IOT Security Issues Via Blockchain: A Review Paper

Download as pdf or txt
Download as pdf or txt
You are on page 1of 7

See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/333255641

IOT Security Issues Via Blockchain: A Review Paper

Conference Paper · March 2019


DOI: 10.1145/3320154.3320163

CITATIONS READS

28 4,837

3 authors, including:

Abid Sultan Muhammad Azhar Mushtaq


University of Sargodha University of Sargodha
8 PUBLICATIONS   41 CITATIONS    11 PUBLICATIONS   47 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Blockchain in Internet of things View project

All content following this page was uploaded by Muhammad Azhar Mushtaq on 30 September 2019.

The user has requested enhancement of the downloaded file.


IOT Security Issues Via Blockchain: A Review Paper
Abid Sultan Muhammad Azhar Mushtaq Muhammad Abubakar
Department of CS & IT Department of CS & IT Department of CS & IT
University of Sargodha, Sub- University of Sargodha, Sub- University of Sargodha, Sub-
Campus Bhakkar, Pakistan Campus Bhakkar, Pakistan Campus Bhakkar, Pakistan
+92-453-220072 +92-453-220072 +92-453-220072
[email protected] [email protected] [email protected]

ABSTRACT However, as it becomes popular the connectivity between


In the past few years block chain has gained lot of popularity devices is increasing, and also the computing infrastructure can
because blockchain is the core technology of bitcoin. Its become additionally complicated. This complication can give a
utilization cases are growing in number of fields such as security rise to vulnerabilities for the cyber-attacks. In IoT, the physical
of Internet of Things (IoT), banking sector, industries and devices are placed in unsecured environments which could be
medical centres. Moreover, IoT has expanded its acceptance defenceless from hackers thus giving them the opportunity to
because of its deployment in smart homes and city developments alter the information that transmits over the network. Therefore,
round the world. Unfortunately, IoT network devices operate on device authorizations and information root would be a vital issue.
limited computing power with low storage capacity and network In last few years blockchain has begun as the technology that
bandwidth. Thus, they are extra close to attacks than other end- have many characteristics to solve different issues faced by IoT
point devices such as cell phones, tablets, or PCs. This paper network devices. Blockchain keeps a distributed database of
focus on addressing significant security issues of IoT and maps records. In which proof of work between the network nodes is
IoT security issues in contradiction of existing solutions found in completely deprived of a
the literature. Moreover issues that are not solved after
implementation of blockchain are highlighted.
third party. This will help in solving the problem of single point
CCS Concepts of failure. Network transaction records are immutable and can be
• Computer systems organization → Embedded and cyber- founded via the history of IoT network which finally helps to get
physical systems → Embedded systems. the attraction by trust of public in the IoT network. This Public
• Networks → Network properties → Network reliability trust have a vital role for the public financial transactions,
introductory for a new world of distributing economy in the
Keywords Internet of Things domain [8] [14] [3] [18].
Blockchain, IoT, Network Security, Data security, LLNs &POW
The blockchain is sequences of blocks that hold all transaction
record occuring in a blockchain network. As described in
figure.1 each block contains block header and block body/
1. INTRODUCTION transaction counter. Block header contains the following;
In today’s era, technologies have revolutionized the living
standard of our society. This is often because of innovation in 1. Block version which indicates the software version
communication and semiconductor technologies, which permit and validation rules.
devices to be connected over a network and alter the way of 2. Merkle Tree root hash represents the hash value of
connectivity between machines and humans. Such a trend is the transaction and summary of all transaction.
usually noted as Internet-of-Things (IoT) [15]. 3. Timestamp consists of current universal time since
With the fast rise of brilliant devices and high-speed networks, January 1970.
the IoT has gained wide acceptance and fame because it uses the 4. N-Bits define the number of bits required for
standard called low-power lossy networks (LLNs). These LLNs transaction verification.
have the potential to use the limited resource by consuming very 5. Nonce is any 4-byte number which starts from 0 and
low power [1] [2]. The devices in IoT may be controlled increases for every hash of the transaction.
remotely to perform the specified function. The data sharing 6. Parent block hash holds the hash value which
among the devices takes place through the network that uses the indicates the previous block.
standard protocols of communication. The well-connected
devices or “things” vary from easy wearable accessories to huge Transaction counter is capable of covering all the transaction and
machines which contain detector (Sensor) chips [14]. a maximum number of the transaction depends upon the block
size [12].
Blockchain technology referred as a public ledger and all
Permission to make digital or hard copies of all or part of this work for
personal or classroom use is granted without fee provided that copies are completed transactions are recorded in a list of blocks. This
not made or distributed for profit or commercial advantage and that chain of blocks grows as new blocks are added to chain
copies bear this notice and the full citation on the first page. Copyrights continuously. Public key cryptography and distributed consensus
for components of this work owned by others than ACM must be algorithms implemented for user security. The blockchain
honored. Abstracting with credit is permitted. To copy otherwise, or technology has key characteristics of decentralization,
republish, to post on servers or to redistribute to lists, requires prior persistency, anonymity, and auditability. With these
specific permission and/or a fee. Request permissions from characteristics, blockchain can save the cost and increases the
[email protected].
effectiveness [12].
ICBCT 2019, March 15–18, 2019, Honolulu, HI, USA
© 2019 Association for Computing Machinery. This paper is ordered as follows. Section 2 covers the
ACM ISBN 978-1-4503-6268-9/19/03…$15.00 Blockchain properties where as section 3 highlights its
DOI: https://doi.org/10.1145/3320154.3320163 characteristics. Different security necessities and issues are

