Could blockchain be the key to IoT security?

A framework has been published showing how blockchain technology can be used to enhance the security, privacy and manageability of IoT devices and networks.

Blockchain CyberAttackers CyberSecurity Hack CyberThreat Data Digital - Stock
Blockchains create an environment for IoT networks where there can be trust, anonymity and effective contracts between parties without any single vendor being in charge.

Blockchain technology – the basis of the Bitcoin currency – is a method of recording data, a digital ledger of transaction, agreements and contracts which is distributed across several hundreds or even thousands of computer around the world.

Paul Fremantle, of the University of Portsmouth’a School of Computing, analysed more than 50 systems for managing the Internet of Things (IoT), and found a large majority had no support for security or privacy, and few implemented robust controls.

This means the IoT is increasingly vulnerable to cyber-attacks, demonstrated last year when more than 100,000 IoT devices were taken over and used to attack the US internet, bringing down many of the systems across the East Coast.

Fremantle explained: “IoT is all about connecting devices to a network and enabling them to collect and share data. It can include anything from household objects like thermostats, light switches, doorbells and fridges, to toys, cars and medical devices.

“It’s a real concern that we’re buying these devices without thinking of the consequences. For example when you buy a fitness tracker it’s hard-coded to the company that sold it. If their network isn’t secure then your data isn’t secure.

“Some of these smart devices can access incredibly rich data. Google Nest knows what room a person is in and whether they’re asleep or awake. Monitors inside some of the latest cars can tell if a driver is male or female, or even whether the driver is pregnant.”

Fremantle’s research proposes a model leveraging the shared governance of blockchains. They create an environment for IoT networks where there can be trust, anonymity and effective contracts between parties without any single vendor being in charge, and without requiring any party to be trusted above another.

He has proposed a number of ways in which blockchains can improve the security and privacy of the IoT. However, a challenge remains: the processing, memory and code requirements of blockchains makes them incompatible with cheap, constrained IoT devices.

One proposal is a new approach that enables IoT devices to participate in a trusted blockchain. The proposal is to create a new system, called a Pythia – named after ancient Greek priestess at the temple of Apollo who acted as a go-between between the gods and humans – that acts as a trusted intermediary between blockchains and the internet-connected devices.

He concluded: “My vision of a blockchain-based IoT is in the preliminary stages, but we plan to start prototyping it shortly. Unless we solve the security problems soon, there will only be more serious attacks coming.”