Implementing Security in IoT Systems via Blockchain

Abstract

With today’s day and age rapidly going digital, the emergence of the Internet of Things has become prominent and IoT systems are now being applied to almost every field. IoT systems can be seen being applied to fields such as healthcare, agriculture, manufacturing, and many more. As IoT systems encompass numerous devices, each of these devices becomes a target for attacks and exploitation; thus, IoT systems have long been associated with issues related to security. Hence, making IoT systems secure and safe is of paramount importance. While the Internet of Things has become a technology that is extremely widespread today due to the wide range of advantages it provides including scalability, dependence, and ease of access; the shortcomings and possible loopholes should also be accounted for. Currently, a client/server model or a centralized model of networking is employed in IoT devices. These devices also use a single gateway to transfer data between them and connect through a cloud server. This model has lots of shortcomings like the high cost of centralized cloud maintenance and network equipment and the cost will continue to rise with the increase in the number of devices and the volume of data. A Single gateway is not very secure as it allows gaining access to a whole IoT network by compromising a single device. To tackle the issue of security, we propose the inclusion of blockchain technology. A Blockchain is a distributed ledger where data is stored across various nodes all over the world, this eliminates the single point of failure. This project proposes the plethora of benefits that blockchain technology offers and aims to tackle the security aspect of IoT systems.

Introduction

I. INTRODUCTION

The Internet of Things (IoT) is an arrangement of interrelated and internet-associated objects that are used to gather and transfer data over a wireless network without any human contact. Currently, the Internet of Things (IoT) uses a client/server model. The devices use a single gateway to transfer the data between them and then connect them through a cloud server. The model used here has been utilized over the last decades and is now no longer suitable for the increasing number of IoT devices and the volume of data that is being shared. The major shortcomings are the high cost of centralized cloud maintenance and the networking equipment. This will continue to rise with the proliferation of connected devices. The restriction on data exchange with other centralized infrastructures causes interoperability. The data collected by these devices are very sensitive and therefore a single gateway is not trustworthy, as it allows gaining access to the whole IoT network by compromising only a single device. There is a dire need of improving security in these devices. IoT devices are so popular that convenience is always prioritized over security.

Most consumers know about the issues and yet are willing to sacrifice their security for convenience. One of the examples is Amazon Echo. Although the employees of the company have admitted to listening to users’ conversations to improve the product, has barely impacted the sales figures of these devices. As the prospect of the devices in the infrastructure grows exponentially, it is becoming a big challenge to identify, secure and authenticate the devices. The current centralized security model will be exceedingly difficult and expensive to maintain, scale, and manage. It will be an easy target for DDoS attacks and introduces a single point of failure. This type of infrastructure will be extremely difficult to implement in an industrial setup where the edge nodes are widespread geographically. Blockchain can be used to improve security issues in IoT devices. A Blockchain is a distributed ledger where data is stored across various nodes all over the world which eliminates the single point of failure. In a blockchain ledger, data is stored on various nodes all over the world which eliminates the single point of failure. Before we add any data to the network, all nodes must approve and verify it. Therefore, no change will be allowed without a common agreement from all of the participants. This is named peer-to-peer communication and is used to protect blockchain transactions from attackers. Since there is no single server, there will be no chance of a man-in-the-middle attack, where hackers can grab the information sent between a server and a device. Blockchain is public which makes it accessible to everyone in the network.

All the participants can see the common history of all the stored blocks and transactions, but they need a private key to see the content. This gives complete transparency to all the operations and keeps the data safe at the same time. Therefore, once a piece of information is stored in a blockchain, it will be impossible to change it.

II. RELATED WORKS

Benedict Occhiogrosso and Daniel Minoli in their Research paper talk about IoT and its different types of applications. For unpleasant situations, we have a smart grid, intelligent transportation systems, and video surveillance health and they can also be used for business-oriented applications like banking, logistics, and insurance. While deploying these internets of things, we provide room for the attack which requires attention. This is because the data taken from these devices like managerial surveillance, decision making, and analytics is an area that gives many options for intrusion. The lack of security standards in the industry adopted internet of thing architectures also increases the chance of stealing data. We need comprehensive support for security in the IoT so that we can use these applications. Till now many security techniques and approaches have been tried and tested but none of them are up to the mark. We need a solution that follows the CIA triad.

