888-501-5580 [email protected]
Blockchain Technology Securing IoT Infrastructure

Blockchain Technology Securing IoT Infrastructure

The growth of the Internet-of-Things (IoT) paradigm begs the question if blockchain technology securing IoT infrastructure properly or not?  Currently propelled by an unprecedented increase in the number of internet-connected devices. Even though the Cisco’s 2011 projection about 50 billion devices in 2020 is not ending up being very accurate, more recent estimates by Gartner and IHS confirm the tremendous growth of the number of IoT devices.

Blockchain Technology Securing IoT infrastructure

 

 

The need to support billions of devices in the years to come is inevitably pushing IoT technologies to their limits. Despite significant progress in blockchain technology, the specification and implementation of IoT technologies for identification, discovery, data exchange, analytics and security, the future scale of IoT infrastructure and services is creating new challenges and ask for new paradigms.

As a prominent example, IoT security is usually based on centralized models, which are centered round dedicated clusters or clouds that undertake to provide authentication, authorization and encryption services for IoT transactions. Such centralized models are nowadays providing satisfactory protection against adversaries and security threats.

Nevertheless, their scalability towards handling millions of IoT nodes and billions of transactions between them can be questioned, given also recent IoT-related security attacks which have manifested the vulnerabilities of existing infrastructures and illustrated the scale of the potential damage.

In particular, back in October 2016, a large scale Distributed Denial of Service (DDoS) attack took place, which affected prominent Internet sites such as Twitter, Amazon, Spotify, Netflix and Reddit. The attack exploited vulnerabilities in IoT devices in order to target the infrastructures of dyn.com, a global infrastructure and operations provider, which serves major Internet Sites.

The incident is indicative of the need for new IoT security paradigms, which are less susceptible to attacks by distributed devices and more resilient in terms of the authentication and authorization of devices. In quest for novel, decentralized security paradigms, the IoT community is increasingly paying attention to blockchain technology, which provides an infinitely scalable distributed ledger for logging peer to peer transactions between distrusted computing nodes and devices.

Most of the people that are aware of the paradigm to blockchain technology securing IoT perceive it as the main building block underpinning cryptocurrencies such as the well-known BitCoin. Indeed, the main characteristic of Bitcoin transactions is that they are not authenticated by a Trusted Third Party (TTP), as is the case with conventional banking transactions.

In the case of the BitCoin, there is no central entity keeping track of the ledger of interactions between the different parties as a means of ensuring the validity of the transactions between them. Instead, any transaction occurring between two parties (e.g., A paying 1 Bitcoin to B) is kept in a distributed ledger, which is maintained by all participants of the BitCoin network and which is empowered by blockchain technology. Among the merits of this distributed ledger approach is that it is very scalable and more robust when compared to traditional centralized infrastructure.

This is due to the fact that the validation of transactions is computationally distributed across multiple nodes, as well as due to the fact that the validation requires the consensus (“majority vote”) of the whole network of communicating parties, instead of relying on a centralized entity. In this way, it is practically impossible for an adversary to attack the network, since this would require attacking the majority of nodes instead of one or a few parties.

Can blockchain technology secure IoT data and devices

The scalability and resilience properties of the blockchain approach have given rise to its applications in other areas such as electronic voting or IoT transactions. The principle remains the same:

Transactions are logged in the distributed ledger and validated based on the majority of nodes, even though in the case of voting and other transactions Bitcoin units are replaced by votes or credits.

This results in a trustful and resilient infrastructure, which does not have a single point of failure.

Based on the above principle, blockchain is deployed as an element of IoT infrastructures and services, which signifies a shift from a centralized brokerage model, to a fully distributed mesh network that ensures security, reliability and trustworthiness. Blockchain technology securing IoT infrastructure facilitates devices to authenticate themselves as part of their peer-to-peer interactions, while at the same time increasing the resilience of their interactions against malicious adversaries. Moreover, this can be done in a scalable way, which scales up to the billions of devices and trillions of interactions that will be happening in the coming years.

Cases IoT Blockchain Technology Securing IoT

 

 

The development of secure mesh IoT networks based on blockchain technology is no longer a theoretical concept. During the last couple of years several companies (including high-tech startups) have been using blockchain technology in order to offer novel IoT products and services. The most prominent implementations concern the area of supply chain management. For example, modum.io is applying blockchain in the pharmaceuticals supply chain, as means of ensuring drug safety.

The company’s service uses the blockchain technology in order to log all transactions of a drug’s lifecycle, starting from its manufacturing to its actual use by a health professional or patient. Recently, the retail giant Wal-Mart Stores Inc. has announced a food products track and trace pilot based on blockchain technology. The pilot will document all the steps associated with tracking and tracing of pork, from the farm where the food is grown, to the supermarket floor where it is shipped. This pilot is a first of a kind effort to validate the merits of the blockchain outside the scope of the financial services industry.

Beyond supply chain implementations, novel products are expected to emerge in the areas of connected vehicles, white appliances and more. Several of the applications are expected to benefit from blockchain’s ability to facilitate the implementation of monetization schemes for the interaction between devices. In particular, as part of blockchain implementations, sensors and other IoT devices can be granted micropayments in exchange of their data.

