AbstractInternet of things is an emerging technology which will soon be perva-sive across our technological landscape. It is a unifying technology whichintegrates classical network with IP based wireless sensor networks. IoT,while oering a lot of opportunities, is also plagued by security issues.
Existing security technologies will play a role in alleviating the risks asso-ciated with IoT, but these alone would not be sucient. IoT has inherentdeciencies, limited resources and unreliable communication. An adver-sary can take advantage of these weaknesses to initiate a multitude ofattacks.
Present IoT network is based on classical client/Server approachand in centralized in nature, but growing demand and popularity of hugeIoT ecosystems cannot be fullled by present framework.A distributed, peer to peer networking approach may be helpful tosolve many security and architectural related issues associated with hugeIoT networks. Recent popularity of blockchains in cryptocurrency makesit a good t for the Internet of Things (IoT) sector also. Blockchain is acontinuously growing set of data records, where non-trusting members caninteract with each other without a trusted central party, in a certiablemanner. This paper discusses various proposed blockchain based solutionsfor IoT ecosystem and certain issues that should be considered beforethe deployment of a blockchain network in an IoT setting. The mainobjective of this paper is to understand research problems involved in thedeployment of the blockchain technology to promote a decentralized IoTecosystem with heterogeneous and resource constraint devices.
1 IntroductionA recent study by Gartner forecasts that there will be more than 20 billionconnected IoT devices by 2020 1. These connected devices while helping improveour quality of lives, would also provide a huge opportunity for attackersto inltrate networks. IoT covers a wide range of applications, including smarthome systems, smart street lighting, smart trac congestion detection and control,noise monitoring, real-time vehicle networks, and smart city frameworks2.
At the individual level, personal health and lifestyle monitoring systems are1being integrated with general healthcare services 3. Such application scenariosare likely to be sensor/actuator-based, developed for a specic purpose. IoTdevices create huge amount of data, so the biggest challenge of IoT is ensuringdata security and privacy. Since IoT is the integration of multiple heterogeneousnetworks, it is dicult to accomplish a consistent connection between theindividual nodes in IoT.Present IoT network is based on classical client/Server approach and incentralized in nature. It can support small scale networks, but growing demandand popularity of huge IoT ecosystems cannot be fullled by present framework.From the manufacturers perspective, there is a huge maintenance cost associatedwith current centralized system. For example, distribution of software updatesto millions of devices even if they have been discontinued.
From consumersperspective, there is a lack of trust in current system.In order to understand the security issues in IoT in more detail, IoT architecturecan be divided into three layers: Sensing layer, Network layer andApplication layer 4. Sensing Layer : It is the physical layer, which has sensors for sensingand gathering information about the environment. It senses some physicalparameters or identies other smart objects in the environment. SecurityIssues: Interruption, interception, modication, fabrication, uniform codingfor RFID, conict collision for RFID etc.
Network Layer: This layer is responsible for connecting to other smartthings, network devices, and servers. Its features are also used for transmittingand processing sensor data. Security Issues: DOS/DDOS attacks,forgery/middle attack, heterogeneous network attacks, WLAN applicationconicts, capacity and connectivity issues etc Application Layer: This layer is responsible for delivering applicationspecic services to the user. It denes various applications in which theInternet of Things can be deployed, for example, smart homes, smartcities, and smart health. Security Issues: Information availability, userauthentication, information privacy, data integrity, IoT platform stability,middleware security, management platform.A distributed, peer to peer networking approach may be helpful to solvemany security and architectural related issues associated with huge IoT networks.However, such decentralized systems have their own challenges, speci-cally related to data privacy and security. Hence, a more sophisticated and rigiddistributed approach is required for this growing eld.
Blockchain, i.e. the distributed ledger technology, has emerged as an objectof great interest and is widely used in many related elds. Blockchain is a typeof database that maintains a continuously growing set of data records 5. It isdistributed in nature, which means there is no central system holding the entiredatabase; rather, the contributing nodes have a copy of the database (chain).Its also continuously growing and follows a decentralized approach that can2eliminate single points of failure, thus creating a more robust ecosystem forthe devices to work on. When a node wants to add a transaction to the chain(database), all the participants in the network will certify it.