60
covered in section 4 and section 5 provides the solution of exceeding blockchain network, all nodes implement the proof-
security issues using blockchain. Section 6 describes the of-work for every mining process by increase a nonce value
problems that are not solved by blockchain. Finally in Section 7 within the block till a value is founded that offers the block’s
conclusion and future work is presented. hash desired bits. Once the system unit effort has been spent to
satisfy the proof-of-work, the block can't be modified until not
redoing the work.
Blockchain feature distributed IoT information management can
provide users the choice of sharing the information with third
party entities. The target is to supply a distributed information
access model for IoT, that ensures that user-data isn't assigned to
centralized entities or corporations [4].

Figure 1. Block Architecture [12].

2. BLOCKCHAIN PROPERTIES
2.1. Blockchain Working Steps
1. Nodes communicate with the blockchain network via a
combination of private & public keys. Theuserusesitsown
private key to digitally sign its own transactions and then can
access the network via the public key. Each signed transaction is Figure 2. Proof of Work.
broadcast by a node that makes the transaction [3].
2. The transaction is then verified by all nodes within the
3. CHARACTERISTICS OF BLOCKCHAIN
blockchain network except the node that makes the transaction. 3.1. Decentralization
During this step, any invalid transactions are discarded. It’s In centralized transaction processing environment, each
known as verification. transaction needs to be validated through the centralized trusted
3. Mining is the third step in which every legitimate transaction party (e.g., banking system), that result into high-cost and low
is collected by the network nodes during a fixed time into a performance at the central point. With respect to the centralized
block and implements a proof-of-work to find a nonce for its IoT model, the third party is no longer needed in the blockchain.
block. Once a node finds a nonce, it broadcasts the block to all Consensus algorithms in blockchain are used to maintain data
participating nodes [4]. integrity and consistency [12].
4. Each node collects a newly generated block and confirms 3.2. Persistency
whether the block contains (a) legal transactions and (b) declares Once a transaction record is validated by a miner node (special
the accuracy of parent block by utilizing the hash value. After nodes that validate the transaction) in a blockchain network its
the completion of confirmation, nodes will add the block to the copy is broadcast on the entire network and that record is not
blockchain and apply the transactions to bring the blockchain deleted or rollback from entire blockchain [12].
up-to-date. In case, if the block is not confirmed, the projected
block is rejected. This ends the existing mining round [3]. 3.3. Anonymity
In Blockchain, nodes interact with the network using a public
2.2. Verification key that addresses the node on the entire blockchain network by
Blockchain technology ensures the elimination of the duplication keeping the real identities of the user as a secret [12].
issues by taking assistance from asymmetric cryptography which
contains a public and a private key. The private key is kept 3.4. Security
secret from other nodes whereas the public key is shared among Blockchain uses the asymmetric cryptographic technique to
all other nodes [5]. Moreover, the transaction (step 1) is digitally secure the entire network. Asymmetric or public key
signed by a node that creates the transaction which is cryptography contain 2 keys one public key and second private
broadcasted to the entire blockchain network. All receiving key. The public key is used by the node to address the
nodes will verify the transactions by decrypting the signature blockchain network and the private key is used by the node to
with a public key of the initializing node. The transaction is sign the transaction that it initiates. The identity of transaction
verified by the verification of signature which indicates the creator node is verified by using its public key.
initializing node is not modified.
3.5. Scalability or More Addressing Space
2.3. Proof-of-Work (POW) AS scalability is concerned blockchain contains 160-bit address
The proof-of-work (figure 2) contains the process of finding a space as compared to 128 bit in IPv6. These 160-bits are
value that is hashed with Secure Hash Algorithm 256. The generated by ECDSA (Elliptic Curve Digital Signature
typical work needed is exponential within the variety of zero bits Algorithm). Blockchain has 4.3 billion more Addresses over
needed and confirmed by running the hash algorithm. In an IPv6 [8].

