I hope you’ve enjoyed my previous blog (Part 1 of a mini-series on Blockchain for IoT Security) to get familiarize with the key attributes of blockchain. In this blog, my attempt is to explain what IoT security use cases that blockchain can address, via which attributes.
What IoT Security Use Cases Can Blockchain Address?
Through my research, I’d say, there’re at least 4 major IoT security use cases or challenges that blockchain as an enabling technology could address: Identity and Authentication, Data Integrity, Autonomous Secure P2P Transaction, and Critical Infrastructure Protection.
Identity and Authentication
While different analysts firms have different forecasts numbers, in general, the number of connected IoT devices will be around 20 ~30 billion by 2020 and it will continue to grow. How will you know which device or thing is the one that is legitimate to interact with you? How will you know it hasn’t been replaced? With the attribute of being verifiable, blockchain enables businesses to be able to register each “thing” on blockchain and give each one a unique “Identity” that their customers can verify. There’re already startups and proof-of-concept projects on this use case for things like diamond, wine and other luxury items.
For high value assets like industrial control systems or your car, any slight change of the system configuration can cause detrimental impact. As these equipment get connected to Internet, it means hackers and other bad guys can now more easily get access into those system remotely. What if someone just successfully modify some of the system configuration data? How will you be able to detect? And, how will you be able to prevent? With the attribute of being tamper-proof, blockchain will be able to ensure the data integrity, which will be extremely valuable for these types of high value industrial assets in the context of IoT. And you’d notice and understand by now why besides the financial services industry, the industrial sector also becomes so engaged and enthusiastic to adopt blockchain.
Autonomous Secure P2P Transaction
If you hear any typical IoT story, it typically goes like this, “Someday, your refrigerator will be able to order milk, eggs and other items automatically” or “Very soon, your self-driving car will be able to park itself, order maintenance service when needed, and pay without involving you in the process”. If you think about it for a moment, while it sounds fantastic, it also sounds scary. How will your refrigerator get access to your bank account and authorize the payment? How will your self-driving car know whether the parking meter hasn’t been compromised?
As the world becomes more automated, more autonomous, especially between the machine to machine or thing to thing, the trust becomes an increasing concern. Just as we outline what we believe as the future – Digital Cohesion, one of the key barriers would be TRUST. Frankly, those things should not trust each other. But for any transaction, especially when it relates to money, TRUST needs to be there. In my opinion, the biggest potential our society can get from blockchain, is the ability to enable trust for value exchange among untrusted parties. That would set the foundation to evolve today’s Internet of Information Exchange to the future of Internet of Value Exchange. This will be enabled via all 4 of blockchain’s key attributes coming together.
One of the coolest examples that I’ve seen is TransActive Grid experimenting with the concept of peer-to-peer market for renewable energy trading in a neighborhood in Brooklyn, NY. Basically, it’s the idea of a P2P energy trading - machines can buy and sell energy automatically according to user-defined criteria. Solar panels record their excess output on the blockchain, and sell it to neighboring parties via smart contract. One key fundamental reasons why they couldn’t do such P2P energy trading before, was because of the lack of trust among those parties and there’s no central party that is interested in creating services for this use case. So, a lot of resource had been wasted because of the mismatch between supply and demand. With blockchain, what wasn’t a feasible idea now becomes possible and promising, bringing the concept of sharing economy to the next level.
Critical Infrastructure Protection
If you’re reading this, you probably have already heard about the Mirai Botnet Attack last year – 100,000+ cameras were compromised and used for DDoS attack to a DNS provider Dyn, causing at least 4 hours of downtime for some of the most famous websites like Twitter, Spotify and Github. If this sounds bad, it would be simply even worse in the future with more things connected – more equipment for hackers to leverage. While there needs to be better endpoint security (for example, default passwords need to change) and organizations definitely should use the network (if they have deployed SDSN / Software-Defined Secure Networks) to detect the anomaly and quarantine the infected IoT devices early on to prevent the disaster happens, it should also raise concern about the existing architecture with the central client-server model, because that means a single point of failure. If the architecture can get more distributed or decentralized with blockchain, for example, having the DNS records on blockchain and permit a network of sites all have a copy of it and able to sync, then even if one of these sites gets attacked and goes down, the other sites won’t be affected and the service should be recovered much faster. This use case would be leveraging blockchain’s attribute of being decentralized.
However...Blockchain is Not Panacea for IoT Security
While blockchain as an enabling technology holds great potential for addressing some of the IoT security challenges, it is not panacea. In fact, blockchain raises a new set of security challenges. In my next blog (3/3), I will share what security issues or challenges blockchain has that you should be aware of.
By Irene Zhang
Published with permission from forums.juniper.net/t5/Blogs/ct-p/blogs