The concept has already been implemented by company tilepay, which enables trading of data produced by IoT devices in a secure on-line marketplace. At the same time, cloud-based infrastructures enabling developers to create novel blockchain applications are emerging. As prominent example Microsoft is providing a Blockchain-as-a-Service (BaaS) infrastructure as part of its Azure suite.

Overall, blockchain technology is a promising paradigm for securing the future IoT infrastructures. Early implementations are only scratching the surface of blockchain’s potential. We expect to see more and more innovative products in the next few years.

In this direction, several challenges need also to be addressed, such as the customization of consensus (i.e. “majority-voting”) models for IoT transactions, as well as efficient ways for carrying out the computationally intensive process of transaction verification. Solutions to these challenges will certainly boost the rapid uptake of this technology in the IoT technology landscape.

 

Mobile BYOD Security IT Best Practices

Mobile BYOD Security IT Best Practices

Mobile BYOD security is always an issue for IT and security.  Going online increasingly means going mobile. “There’s an app for that” is the truth these days. Unfortunately, mobile device security brings the same set of concerns that full computer and cloud systems are battling – threats, hacking, and ransomware.

The biggest security threat to mobile devices that is not found in desktops or servers is that very mobility. In mid-2015, 2.1 million Americans reported their mobile phones lost or stolen according to Consumer Reports.  That’s a drop. Add tablets and the count is higher, but still less than what it has been. CR doesn’t try to say why the number of missing devices is down.

Mobile BYOD Security in the Work Environment

The ability to wipe data or lock down a smartphone was considered high end security. Apple led the pack in that kind of security, but even the vaunted iPhone was hacked. It’s probably easier than you think. “More than 86% of Apple iPhones in the world are apparently still vulnerable to a security flaw that allows a hacker to completely take over the device with just a text message, according to data from mobile and web analytics firm MixPanel,” said a report at Business Insider.

It does not matter if your work environment is BYOD or company-supplied. Once the mobile device is gone, expect it to be hacked.  Think a remote wipe of the mobile device is going to protect your information? It won’t. A quick google on “recover lost data from smartphone” turned up plenty of companies selling information-recovery software.

YouTube also has plenty of videos teaching people how to recover files from a smartphone. While these tutorials are aimed at helping someone find and restore “lost” photos or text messages, there’s not a real difference between a picture of someone’s kids at the park and a file with a client’s payment information. Data is data.

Some of these ideas are worth adding to your company’s mobile BYOD security policies.

  1. Lock it. Set a strong passcode or password on company-supplied devices. The more numbers used, the better. Get the IT staff to set passwords or codes. A lot of employees, if allowed to do it themselves, will choose something simple or something personal like a birthday for numbers or children’s names for passwords. For BYOD either limit access to sensitive information or have IT set strong codes for access to those files.
  2. Auto erase after failed unlocks. Restoring deleted data is cheaper than covering losses from a hack.
  3. No public charging stations. Viruses and malware at public charging stations have been around for years. CNBC said the problem is getting worse.  “Here is how it works: The cybercriminal needs to hide an HDMI [high-definition multimedia interface] splitter and recorder in the charging station. Most smartphones are now HDMI-enabled so you can share images from the phone onto a TV. Once plugged in, the station uses the built-in HDMI to record everything done on the smartphone without the user’s knowledge.”

None of these are guaranteed to stop a dedicated hacker when it comes to mobile device security.   But they will frustrate someone who stole the phone or tablet and hoped for an easy score. They can also create enough of a delay for you to lock out the device from your system and alert any customers whose information may be compromised.

Enable Stronger Mobile BYOD Security

The US Computer Emergency Readiness Team (CERT) says mobile hacks are steadily climbing. The report lists things to do to protect mobile devices.  CERT’s best security ideas are:

 

  • Don’t put sensitive information on mobile devices. May not be practical, but this is the best mobile BYOD security policy.
  • Limit the type and number of apps allowed on a mobile device. For a BYOD, this could be problematic. If you are in a BYOD environment, have the employee sign an agreement allowing the IT department to lock company information and restrict access to it.
  • Step up the basic access to the phone with longer pass codes and more complicated passwords.
  • Disable Bluetooth, infrared and Wi-Fi.

Mobile BYOD SecurityMobile may not be part of your company’s business model right now, but it is coming.  If you already have it, what are you doing to make things secure? What’s in your company’s written mobile device policy?  How do you enforce it? How do you monitor the devices, especially if you are BYOD?

Having issues with recruiting cyber security experts with deep experience in wireless protocols, mobile networks, mobile security apps and BYOd security?  Click below to ask NextGen how we can solve recruitment issues and deliver the right candidates for hire.

 

Wait a second, before you go...Please read below to see how we can help you.

Thanks for stopping by. Are you sure you want to leave before learning how hiring "A Players" can transform your business for years to come?

These are the candidates that produce 10% more than even the top B players. Combined with our industry leading replacement guarantee we provide you the ROI you are looking for.

Schedule a Call