61
3.6. Resilient Backend 4.8 Illegal use of Personal Data.
Every distributed node within the blockchain IOT network IoT device are basically sensors and implanted chips that gather
maintains a replica of the whole ledger. This helps in individual, important information and convey it through the
safeguarding the network form any potential failures and attacks internet. The gathered information is stored in a central database
[10]. of any firm. This data exposes the personal performance of users;
confidentiality of users is at risk as firms might use the data
3.7. High Efficiency illegally [16] [6]. An example of such confidentiality misuse is
Since the transaction removes the involvement of the third party PRISM Surveillance program.
and may proceed in low-trust condition, the time spent to verify
a transaction will be decreed whereas the efficiency will be 4.9 IOT Network Information Sharing.
increased [11]. The information gathered by IoT network devices are recorded
distinctly for the purpose of analysis. Information sets may
3.8. Transparency contain IoT devices network data load or their functioning logs.
Changes made to public blockchain network are publicly To confirm the efficiency of tools and tests, open accessibility of
viewable by all participants in the network. Moreover, all information plays a vital role. So, every time these information
transactions are immutable, meaning they cannot be altered or sets are openly shared their integrity is significant.
deleted [9].
5. BLOCKCHAIN SOLUTIONS FOR IOT
3.9. Smart Contract 5.1. Data Integrity
The smart contract is one of the most efficient aspects of the The blockchain is a peer-to-peer network in which all nodes
Ethereum introduced by Nick Szabo in 1994 [7]. Using smart have the same copy of records. When a transaction is initiated,
contract programs are written in which access rights and initiator node signs the transaction with its private key and sends
different policies are defined. Many programming languages are to other nodes for validation. All other miner nodes take part
supported by Ethereum to write smart contracts such as Solidity invalidation process and try to find nonce. The node which finds
[13]. the nonce first has the right to validate and get a reward.
4. SECURITY NECESSITIES FOR IOT Moreover, the newly created block will be broadcasted to all
other nodes of the entire network. Once the record is loaded in
OR ISSUES blockchain it cannot be modified or deleted [10].
4.1. Data Privacy
Because of a diversified integration of services and network, the 5.2. Data Privacy
data recorded on a device is vulnerable to attack by Consortium blockchain used to provide data privacy in a
compromising nodes existing in associate IoT network. blockchain network. As in figure.3,nodes used for a particular
Moreover, an attacker can access the data without owner purpose are combined together to form a private
permission [14]. network/sidechain. Each sidechain is responsible to manage its
own IoT data. Nodes that are participating in one sidechain are
4.2. Data Integrity not allowed to take part in the validation process of other
In a centralized client-server model, the attacker may gain sidechains. In order to access the data of consortium blockchain
unauthorized access to the network and change the original data network the node first need to register and become part of that
or information and forward it. For example, X sends data to Y, sidechain network. Consortium blockchain has access control
Z the middle guy might get data first and forward the data after and prevents unauthorized access [6].
modification [14].

4.3. Third Party


Data collected in a centralized environment is stored and
controlled by a third centralized entity that may miss use this
data or provide it to someone else.

4.4. Trusted Data Origin


In IoT environment, it is difficult to know the origin of data and
data might be altered during the transmission by anyone.

