Blockchain: transforming the IoT’s security vulnerability into a strategic advantage

Blockchain: transforming the IoT’s security vulnerability into a strategic advantage

The very strength of the IoT has been its undoing — until it met blockchain.

What makes the IoT tick is the millions of sensors that document things’ real-time status and the billions of data points that result. For the first time, these let us manipulate and manage things with unprecedented precision.

However, all that data and the promise of being able to take over those devices for evil intent have made the IoT an inviting target for hackers.

When ethical hackers took over a Jeep several years ago by attacking its most vulnerable component – the entertainment system – Jeep corrected the problem easily with a software patch.

Last October, the attack was more massive and malignant: hackers using the Mirai malware took over millions of smart home devices whose manufacturers took too little care over security. Mirai exploited 62 ridiculously simple passwords, such as ‘password’, and then triggered the biggest DDoS [Distributed Denial of Service] attack ever, temporarily halting access to much of the Internet.

As I’ve written elsewhere, the importance of these attacks extends beyond their direct impact, because the IoT involves so much personal information and corporate data. If the public and corporations lose confidence in the IoT, the impact will be severe and lasting.

Fortunately, in recent months, blockchain technologies have received increasing attention as a possible solution to IoT woes. Even better, rather than a single-purpose technology bolted onto your IoT system just to deal with security, a number of companies are developing blockchain solutions that can simultaneously address critical issues such as supply chain management. This highly technical process even has potential marketing benefits.

Related: Tech giants and start-ups create IoT Blockchain consortium

A recent article about blockchain detailed the problems with the longstanding client-server-plus cloud paradigm for handling IoT data, particularly if the volumes of data mushroom as predicted:

“The current IoT ecosystems rely on centralized, brokered communication models, otherwise known as the server/client paradigm. All devices are identified, authenticated and connected through cloud servers that sport huge processing and storage capacities. Connection between devices will have to exclusively go through the internet, even if they happen to be a few feet apart.

“While this model has connected generic computing devices for decades, and will continue to support small-scale IoT networks as we see them today, it will not be able to respond to the growing needs of the huge IoT ecosystems of tomorrow.

“Existing IoT solutions are expensive because of the high infrastructure and maintenance cost associated with centralized clouds, large server farms and networking equipment. The sheer amount of communications that will have to be handled when IoT devices grow to the tens of billions will increase those costs substantially.

“Even if the unprecedented economical and engineering challenges are overcome, cloud servers will remain a bottleneck and point of failure that can disrupt the entire network. This is especially important as more critical tasks.

“Moreover, the diversity of ownership between devices and their supporting cloud infrastructure makes machine-to-machine (M2M) communications difficult. There’s no single platform that connects all devices and no guarantee that cloud services offered by different manufacturers are interoperable and compatible.”

Related: Blockchain: The ultimate game-changer for IoT security?

We need an alternative!

For those who aren’t familiar with it, blockchain is far more than the underlying technology enabling the bitcoin digital currency (and here, I’ll admit to ignoring it for too long, simply because I too thought that supporting bitcoin was blockchain’s sole function). It is a cryptographic system which assigns a 32-digit ‘hash’ to each part of a complex transaction, which becomes a ‘block’, which is also given a date stamp.

Essentially, limitless numbers of blocks (ideal for the IoT because of the volume of data) detailing each part of the transaction can then be linked into a blockchain, and each participant validates each new block though an algorithm. The result parallels a paper ledger used in the past to catalog transactions, with an important difference: it is distributed, and not controlled by any single user. Its versatility and potential is so great that blockchain is being touted as critical for complex transactions from mortgages to medical records.

Key blockchain characteristics mean it’s ideally matched to the IoT challenge, as follows:

  • It’s inherently decentralized, so there’s no single point of failure or vulnerability. Individual smart devices can function without a central authority.
  • It doesn’t require trusted intermediaries such as banks, which can slow transaction processes and inflate costs.
  • It’s anonymous, and doesn’t require trust on the part of all the participants. Paradoxically, blockchain enthusiast Brian Singer says that “buyer and seller automatically trust each other over an untrustworthy network.”
  • It’s a public utility that can operate globally, independent of any government or institution.
  • Perhaps most importantly, once a block has been formed, it can be altered only by consensus of all those holding the other blocks, making it essentially tamper-proof.

Related: Blockchain and IoT technologies combine for document authentication

Affecting the supply chain with blockchain

As mentioned above, blockchain isn’t just a stand-alone security tool for the IoT. The same technology can be used for other functions that require similarly complex transactions and many players. Probably the most important strategic use of blockchain for the IoT involves supply chains.

To cite just one example, a collaboration sponsored by The Linux Foundation is developing an enterprise-grade, blockchain-based delivery chain.

I’ve written elsewhere that the IoT, if companies are willing to share their real-time IoT data with their supply chain partners, can bring about unprecedented precision in supply chains, particularly if processes are designed so the data will automatically trigger re-supply orders (perhaps using M2M, so that human involvement isn’t even required).

It could also be used for asset management, where anything from a pallet to an inter-modal shipping container could be assigned a block and then the company could easily trace their quantity and location. WalMart, arguably the leader in supply chain innovation for many years, is starting a four-month trial this year to use blockchain to trace produce in the US and pork in China.

According to LoadDelivered, the benefits of using blockchain in supply-chain management could include:

  • Enhanced transparency: documenting a product’s journey across the supply chain reveals its true origin and touchpoints, which increases trust and helps eliminate the bias found in today’s opaque supply chains. Manufacturers can also reduce recalls by sharing logs with OEMs and regulators (Talking Logistics).
  • Greater scalability: virtually any number of participants, accessing from any number of touchpoints, is possible (Forbes).
  • Better security: a shared, indelible ledger with codified rules could potentially eliminate the audits required by internal systems and processes (Spend Matters).
  • Increased innovation: opportunities abound to create new, specialized uses for the technology as a result of the decentralized architecture.

Finally, this kind of detailed chain-of-custody record can even create marketing advantages. When I described it to a friend in the grocery industry, he mentioned that a few brands are now displaying the name of the farm of origin and other information on the food label, and FedEx has long marketed its premium Senseaware service, which provides real-time data on the shipment’s location, internal temperature, and so on.

For too many companies, IoT security has been an afterthought. With blockchain, they can not only bring about a security system that aligns with the principles of the IoT, but also creates synergistic solutions with important cost-saving and revenue-enhancing benefits.

David Stephenson, principal of Stephenson Strategies, is an IoT thought leader and consultant. He writes a non-corporate IoT blog and lectures on IoT strategy worldwide.

Contributor:
Related Post