Blockchain to Secure IoT Data
Internet of things and Blockchain are two technologies which are gaining popularity since the time of their creation. In the near future, IoT is going to influence almost every day-to-day items we use. As the usage of this technology increases, the threat to misuse it also increases. Existing technologies are not enough to deal with this. So, Blockchain has emerged as an effective solution for solving the security issues related to IoT.
BLOCK CHAIN TECHNOLOGY:
Blockchain technology is now getting a lot of attention. It can revolutionize, optimize the global infrastructure of the technologies connected with each other through the internet. The two fields that are going to be influenced by it are :
- It creates a decentralized system and removes the indulgence of central servers and provides peer-to-peer interaction.
- It creates a fully transparent and open to all database, which brings transparency to the governance and elections.
This technology basically has 4 elements.
- Consensus : Provides the proof of work (PoW) and verifies the action in the networks.
- Ledger : Provides the complete details of transaction within networks.
- Cryptography : Makes sure that all data in ledger and networks gets encrypted and only authorized user can decrypt the information.
- Smart contract : , it is used to verify and validate the participants of the network.
INTERNET OF THINGS:
IoT refers to a loosely coupled system of multiple heterogeneous and homogeneous devices which can sense, process and network .
CONCERNS WITH IMPLEMENTATION IOT – IOT SECURITY:
The technologies on which the foundations of IoT have been established have several bugs. These issues should be solved, before implementing the technology.
OVERVIEW OF BLOCKCHAIN TECHNOLOGY
It is a decentralized database which records every transaction made on a network. It has a ledger distributed over a network of nodes. This network can be public or private. Blockchains allows peer-to-peer transactions, eliminating the need of intermediaries.
Components of a Blockchain
Blockchain mainly has 4 components.
- Network of Nodes : All the nodes connected through the internet, maintain all the transactions made on a blockchain network collaboratively and the authenticity of a transaction is checked by a protocol. When a new transaction occurs, its records are added to the ledger of past transaction which is known as ‘mining’. The other nodes present on the network, verify the proof of work.
- Distributed database system : The database is composed of blocks of information and is copied to every node of the system. Every block has a list of transactions, a timestamp and the information which links to the previous block.
- Shared ledger : The ledger is made publicly available and is incorruptible which is updated every time a transaction is made.
- Cryptography : Data is bound by a crypto mechanism which makes it hard for unauthorized users to access or tamper it.
Constructing a blockchain
A new digital transaction is turned into a cryptographically protected block. Miners compete with each other to validate the transaction and then it is time stamped and is added to the chain in chronological order. The acceptance of block by nodes is expressed when a new block is created in the chain, using the hash of the earlier accepted block.
Implementing a Blockchain
3 domains in which blockchain can be deployed:
- Public : Bitcoin and Ethereum come under this category. Each and every node can send or read transaction without requiring any permission. Consensus is open to the public.
- Consortium area : It comes under partial permission. The permission to read or send may be made public or may be provided only to few authorized nodes.
- Private : Only the organization to whom the network of blockchain belongs can write transaction to it.
BLOCKCHAIN BASED INTERNET OF THINGS
Pattern of IoT based on blockchain: we have three models.
- A. Communication Model:
The three fundamental functions of blockchain network are in this model are:
- Peer-to-peer messaging.
- Distributed data sharing.
- Autonomous coordination with the device.
- Slow Processing
- Small Storage
In this model, blockchain nodes are the members of the network. They can be personal computers, enterprise servers or also cloud- based nodes. Clients are the IoT devices. Blockchain Clients and nodes interact with each other through APIs. Clients create transactions and these transactions are relayed to nodes for processing and storing the data into the distributed ledger.
- Connecting multiple blockchain networks
In future, different Blockchains may serve different purposes. Blockchain network may be a home network, enterprise or the internet. If artificial intelligence is added to the IoT environment that is connected to a blockchain network it creates a Decentralize Autonomous organization that runs without human intervention.
WAYS TO STRENGTHEN IOT SECURITY WITH BLOCKCHAIN TECHNOLOGY
For a secure application of IoT, the following points are to be considered.
- Secure communication
IoT devices have to communicate to exchange data required to process a transaction and to store it in a ledger. Ledgers can also be used to store encryption keys to make the exchanges more confidential. IoT device sends an encrypted message using the public key of the destination device, which is then stored in the blockchain network. The sender then asks its node to get public key of the receiver from the ledger. Then the sender encrypts the message using public key of the receiver, in this way, only the receiver will be able to decrypt the sent message using their private key.
- Authentication of users:
The sender digitally signs the message before sending them to other devices. The receiving device then gets the public key from the ledger and uses it to verify the digital signature of the received message. The digital signature work is described below:
- Sender calculates hash of a message that is then encrypted with its private key.
- The digital signature along with the message is transmitted.
- The receiver then decrypts the digital signature using the public key of sender stored in the ledger to obtain the hash value as calculated by the sender.
- The message is valid only if the calculated hash and the protected hash of the message are same.
- The trust on retrieved messages is improved if the digital signature of each message is stored into the ledger.
- Discovering legitimate IoT at large scale
As soon as a new IoT device starts, it asks root servers to give a list of trusted nodes in the network. This device then registers itself in a node, and the exchange of information starts. DNSSec has to be implemented to secure name resolution of root servers by avoiding any spoofing attacks. Every communication made must be authenticated and encrypted efficiently. This can be done based upon:
- Credentials already installed on the device during setup.
- Credentials could be given by the owner of the IoT device.
- Configuring IoT
Blockchain technology helps a lot in establishing a trusted and secure configuration for IoT devices. Approaches that seem relevant here are:
- Properties of IoT like Configuration details and the last version firmware validated can be hosted on the ledger. During bootstrap, the blockchain node is asked to get its configuration from the ledger. The configuration is required to be encrypted in the ledger to prevent the discovery of IoT network topology or its properties by analysis of the information stored in the public ledger.
- The hash value of latest configuration file for every device can be hosted in the ledger. Using a cloud service the IoT device will have to download the latest and trusted configuration file after every fixed interval of time. Then the device can use the blockchain node API to retrieve and match the hash value, which is stored in the blockchain. This would allow the administrators to remove any bad configurations regularly and reboot each and every IoT device in the network with latest and trusted configurations.
Securing the network of IoT devices with a blockchain network makes the system decentralized, in which there is no single authority which can approve any transaction. Each and every device will have a copy of the ever growing chain of data. This means that whenever someone wishes to access the device and do some transaction, then all the members of the network must validate it. After the validation is done, the performed transaction is stored in a block and is sent to all the nodes of the network. All this make the system more secure and impossible for the un-authorized sources to breach into the security.