and the devices, as well as the privacy of the data and data computations, is crucial. However, a threat to a system can be the result of a security measure that is not well thought out.
A blockchain future?
Blockchain was originally used for recording financial transactions, where transactions are encoded and kept by all participants (e.g. Bitcoins and other cryptocurrencies). Thus, all transactions are transparent, and any modifications can be easily traced and detected. Blockchain can be applied to enhance IoT security. IoT technology will play an increasingly important role in our society for the near future, in both civilian and military (adversarial) contexts, including the Internet of Drones, Internet of Battlefield Things and Internet of Military Things. Not surprisingly, IoT security is a topic of ongoing research interest. While it is important for us to be able to detect and prevent existing threats, the capability to predict potential threats and attacks soon is also, if not more important. Hence, there is a pressing need for more extensive research in predictive IoT security. For example, how can we reliably and effectively identify potential IoT threat vectors to inform the formulation of a potential mitigation strategy (e.g. formulate a probable course of action for each identified threat). Owing to the time-sensitive nature of certain IoT applications (e.g. in military or adversarial contexts), the identification of potential IoT threat vectors and the formulation of probable course(s) of action should be automated, with minimal human intervention. We also observed the lack of publicly available IoT datasets and the absence of representative IoT datasets, both of which are important for IoT security research. Thus, we proposed the need for a standard to be established for IoT datasets that will facilitate the sharing of such datasets for research purposes. We also highlighted the potential of blockchain in sharing and distributing such datasets in a research network. Future research will include exploring how blockchain can be used as a collaborative security foundation to secure other IoT and related systems (e.g. cyber-physical systems).
It has been observed in a recent white paper from Microsoft that the processing power required for public blockchain networks—and associated energy costs—are prohibitive to enterprise scenarios […]. Put another way, the Bitcoin network consumes enough energy to power more than 1.3 million U.S. households. Therefore, one potential research agenda is to study the optimization of blockchains and blockchain-based platforms, such as the recently proposed open-source Coco Framework, which will reduce energy consumption while offering more effective and efficient services.
In addition to designing efficient and lightweight blockchain-based IoT security solutions, we need to monitor the emerging threat landscape. Some IoT devices may be located in publicly accessible areas, and in the event that an IoT device is physically under the control of an adversary, how can blockchain be used to guarantee the security and privacy of the data stored in the device? – and – How can blockchain be used to reduce the possibility of the hardware and software of an IoT device being compromised or tampered with if the device is physically accessible?
This is an excerpt of the journal article: A blockchain future for Internet-of-Things security: a position paper, by Banerjee, Mandrita; Lee, Junghee; Choo, Kim-Kwang Raymond. Published: October 31., 2017 in Digital Communications and Networks (in press), DOI: https://doi.org/10.1016/j.dcan.2017.10.006 under a Creative Commons Attribution License (CC BY 4.0).