Can Blockchain Strengthen IoT Device Security?

In spite of the potential of the Internet of Things (IoT), development seems to be dragging. The hype is huge, but the current state of IoT (to the consumer) does not seem to extend far beyond toying with lights, cameras, or household appliances from smartphone apps. In a world where the term Big Data carries so much weight, one would expect more from what is a goldmine of information.

A large part of the problem stems from security. The consequences of a breach of a central repository of data collected by IoT devices could be disastrous. Compromising such a database could give a hacker incredibly in-depth information about an individual, gleaned from the various sensors set up around their home, or on a grander scale, sensitive data pertaining to stock levels and shipping schedules of a wholesaler or agglomerations of confidential medical records from hospitals.

Research revealed that 90% of consumers believe that such connected devices are going to be a major security issue, a statistic which may be deterring the adoption of IoT by companies and individuals alike. It’s perhaps wise, then, to consider, in these early stages, how to prevent shaping a future that will lead to such single points of failure (as time goes on and the networks are deployed, it will become exponentially harder to tweak the underlying architecture). The answer seems apparent: avoid building such vulnerable platforms altogether.

Changing the Architecture of IoT

The very raison d’être of blockchain technology is to disrupt such structures. Distributed ledgers expunge the notion of centralisation, instead spreading multiple copies of a database across nodes in a network.

From a security standpoint, this dwarfs incumbent platforms: should one wish to attack the network, it is no longer a case of gaining access to a server. Successfully ‘hacking’ a blockchain requires a Sybil attack, whereby the malicious actor owns 51% of nodes and can falsify transactions or data – anything less will simply mismatch with the majority’s records, and get rejected. For properly engineered Proof-of-Work or Proof-of-Stake blockchains, the feasibility of such an attack is logistically impossible. From a logistical perspective, this p2p (or most likely machine-to-machine) approach for sharing data between devices further reduces attack vectors like man-in-the-middle attacks, since the information being transferred does not pass through a central hub.

This distributed method of managing the flow of data is also vital to the long-term scalability of IoT networks: as IoT devices proliferate in homes and in businesses, we’re going to see a strain on the network, leading to congestion as more and more are connected and routed through a centralised server.

Syncing With the Blockchain

The caveat we’ve seen thus far in the use of blockchains in IoT has been the requirement for nodes to store full copies of the ledger. Take the Bitcoin blockchain, for instance: to run a full node, the user needs to download a 200+ GB database of previous transactions. If smart devices are to interface seriously with a blockchain, there need to be efficient methods of doing so that don’t involve dedicating memory and bandwidth to syncing incoming blocks.

Bitcoin’s UTXO model allows for the creation of SPV (or Simple Payment Verification) wallets – instead of storing copies of the blockchain, they can make calls to full nodes that do, and obtain the information pertaining only to the wallet in question. These so-called light wallets can be run on lower-spec devices, and do not require nearly as many resources to operate.

For IoT use-cases, wherein one would want devices to not only verify transactions but to execute smart contracts, a light wallet would be highly desirable. They can allow even relatively simplistic sensors to sync with the blockchain, and then provide improved security through decentralised storage as outlined above.

Making Blockchain-Supported IoT a Reality

It would be unrealistic to say we’re there already, though. Blockchain technology remains to be perfected, and has yet to solve certain issues that would prevent it from handling a fully-functional IoT infrastructure:

• Blockchain is still an incredibly nascent field, and its energy consumption needs to be tackled before we can see real adoption (Proof-of-Stake is currently being explored, which may remedy this)
• There’s a further question with regards to privacy of the data being shared: by definition, a blockchain is a public database. Second-layer solutions for the storage and transmission of information (that don’t compromise its privacy) are needed to cater to use cases where this must be kept confidential
• Another major issue facing blockchain tech is scalability: for IoT purposes, it is crucial that transactions are as close to instant as possible – if you’re dealing with a high-throughput of data, it needs to constantly stream. Consider the importance of, for instance, monitoring vital signs of a hospitalised patient
• There is yet to be a blockchain iteration that can handle a large amount of transactions per second – one need only look to Ethereum’s gridlock in the wake of CryptoKitties’ release to see this. That said, a number of solutions are being worked on around the globe to combat this issue (Sharding/Plasma on Ethereum or the Lightning Network on Bitcoin are just a few examples)

But, as the technology matures, the future looks bright for IoT and blockchain technologies, which could clearly be highly complementary. In one corner is an increasing amount of sophisticated devices that can collect and relay information to a server, and in the other is a secure network eliminating traditional attack vectors associated with centralised databases. The merging of the two domains, once the kinks are ironed out, promises to revolutionise an innumerable amount of industries.