They do thisby applying mutually decided set of algorithm to the transaction to verify itslegitimacy. What exactly is understood by “valid” is dened by the blockchainsystem and can dier between systems. The cryptographic algorithms used byblockchains would provide data condentiality and hence security. Inspite ofall its benets, the blockchain model have its own aws and shortcomings likescalability, storage, lack of skills and lack of compliances. Yet, blockchain canbe used in several scenarios, for example: To create robust, truly distributed system, in order to eliminate singlepoint of failure A single, globally accepted view of network events To achieve transparency, auditability and veriability on networks activities Enforcing data ownership without a central authority. To achieve data security and privacyRest of the paper is organized as follows, section 2 discusses the variousproposed models integrating blockchain and smart contract technology withIoT ecosystem, section 3 discusses the issues that should be considered beforethe deployment of a blockchain network in an IoT and section 4 concludes thepaper with the main focus on the research questions which should be addressedin order to develop a robust and ecient blockchain of things.2 Blockchain and IoTA blockchain is a distributed database of records that have been executed andshared between several participant nodes.
Each transaction in the public ledgeris veried by consensus of a majority of the participants in the system. Moreover,once entered in the blockchain, information can never be erased. Figure 1demonstrates the working of blockchain.
One major application of blockchain is smart contracts 6. Within theblockchain context, smart contracts are scripts stored on the blockchain. Sincethey reside on the chain, they have a unique address. We trigger a smartcontract by addressing a transaction to it.
It then executes independently andautomatically in a prescribed manner on every node in the network, accordingto the data that was included in the triggering transaction. Smart contractsallow us to have general purpose computations occur on the chain.In order to understand the applicability of blockchain in IoT, lets assume ascenario where all IoT devices of a single manufacturer works on same blockchainnetwork 7. The manufacturer applies a smart contract that allows him to store3Figure 1: Working of Blockchainthe latest rmware update on the network. The IoT devices can then discoverthe new updates on the network via a discovery protocol provided by blockchainplatform. The rst request for this le will be served by manufacturer, but, afterthat, as it has been entered into the blockchain, blockchain can entertain furtherrequests and hence, manufacturer can stop serving it. Another powerful examplecould be slock.
it 8. Slock.it is an electronic lock which uses smart contracttechnology. The owner of slock, who wishes to rent his property, sets a pricefor timed access to the electronic lock. In order to use the property, interestedparty is required to pay the requested amount in electronic version to unlockad use it.There are several other proposed models in literature integrating blockchaintechnology with IoT.
In 9, a blockchain oriented smart city model has beenproposed, where blockchain is used for sensor data storage and managementusing SCRUM methodology. In the proposed model, sensors are programmedto send measurements to the blockchain through the peer-to-peer network bymeans of a light version of existent clients, these sensors can be connected toa mobile device to run, or can be autonomous systems able to connect to thepeer-to-peer network. The environmental data collection mechanism combinesthe measurements acquired by the mobile devices with the validation processwhich will be used to create a health map of the city. Blockchain based auditabledata management system has been proposed in 10, where blockchain combinedwith an o chain storage is used for high scalability.
In this model, gateways areused as an intermediate storage unit which are responsible to push compressed4data to storage layer. In order to alter access permissions, any adversary wouldrequire a digital signature or gaining control over the majority of the computepower in blockchain network.Cloud based commissioning of IoT devices using permissioned blockchain hasbeen proposed in 11. It provides a mechanism for service provider to incentivizeindividual nodes to share device data in privacy preserving manner.
The digitalsignatures done by the device as part of zero knowledge proof keeps the devicesanonymous and intractable to other entities. Trust sharing LoRaWAN for IoThas been discussed in 12 where concept of blockchain is used in network layerin order to build an open, trusted, decentralized and tamper proof system.In 13, author discussed the usage of blockchain for provisioning IoT servicesas edge host. Using multichain and AES algorithm, this paper demonstratedthat permission based blockchain can be used for code distribution and datastorage. A secure and scalable blockchain based infrastructure for data storageand processing in IoT has been proposed in 14.