Here C stands for confidentiality, which is making sure that the data packets are not examined. ‘I’ denotes Integrity which is making sure that the data packets received and stored have not been altered. A here stands for availability which is making sure these devices are not prevented from doing their functions properly. Blockchain can play an important role in securing many IoT applications by becoming part of security. Here a blockchain is a database that will store all the processed transactions, and data in a sequential order, which will be tamperproof to adversaries. All these transactions will be then shared by all the users. The information is kept as a public ledger that is impossible to modify. Every user in the system will retain the same ledger as all other users in the network. Blockchain which was just associated with digital currency now has many potential uses which can help us integrate security in IoT systems. Still, blockchains must be combined with other security mechanisms like NTRU cryptosystem and firewalling. The biggest advantage of blockchains is that they will work at the lower layer of the communications models and application layer.

Mubashir Husain Rehmani and Jinjun Chen in their Research paper talk about how as the internet of things systems are getting more revolutionized, all the objects in our everyday life are getting interconnected. These systems can link and communicate with each other and their surroundings for performing their tasks.

The interconnection between these systems requires security, robustness and proper authentication, and finally easy maintenance services. To provide all these facilities we will need blockchain. The decentralized nature can resolve many security, authentication issues, and maintenance problems we face in our current IoT systems. However, the IoT network is public, and transactional details and encrypted keys are visible to everyone in the network. Thus, any problem can leak critical information. For this, we need to implement privacy preservation techniques to make blockchain more secure. We need to use a blockchain because it has transparent logs, secure transactions, no third-party interference, easy backtracking, and a digital ledger to keep updated records. To make it more secure, we can use public and private keys to preserve identity and privacy which will help in encryption. For the private contract between nodes, we will only allow programmable contracts concerning nodes containing transactional details. We can also combine and merge transactions to hide the original identity. We also need to add data perturbation to make data indistinguishable. These strategies can improve the security of blockchain-based IoT systems.

Muhammad Azahar Mushtaq and Abid Sultan in their Review paper talk about how the Internet of things has gained a lot of popularity and is being used in the banking sector, medical centers, and even in healthcare. Sadly, these IoT network devices operate on very less computing power, low storage capacity, and limited network bandwidth. This makes them more vulnerable than other endpoint devices such as a smartphone. Moreover, as it becomes more popular the computing infrastructure of these devices is getting complicated. This can give rise to cyber-attacks. In recent times blockchain has come forward as it has many characteristics to solve different issues which are faced by IoT network devices. Blockchain maintains a distributed database of records. It has proof of all the work done between the network nodes.

These transactions are immutable. The nodes will communicate with the blockchain network with combinations of public and private keys. The user will use their private key to digitally sign all their transactions and then will be able to access the network with their public key.

All the transactions are then verified by all the nodes which are in the blockchain network except the node which initiated the transaction. In this process, invalid transactions are removed. By using blockchain technology, it makes the device capable of doing everything without a third party, therefore making it risk-free from a third party. Many IoT issues are solved by blockchain characteristics like data privacy issues can be solved by decentralization, anonymity, and smart contract.

Rahul Agarwal, Pratik Verma, and Umang Goel in their Research paper talk about the Internet of things infrastructures like smart cities and smart buildings which are having two major disadvantages which are lack of trust between the entities of the system and that a single point of failure which will be a vulnerability can destroy the whole system. We need a blockchain-based IoT security solution so that trust can be established through the decentralized and immutable nature of blockchain. The distributed nature will make the system more immune to a single point of failure. All the user interactions in the IoT will be stored in the blockchain as a transaction and the sequence of all the transactions will represent the user’s trail in IoT. Along with the normal encryption system, every interaction will be mediated with a crypto token which can only be used by an authorized user. The generation of these tokens will depend on the user's current state and all the possible actions. The tokens will not be generated if there is a case of suspicious action. Using prediction models, we will pre-generate crypto tokens. This will enhance the security of the system without troubling the user as the tokens will be already pre-generated.

Zhang, Zibin Zheng, and Hong-Ning Dai in their survey talk about how the Internet of things is advancing and creating smart cities with data-driven decision applications, these features are resulting in more challenges like decentralization, bad interoperability, and security vulnerabilities. Blockchain technology can help us with these problems. There is a big issue in the complexity of networks. This is because there are a huge number of network protocols coexisting in IoT. These include Bluetooth, Sigfox, and NFC, all of which offer different network services. As stated, the poor interoperability in both hardware and software to properly make use of information and collaborate. Due to the heterogeneity of IoT systems,  we face a huge challenge to exchange data between different sectors. Also, these IoT devices such as sensors, RFID tags, and actuators suffer from resource constraints which include battery power, and storage resources. Blockchain can help us with these challenges due to its characteristics. With blockchain, the transaction between two peers is validated without the need for authentication, therefore, reducing the service cost. They also consist of a large, linked chain of blocks where each link is an inverse hash point of the previous block. Therefore, any modification on the previous block disapproves all the consequently generated blocks. During this, the root hash of the Merkle tree stores the hash of all the committed transactions. Any change on any of the transactions will generate a new Merkle root. With this, any type of security issue can be detected. It will also help in the interoperability issue by storing the IoT data in blockchains.

