Securing the IoT: Blockchain Overview, Opportunities and Challenges

Securing the IoT: Blockchain Overview, Opportunities and Challenges

By David Dewhirst Share This Story | | Tags   IoT

As the number of devices connected to the Internet of Things curves ever-upward, IoT’s own Sword of Damocles looms ever larger: The constant threat posed by the difficulty of securing billions of devices.

The threat posed by a largely unsecured IoT ecosystem is as real as any other cybersecurity threat, and the risk exposure to early adopters of IoT systems is consequently very large. San Jose State faculty member and IoT expert Ahmed Banafa, in his “IoT and Blockchain Convergence” article on LinkedIn, points out several challenges that currently make securing the IoT difficult. On the sensor side, devices on the edge currently have neither an authentication nor an authorization standard, and also tend to be low-powered in terms of both processing and storage capacities. On the server-side, virtualized, Cloud-based IoT platforms of the type that are becoming more and more common have security schemes that have not yet been heavily field-tested owing to the relative youth of these types of IoT deployments. Confounding solutions to those challenges is the fact that use-cases for connected devices and IoT implementations are almost limitless, and designing security for any as-yet-unimagined scenario is very quickly going to run headlong into the "we don't even know what we don't know" wall.

As Banafa also points out, at the same time that IoT implementations are struggling with these native security concerns they also face another huge obstacle to widespread implementation: The traditional, server-centric model that we're all used to simply will not scale to the types of implementations that will be required, for example, in Industrial IoT (IIoT) deployments, which may have tens of thousands of sensors (or more!) in a given solution.

To truly make IoT work, then, what we need is a solution that is both secure and scalable -- and in a nutshell, that is why blockchain technology and the solutions being built on it are among the hottest buzzwords around.

blockchain-illustration-2-04.pngWhat is Blockchain?

In the centralized, web-based model we're used to, servers handle pretty much every transaction we conduct online. When we sign in to an account, it's a server that authenticates us. When we make a request of that server -- for example, a "post my image" request to a Facebook server -- the server again checks our authentication and handles the request to post the image. It also stores that transaction in the Facebook database. (There are many Facebook databases and servers, of course, but I'm simplifying for illustration.)

If someone manages to steal your Facebook password, though, they can authenticate to the Facebook server and do whatever they wish: They can upload new photos, delete old ones, and message old girlfriends in the middle of the night -- all because they authenticated to one server. Likewise, if a hacker got into the Facebook database and did something like delete all the image upload transactions (the horror!), those records are gone forever. It doesn't matter if you, your mom, Aunt Esmerelda, and seven former classmates all remember the picture -- once it's been deleted from the Facebook database, as far as Facebook is concerned that transaction never happened. 

Blockchain is an attempt to solve the potential problems encountered in the Facebook example above by having a majority of participants in a network agree amongst themselves that a transaction is authorized -- and even better, every member of that network also keeps track of all of the transactions that have occured in the network. Essentially, a number of transactions constitutes a "block" of transactions, and each new block of transactions is "chained" to the block before it. Et voila -- Blockchains.

Because authentication and record-keeping are shared by everyone in the network, in blockchain single points of failure like authentication servers and transactional databases are eliminated. And although it might be horrifying for you to think of, imagine how secure Facebook would be if before you could upload a picture your mom, your Aunt Esmerelda, and your seven former classmates all had to agree that you were you, and that you were allowed to upload a picture. It gets even better: Not only did they authenticate you in uploading that picture, they all also wrote down that you uploaded that picture. So when someone comes along and pretends to be you, and tries to tell someone that there's no such picture, your entire network has the proof that says otherwise, and the "fake you" is caught out.

Now imagine that kind of structure, but instead of your Facebook network that's self-managing it's a network of thousands of sensors and other devices incorporated into an IoT solution. All of those devices agree on what should be authenticated, and all of those devices keep track of all of the transactions. That's blockchain in an IoT or IIoT deployment.

fly-illustration-03.pngThe Fly in the Blockchain Ointment

In a blockchain-based IoT deployment, removing a single point of failure for tens of thousands of individual devices is a huge gain not only in security, but also in the robustness of the system as whole -- after all, instead of one database failure bringing the bridge down it would take all of the networked devices failing at once to actually create data loss.

It's also supposed to be a gain in scalability, because those thousands of devices will no longer be queueing up for their turn at authentication and transaction.

The problem, though, as IBM and others acknowledge, is this: Since the majority of devices in a network all need to agree on every transaction, very large-scale IoT deployments will potentially become increasingly inefficient as network size increases -- which, as Ahmed Banafa points out, will be a direct consequence of the small storage and processing capabilities of IoT edge devices.

Abandon All Hope?

Not yet. IBM and Samsung and many other companies have already made inroads into using blockchain for IoT and IIoT deployments, and IoT insiders like industry analysts Momenta Partners see "the long-term potential for blockchain as a key enabling component of scaling the Industrial IOT and Connected Industry."

Indeed, the projected growth of connected devices meshed into IoT and IIoT deployments is so large, the use cases so numerous, and the money to be made so vast that all involved have a vested interest in making the IoT both secure and scalable, and blockchain shows much promise in making that happen. 

So, where does that leave us? I've written several times about the importance of owning your IoT marketing while this is still a relatively green field. The same concept may be particularly true in this instance: If blockchain is truly to be the enabler of IoT growth by virtue of its inherent security and scalability, there's going to be a huge race to the top for companies whose IoT solutions implement some sort of blockchain technology. In the long term, that means blockchain is likely just to become table stakes for IoT companies. In the short term, it's a huge opportunity for companies to differentiate themselves in their IoT marketing if they can act quickly enough to get their message out ahead of their competitors.

That opportunity, like most opportunities, will not last forever -- so as you plan out the marketing strategies for your IoT company, do keep that in mind.

 I hope you've found this quick overview of blockchain and its place within the IoT ecosystem informative. It's not intended, of course, to be an exhaustive discourse on the topic -- but if you're in the IoT ecosystem, it certainly is important to have a grasp of at least the basic concepts of blockchain. 

Download Own Your Own IoT Category

If you have a company operating in the IoT ecosystem, you might also want to check out our video and free eBook The Why and the How: Owning Your IoT Vertical -- which you can do  by clicking on the stunning image of the eBook cover on the right.


 Visit David on LinkedIn:

Or find and book time to speak with David directly with his amazing, spectacular appointment-setting tool... He loves it when people use it! 




Share This Story | |


If you like our ideas, subscribe and we’ll keep in touch.

Once per month, you’ll see our latest blogs show up in your inbox. And if we post something special (like an infographic or an eBook), you’ll be the first to know.