03 Oct Leveraging Blockchain And The Internet-of-Things for Better Cybersecurity
IoT devices make life easier, but they create huge risk
– Alex Momot, CEO at REMME
Ukraine — Oct. 3, 2018
It’s estimated that the IoT industry will triple in value by 2020 to $457 billion from 2016’s estimated $157 billion valuation. As more devices functionally depend on a connection to the Internet, more data is exposed to opportunistic attackers. This huge mesh of interconnected devices transfers anything from personal information to authentication keys that could be extracted by attackers. In the last several years, centralized services have seen its fair share of security flaws, and blockchain technology has the answers to solve this predicament.
IoT – A Hacker’s Playground
The IoT industry has been responsible for many of the security blunders leading to data breaches and worldwide network outages. XiongMai Technologies, a maker of digital cameras and video recorders, was accused of the proliferation of cheap IoT devices responsible for a massive attack on Internet infrastructure including DNS. Devices shipped with a preconfigured administrator password were hacked and used to cause worldwide Internet disruption.
Garage door openers authenticating to the cloud were shown to be vulnerable to remote “bricking,” making them unusable. Even worse, some were shown to allow attackers access to residences after devices were remotely hijacked from authentication failure. IoT connected cars were reported with indefensible security when attackers were able to disable airbags, parking sensors and active safety systems remotely. The list goes on with numerous other devices leaving consumers vulnerable to massive privacy breaches and safety violations.
IoT is engrained in several industries from smart home technology such as Nest to manufacturing equipment cloud-ready for monitoring. These devices make life easier, but it has come at the cost of data security. The IoT industry continues to grow at a rapid pace, but its security features aren’t keeping up.
Although blockchain isn’t new technology, its first time in the limelight came with the 2017 surge of Bitcoin popularity. Since December 2017, researchers and security experts believe that IoT and blockchain go hand-in-hand, and the two technologies combined can solve many of the current security and privacy issues plaguing IoT since its induction into everyday lives.
A Light Introduction to Blockchain
Before discussing blockchain’s security benefits, it’s important to understand its decentralized environment. The traditional client-server centralized distribution of service is completely transformed with blockchain. Instead of sending data to one secure server, blockchain is a distributed ledger that logs activity. Any activity including access to a digital asset is immutably recorded. Once a block is added to the register, it can’t be manipulated or destroyed. Only additional blocks can be added to the chain.
In a distributed application, no one “owns” the database. Data is secured using hashing functions that would take significant computing power to break. Should one computer disconnect from the Internet, the blockchain itself is still functional because it’s located on distributed servers across the globe.
Blockchain introduces a trustless way to distribute data giving ownership of data to an individual. Any changes to data can’t be done without the authorization of the owner, and individuals fully control their own data records. Data owners have the lock and key for their information, and any access and changes are logged for auditing purposes. One factor in blockchain security is you hold the keys to your data and not a third-party.
Coupling IoT and Blockchain
Blockchain gives us an immutable, distributed way to track data and IoT with its billions of connections needs a way to protect itself. By combining IoT with blockchain, enterprise and individual users have a way to create a reliable, secure network that protects data from attackers.
Take the XiongMai Technologies debacle where it manufactured thousands of video devices with a known, pre-installed administrative password. Instead of releasing devices with security flaws, an IoT device can be built with a chip that contains a unique cryptographic hashed value. Manufacturers can release updates to its devices and connect with them using this unique ID and blockchain. IoT devices are automatically updated only after conditions created by blockchain functions are met identifying the right owner and recipient.
IoT and blockchain offer the biggest benefit to the supply chain and logistics industries. Manufacturing companies deal with temperature sensors and shipments of product that move from a warehouse, to a retail outlet to the consumer. Several conditions must be met especially in the pharmaceutical industry where shipments must be kept in certain temperature ranges and products must be signed for during delivery. Currently, these processes use a centralized cloud system that authorizes and logs information from IoT devices installed on trucking equipment or tablets carried by delivery staff.
By introducing blockchain to the supply chain industry, every step in the manufacturing and delivery stage can be immutably recorded for auditing purposes. Every location has its own copy of the blockchain, so even one outage wouldn’t interfere with standard procedures. Since blockchain ledgers can’t be changed, manufacturers, retailers and consumers are ensured that the right steps were taken to transport product.
Security isn’t the only benefit of blockchain with IoT. New systems are expensive between development time, testing and deployment. Since there is no intermediary with blockchain, a reduction of cost for new development adds to its benefit. Other advantages include:
- Track sensors and shipments with duplication prevention
- Identification of IoT devices and authentication using the latest cryptography
- Elimination of third-party centralized trust that can be broken using a myriad of attack techniques
- 100 percent reliability and availability due to distribution of the ledger across thousands of machines
- Peer-to-peer communication without centralized bottlenecks
- Auditing and monitoring of added IoT devices
Elimination of Expensive Data Breaches
The aftermath of a data breach involves litigation, expensive reparations, and a loss in trust with consumers. With blockchain and IoT, this “trustless” environment is more secure, and any activity can be audited without tampering. No more downtime due to DDoS attacks, heavy fines from breach of regulatory standards, and a loss of several servers can’t take out blockchain’s reliability.
The real challenge is securing authentication in a safe IoT ecosystem. Traditional authentication systems are not designed well for IoT connectivity. A decentralized authentication platform such as REMME based on blockchain is much more resilient against DDoS and data tampering cyber attacks. With REMME, you eliminate a single point of failure for attackers to exploit.
IoT is here to stay, and it’s only grown in popularity. Consumers entrust their data on these devices, but current security isn’t enough. Connecting IoT devices to a blockchain eliminates much of the vulnerabilities of today’s modern security traditions. When manufacturers implement blockchain, the Internet will be a safer place for consumers.
– Alex Momot is CEO at REMME
REMME is here to make sure the bad guys can’t hack the autopilot of a self-driving car to cause it to crash into a crowded street; prevent villains from launching a biological attack using just one laptop, and to stop anarchist hackers from compromising presidential election results.