Eman M, Abou Nassar, and Abdullah M Iliyasu in their paper talk about the blockchain-based trust models for healthcare IoT systems. One of the applications of IoT in healthcare systems. Here, different devices are synchronized to create an IoT network, especially for healthcare assessment. These systems collect information from different sensing devices and for efficient handling of the heterogeneity, it will require interoperability and trust issues support. This is a key challenge in achieving integration between all the systems. To provide trustworthy information, we use distributed service which makes sure that the information stays immutable. All of these requirements get fulfilled by Blockchain. Blockchain will ensure data reliability and would permit institutions to share and safely move the data. It will provide a paradigm shift in securing ways we share information. This will help in improving decentralized storage, distributed ledger, authentication, interoperability, and facilitating secure interactions between nodes like patients, healthcare providers, and suppliers. Moreover, whenever a new transaction is added to the chain, everyone in the network must validate it. This will happen by applying an algorithm that verifies the transaction but the term “valid” is always defined by the system and differs from other systems. Therefore, to confirm the validity of a transaction is done by the majority of the people. Lei Hang and Do-Hyeun Kim talk about how IoT-based technologies are opening new opportunities in various aspects of our lives. With the help of network technology and embedded computing hardware, we can make large-scale autonomous IoT systems. IoT works in unattended environments and these wireless sensor networks are the most vulnerable. Most IoT systems depend on the centralized architecture by connecting to cloud servers. Though this solution helps in computation and data management, it still has security issues. One of the biggest disadvantages is that it has a single point of failure which compromises the entire data center. That’s why it will be important to implement a secure environment. Using blockchain we get many advantages like transparency, enhanced security, improved traceability, low cost, and requires no third-party intervention. For proving their proposed concept, they implemented their approach using Raspberry pi and other devices. After evaluation, it had a steady level and effective transaction execution. They also compared with other existing designed systems which showed the significance of the new proposed system. Michael P Anderson and John Kolb in their paper talk about the importance of authorization. It is a very crucial security component of many systems. They propose a fully decentralized authorization system that will operate at a global scale providing fine-grained permissions, and proofs of permission that are efficiently verified by using smart contracts on a blockchain it will be resistant to DoS attacks without relying on a central trusted party. They have presented a mechanism for protecting out-of-band channels. They implemented their proposed system; WAVE and it has shown a positive response and can support city-scale federation with many participants and infrastructures. The final evaluation shows that WAVE is efficient enough for all the applications.

Dinan Fakhri and Kusprasapta Mutijarsa in their paper talk about secure IoT communication using the technology of blockchain. As the development of IoT is growing, it is also increasing security problems because of the many violations of security policies. Blockchain can solve all the security issues of IoT. One of the ways is to make secure communication between all the devices. To show the importance of Blockchain they created 2 IoT systems, one with blockchain and one without blockchain, and compared them. The communication protocol used is MQTT and Ethereum. They have analyzed both systems by simulating attacks and observing the outcome. After carrying out various tests, it was proven by them that the IoT system using blockchain technology was better and was able to solve security problems.

Bandar Alotaibi, in this paper, has surveyed and highlighted recent advancements in security to overcome IoT limitations using blockchain. The author has demonstrated how the blockchain attempts to overcome IoT limitations concerning Cyber Security. They can be thus divided into 4 types: end-to-end traceability; data privacy and anonymity; identity verification and authentication; and confidentiality, data integrity, and availability (CIA). This paper also explores systematic processes for future purposes. Successful IoT applications and methods (those related to cyber security) are investigated to show how the integration of advanced technologies like blockchain along with IoT can indeed be extremely beneficial. Finally, the potential challenges that might thwart the integration of IoT and blockchain are summarized.