It uses a two way LoRaWANEthereumproxy, specially designed gateways and an ethereum client to routedata to blockchain network. Additionally, a private ethereum network is createdfor faster response time.Micropayment system has been proposed in 15 where using standard bitcointechnology, a single-fee micro-payment protocol has been implemented, whichaggregates multiple smaller transaction into one larger transaction, thus reducingoverall cost. It could allow for IoT devices to rent computational capacityor allow washing machines to order detergent.
In 16, a blockchain based securesoftware dened architecture has been proposed which can be used to securelyverify a version of the ow rule table, validate the ow rule table, and downloadthe latest ow rules table for the IoT forwarding devices. Also, security wouldbe automatically adapted to the threat landscape, without administrator needsto review and apply thousands of recommendations and opinions manually.Multi-layer blockchain based network model has been proposed by 17. Itdivides the Internet of Things into a multi-level de-centric network and adoptingthe technology of block chain technology at all levels of the network, with thehigh security and credibility assurance of the blockchain technology retaining,thus provide a wide-area networking solution of Internet of Things. In 18, acase study of smart home implementing blockchain for IoT security has beenpresented.
Each smart home is equipped with an always online, high resourcedevice, which can be used as miner that is responsible for handling all communicationwithin and external to the home. The miner also preserves a privateand secure blockchain, used for controlling and auditing communications.In order to achieve availability and accountability for IoT updates, 19 discusseda blockchain based peer to peer mechanism in order to spread updatesbetween devices with limited internet access. It also proposed an innocuousnesschecking methodology for updates.Secure identity management in IoT hasbeen discussed in 20.
This protocol has been designed to gain the benets ofinheriting trust relationships that are established o-chain as well as leveragingtrust relationships that develop through the history of blockchain transactions.Reciprocally, trust that is built up via the blockchain can be utilized for o-5chain services. Transaction Certicates and the cryptographic protocols arestructured so as to avoid the need for long-term storage of per-certicate keys,and to minimize client computation, cross-server synchronization, and o-chaintransaction setup communications.3 DiscussionDespite of all its benets, the blockchain model have its own aws and shortcomingslike scalability, storage, lack of skills and lack of compliances. In IoTecosystem, it becomes more dicult to integrate any such technology whichcould add extra burden of computational complexity, storage and bandwidthon device and network itself. Compared to a properly congured centralizeddatabase, a blockchain solution will generally underperform, resulting in lowerthroughput and higher latencies.
In general, this performance hit is the penaltypaid for trustless decentralization and resiliency.Maintaining privacy on the blockchain is another complicated issue. Although,each participating device is identied by their public key (or its hash).A participant does not need to know everybody elses key, however, all the transactionsin a blockchain happen in the open environment. By analyzing thisdata, an interested party can identify patterns and create connections betweenaddresses, and in the end make informed inferences about the actual identitiesbehind them.Also, the implementation of the IoT architecture and smart contracts posesa number of legal challenges.
In particular, attacks interception, data authentication,access control and the privacy of customers need to be guaranteed.The nature of the IoT requires a heterogeneous and dierentiated legal frameworkthat adequately takes into account the ubiquity and technicity of the IoT.Currently security law and regulations is still not the main focus, and there isno technology standard about the IoT. The IoT is related to national securityinformation, business secrets and personal privacy 21.
Finally, blockchain based architectural and security related solutions for IoTecosystem should try to answer following questions: How can computationally intensive operations (Encryption, mining, etc.)of blockchain can be eectively carried out in a resource constraint IoTecosystem? How well can Blockchain perform in a large network like IoT with a largenumber of devices and low bandwidth? The order of data integrity, anonymity and transparency which can beachieved64 ConclusionBlockchains, using a robust and decentralized peer-to-peer systems and withits ability to act together with other nodes in a trustless, auditable manner,gives us smart contracts which, in turn, allows us to automate multi-step processes.In a digital ecosystem, IOT devices are the points of contact with thephysical world. When we combine IOT with blockchain, we can automate thetraditional functionalities of the system in new, unique ways, achieve cryptographicveriability as well as realize signicant cost and time savings in theprocess. This integration has the potential to bring about signicant transformationsacross industries, create new business models alongside new challenges.However, these is still a huge gap between transforming this integration into apractical and acceptable application.