The growth of the Internet-of-Things (IoT) paradigm begs the question if blockchain technology securing IoT infrastructure properly or not? Currently propelled by an unprecedented increase in the number of internet-connected devices. Even though the Cisco’s 2011 projection about 50 billion devices in 2020 is not ending up being very accurate, more recent estimates by Gartner and IHS confirm the tremendous growth of the number of IoT devices.
The need to support billions of devices in the years to come is inevitably pushing IoT technologies to their limits. Despite significant progress in blockchain technology, the specification and implementation of IoT technologies for identification, discovery, data exchange, analytics and security, the future scale of IoT infrastructure and services is creating new challenges and ask for new paradigms.
As a prominent example, IoT security is usually based on centralized models, which are centered round dedicated clusters or clouds that undertake to provide authentication, authorization and encryption services for IoT transactions. Such centralized models are nowadays providing satisfactory protection against adversaries and security threats.
Nevertheless, their scalability towards handling millions of IoT nodes and billions of transactions between them can be questioned, given also recent IoT-related security attacks which have manifested the vulnerabilities of existing infrastructures and illustrated the scale of the potential damage.
In particular, back in October 2016, a large scale Distributed Denial of Service (DDoS) attack took place, which affected prominent Internet sites such as Twitter, Amazon, Spotify, Netflix and Reddit. The attack exploited vulnerabilities in IoT devices in order to target the infrastructures of dyn.com, a global infrastructure and operations provider, which serves major Internet Sites.
The incident is indicative of the need for new IoT security paradigms, which are less susceptible to attacks by distributed devices and more resilient in terms of the authentication and authorization of devices. In quest for novel, decentralized security paradigms, the IoT community is increasingly paying attention to blockchain technology, which provides an infinitely scalable distributed ledger for logging peer to peer transactions between distrusted computing nodes and devices.
Most of the people that are aware of the paradigm to blockchain technology securing IoT perceive it as the main building block underpinning cryptocurrencies such as the well-known BitCoin. Indeed, the main characteristic of Bitcoin transactions is that they are not authenticated by a Trusted Third Party (TTP), as is the case with conventional banking transactions. In the case of the BitCoin, there is no central entity keeping track of the ledger of interactions between the different parties as a means of ensuring the validity of the transactions between them. Instead, any transaction occurring between two parties (e.g., A paying 1 Bitcoin to B) is kept in a distributed ledger, which is maintained by all participants of the BitCoin network and which is empowered by blockchain technology. Among the merits of this distributed ledger approach is that it is very scalable and more robust when compared to traditional centralized infrastructure.
This is due to the fact that the validation of transactions is computationally distributed across multiple nodes, as well as due to the fact that the validation requires the consensus (“majority vote”) of the whole network of communicating parties, instead of relying on a centralized entity. In this way, it is practically impossible for an adversary to attack the network, since this would require attacking the majority of nodes instead of one or a few parties.
The scalability and resilience properties of the blockchain approach have given rise to its applications in other areas such as electronic voting or IoT transactions. The principle remains the same: Transactions are logged in the distributed ledger and validated based on the majority of nodes, even though in the case of voting and other transactions Bitcoin units are replaced by votes or credits. This results in a trustful and resilient infrastructure, which does not have a single point of failure.
Based on the above principle, blockchain is deployed as an element of IoT infrastructures and services, which signifies a shift from a centralized brokerage model, to a fully distributed mesh network that ensures security, reliability and trustworthiness. Blockchain technology securing IoT infrastructure facilitates devices to authenticate themselves as part of their peer-to-peer interactions, while at the same time increasing the resilience of their interactions against malicious adversaries. Moreover, this can be done in a scalable way, which scales up to the billions of devices and trillions of interactions that will be happening in the coming years.
The development of secure mesh IoT networks based on blockchain technology is no longer a theoretical concept. During the last couple of years several companies (including high-tech startups) have been using blockchain technology in order to offer novel IoT products and services. The most prominent implementations concern the area of supply chain management. For example, modum.io is applying blockchain in the pharmaceuticals supply chain, as means of ensuring drug safety.
The company’s service uses the blockchain technology in order to log all transactions of a drug’s lifecycle, starting from its manufacturing to its actual use by a health professional or patient. Recently, the retail giant Wal-Mart Stores Inc. has announced a food products track and trace pilot based on blockchain technology. The pilot will document all the steps associated with tracking and tracing of pork, from the farm where the food is grown, to the supermarket floor where it is shipped. This pilot is a first of a kind effort to validate the merits of the blockchain outside the scope of the financial services industry.
Beyond supply chain implementations, novel products are expected to emerge in the areas of connected vehicles, white appliances and more. Several of the applications are expected to benefit from blockchain’s ability to facilitate the implementation of monetization schemes for the interaction between devices. In particular, as part of blockchain implementations, sensors and other IoT devices can be granted micropayments in exchange of their data.
The concept has already been implemented by company tilepay, which enables trading of data produced by IoT devices in a secure on-line marketplace. At the same time, cloud-based infrastructures enabling developers to create novel blockchain applications are emerging. As prominent example Microsoft is providing a Blockchain-as-a-Service (BaaS) infrastructure as part of its Azure suite.
Overall, blockchain technology is a promising paradigm for securing the future IoT infrastructures. Early implementations are only scratching the surface of blockchain’s potential. We expect to see more and more innovative products in the next few years.
In this direction, several challenges need also to be addressed, such as the customization of consensus (i.e. “majority-voting”) models for IoT transactions, as well as efficient ways for carrying out the computationally intensive process of transaction verification. Solutions to these challenges will certainly boost the rapid uptake of this technology in the IoT technology landscape.