Steve Huckle, Rituparna Bhattacharya, Martin White, and Natalia Beloff have discussed regarding importance of the internet of things and blockchain technology in shared economy applications. The paper is focused on creating decentralized and shared economy applications via blockchain to secure things. They have introduced an IOT design fiction called ExpressIT taking into various use case scenarios. Moreover, they also explored the Sussex team’s research relationship with IoT. With the collaboration of their industrial partner, they are focusing on application scenarios and the implementation of Dapps. It also explores how IoT and distributed ledger technologies can provide a great chance to develop distributed applications for the sharing economy.

S. Sicari, A. Rizzardi, L.A. Grieco, and Coen-PorisiniIn have presented the main research challenges and the existing solutions in the field of IoT security. They also have identified open issues and suggested some solutions for future purposes. The paper analyses and presents the existing approaches which include confidentiality and access control in IoT, privacy and trust issues, and about policies enforcement in IoT applications. As this paper investigates and highlights many open issues, there is a need to further research the IoT security field. The research and survey conducted by the authors through this paper demonstrated that appropriate solutions must be developed and designed which will therefore provide a guarantee regarding confidentiality, access control,  and trustworthiness.

Konstantinos Christidis and Michael Devetsikiotis have reviewed the mechanism of blockchain and smart contracts in IoT. They have demonstrated a detailed view of how a blockchain network works and operates, and how interactions between transacting parties in the network take place. Authors also have demonstrated how blockchain-IOT combination can facilitate the sharing of services which could then lead to the creation of a marketplace of services between devices. They also have addressed the issues and concerns that an IOT developer might need to keep in consideration while deploying the IoT on blockchain applications. This will then allow and enable the reader to identify potential new use cases, and thereby allow them to make well-informed and educated decisions regarding the integration of a blockchain in their project. Rodrigo Roman, Jianying Zhou, and Javier Lopez in this paper aim to supply a particular analysis of the features and security challenges of the distributed approach of the IoT, to understand what's its place within the Future Internet. Numerous challenges have got to be solved, like assuring interoperability, reaching a business model, and managing the authentication and authorization of entities. Still, there are multiple benefits as well. Since intelligence is not targeting a limited set of centralized application platforms – although these platforms also can exist to supply additional support – scalability is improved. Data is managed by the distributed entities; thus, it is possible not only to push/pull data only needed but also to implement specific privacy policies. Nevertheless, both added trust and fault tolerance mechanisms can be specially devised and implemented here. These and other benefits show that this approach is useful and applicable to the important world. To conclude, the authors discuss the possibility of the coexistence of both centralized and distributed approaches. This provides the foundations of a full-fledged Internet of Things.

Muhammad Salek Ali, Koustabh Dolui, and Fabio Antonelli in this paper aim to propose a decentralized access model for IoT data. For this, they will use a network architecture that they call a modular consortium architecture for IoT and blockchains. The proposed architecture in this paper enables and allows IoT communications over a software stack of blockchains and peer-to-peer data storage mechanisms. The principal aim here is to have in-built privacy and adaptability for multiple IoT use cases. Further, to account for the feasibility and deployment of this proposed architecture, the authors consider two blockchain platforms- Ethereum and Monax; and carry out a performance analysis.

Xueping Liang, Juan Zhao, Sachin Shetty, and Danyi Li present the thought of securing drone data collection and communication together with a public blockchain for provisioning data integrity and cloud auditing. The assessment of the framework as proposed by the authors shows that it is/can be a secure, reliable, and distributed system for drone data assurance. Further, it is resilient and robust with a reasonable overhead which can also support scalability. The drone has the potential to be widely adopted and leveraged in future IoT applications with its capability to sense and deliver in a less limited range of locations. In this paper, they propose a general architecture for drone data collection and control using blockchain, making it a step closer to such a vision that drone-based applications can collect sensor data and be controlled in a trusted and dependable way while reducing potential attacks and data losses. This system can provide reliability and accountability, as well as data assurance for real-time data collection and drone control.

 Yu Zhang and Jiangtao Wen propose an IoT E-business model, which is exclusively designed for the IoT E-business. The authors also redesign many aspects of the traditional e-business models. Lastly, the authors realize the transaction of smart property and paid data on the IoT with the assistance of P2P trade supported by the Blockchain and smart contract. They have proposed a business model for IoT. They start with the introduction of DACs and introduce them into the IoT E-business model. they also discuss details of the IoT E-business model from the entity, commodity, and transaction process, in which they study the 4 stages of the traditional E-business (i.e., they are Pre-transaction preparation stage, Negotiation stage, Contract signing stage and Contract fulfillment stage.) and redivide them according to the feature of IoT E-business model. To achieve the complete decentration of the IoT E-business model, they propose a P2P transaction mode on the IoT based on the Blockchain.

Mandrita Banerjee, JungeeLee, Kim-Kwang, and Raymond Choo make a plethora of observations in this paper. This includes the shortage and lack of publicly available IoT datasets that can be used by individuals or research communities/ organizations. The authors believe that due to the volatile and rather sensitive nature of datasets, a mechanism must be devised that allows sharing of IoT datasets among researchers, stakeholders, and all relevant organizations. Thus, the authors explain the potential for blockchain technology and how this can help in facilitating secure sharing of IoT datasets and securing IoT systems, before presenting two conceptual blockchain-based approaches.

Antonio Vetro and Juan Carlos De Martin in this paper found 18 use cases of blockchain in the literature. Among these, four are exclusively designed for the Internet of Things. They also found some use cases that are designed for private-by-design data management. They also found several issues in anonymity, integrity, and adaptability. With regards to anonymity, the authors there exist a guarantee of only pseudonymity in the blockchain. Regarding adaptability and integrity, they found that the integrity of the blockchain largely depends on the high difficulty of the Proof-of-Work and the massive number of honest miners, but at an equivalent time, a difficult Proof-of-Work limits the adaptability. They documented and categorized the present uses of the blockchain and provided some recommendations for future work to deal with the above-mentioned issues. They conducted a Systematic Literature Review to investigate which are the use cases of the blockchain in the literature and which factors affect the integrity, anonymity, and adaptability of this technology. The goal of our research is to leverage the blockchain and P2P approaches for a private-by-design IoT where data produced by devices are not entrusted to centralized companies.

In this paper, Ali Dorri, Salil S. Kanhere, Raja Jurdak, and Praveen Gauravaram deliver an outline of the various core components and functions of the smart home tier. The authors explain how every single smart home is equipped with a miner. This miner is constantly online and is a high-resource device. It is this miner that is responsible for handling all internal and external communication. The miner holds and preserves a private, safe, and secure blockchain. This is used to audit and control communication. The authors illustrate the security of this propose Blockchain-based smart-home system by deep analysis of its security. This is done by accounting for the CIA triad-confidentiality, integrity, and availability. Lastly, the authors present the results of the simulation to highlight that the overhead that has been introduced by this approach is negligible in comparison to the security and privacy gains.

In this paper, Ana Reyna, Cristian Martín, Jaime Chen, Enrique Soler, and Manuel Díaz present the challenges of IoT and blockchain,  and therefore the potential advantages of their combined use are going to be analyzed. Disruptive applications in this area are getting to be highlighted additionally to a review of the available blockchain platforms to affect these challenges. the most contributions of the paper survey on blockchain technology, analyzing its unique features and open challenges, Identification, and analysis of the varied ways of integrating IoT and blockchain, the study of challenges, potential benefits, and open problems with the mixing of blockchain and IoT, study of existing blockchain–IoT platforms and applications, Evaluation, and comparison of the performance of various blockchains in an IoT device. This paper investigates this relationship, challenges that are present in blockchain IoT applications, and lastly, sheds light on how the real-time application of blockchain in IoT systems can be incredibly beneficial.

In this paper, Tiago M. Fernández-Caramés and Paula Fraga-Lamas are objectifying a meticulous review on how to adapt blockchain to the specific needs of IoT to develop Blockchain-based IoT (BIoT) applications. After objectifying the basics of blockchain, the most relevant BIoT applications are described to emphasize how blockchain can knock traditional cloud-centered IoT applications. Further, the current challenges present followed by the possible optimizations are discussed concerning multiple factors that include the effect on the design, development, and deployment of a BIoT application. Finally, some recommendations are specified to guide future BIoT researchers and developers on some of the issues that will have to be tackled before deploying the next generation of BIoT applications.

In this paper, Nir Kshetri, Rick Kuhn, and Tim Weil express their idea of if and how Blockchain strengthens the Internet of Things. First, they discuss what Blockchain is and how it functions. Nir Kshetri tells that blockchain which is a kind of ledger tech which has been stated in the popular press as one of the next big things. He answers different kinds of questions in this paper such as why Blockchain and how it can help in improving the Internet of Things. Later in the paper, he tells different ways to incorporate blockchain into the Internet of Things security. The paper further shows a tabular representation of the challenges faced in the Internet of things their explanation and certain potential blockchain solutions as remedies to these challenges. He tells that blockchain-based identity and access management s