4.5. Access Control


Access control is one off the main issue in IoT network. It is
difficult to define in IoT network that which node has the right
to access and perform a different function with data.

4.6. Single Points of Failure


Continuous growth of centralized networks for the IoT based
infrastructure could expose single-points-of-failure. As all data
of the entire network is stored and verified by a central authority
in the case, if the central point fails or goes down the whole
network is disturbed [14]. Figure 3. Consortium Blockchain Network.

4.7. Scalability 5.3. Addressing Space


IoT connects a large number of sensors and other devices for Blockchain contains 160-bit address space as compaired to 128
information sharing and a large number of applications via the bit in IPv6. These 160-bits are generated by ECDSA (Elliptic
internet. It challenges the structure and the rapid growth of the Curve Digital Signature Algorithm). Blockchain has 4.3 billion
system to meet scalability. more addresses than IPv6 thus providing more addressing
spacing than IPV6 address [8].

62
5.4. Trusted Accountability. Immutability feature, and accessibility of the RIM with all IoT
Every operation record must be uploaded to the blockchain network devices in Blockchain, ensured the Integrity of RIM.
network. This gives every operation an identity and each Every time an obligatory Information Set is taken from the
operation is traceable. When an abnormal behaviour is detected origin, its Integrity can be confirmed by comparing its RIM
in an entity, blockchain will be used for an additional being maintained on Blockchain [17].
investigation [10]. In Table 1 characteristics of blockchain are highlighted through
which problems of IoT can be tackled.
5.5. Fault Tolerance
Decentralized devices are less likely to fail accidentally because 6. BLOCKCHAIN IMPLEMENTATION
they rely on many separate components. The blockchain is a
point to point decentralizing network, in it, every device has the
PROBLEMS.
same copy of a record that’s why the failure of a single node has Anonymity
no effect on the network. So, blockchain prevents from a single Blockchain is a distributed network; anonymity is significant to
point of failure. protect privacy. Appropriately, blockchain provides
pseudonymity means the users don’t have a real-world ID. The
5.6. Trusted Data Origin users have a Public key which is used to achieve transactions on
In order to track data in the blockchain network, a unique id is this distributed network. Using this ID a user can be found via a
assigned to each IoT device. Data collected from a device is combination of these Ids and IP addresses related with them.
associated with its id and after calculating a hash on data, the Moreover, when a user uses more than one Public key it can be
data is submitted to the entire network. This becomes the basis traced by checking whether the different addresses belong to the
for trusted data origin [10]. same user. Solution to the Anonymity is a future work [16].

5.7. Removing Third-Party Risks 7. CONCLUSION


Blockchain technology makes the devices capable of performing This paper aims to present the literature review on Blockchain
operations without the intermediary or third party, thus making it and Internet of Things and emphasised issues linked to an IoT
risk-free from a third party [4]. atmosphere. IoT is the next immerging technology with the rise
of high-speed network and intelligent network devices.
5.8. Access Control Unfortunately, IoT devices are more prone to attacks and unable
By using smart contract, programs for blockchain can be to protect themselves. In this paper, the different properties and
developed in which access rights and different policies are characteristics of the blockchain network are highlighted such
defined. Example a rule is set when the meter reaches to 135 order to remove the issues in IoT. Moreover issues that are not
KW, devices will enter in energy saving mode [7]. solved after implementation of blockchain are highlighted.

5.9 Illegal Use of Personal Data. 7.1 Future Work


Illegal use of personal data can be prohibited with the use of We further aim to practically implement blockchain
blockchain. As Blockchain Peer to Peer (P2P) storing systems properties on the internet of things for monitoring, error
can verify and record all actions accomplished on IoT network discovery, and automatic fault correction in high critical
data [16]. The aim is to deliver decentralized storage wherever
IoT systems. Moreover, simulation-based performance
operators can have command over their data as an alternative of
any centralized intermediary authority. So the privacy is more assessment can be conduct to demonstrate the scalability
stretched to numerous levels [6] where ‘Consortium blockchain’ and effectiveness of the blockchain-based solutions.
for IoTs is proposed. Furthermore, as IoT devices are in openly reachable areas
5.10 IOT Network Information Sharing. and actually below the control of an opponent, a
As the size of IOT network information sharing is increasing, blockchain based solution can be implemented that will
thus the fundamental storage cost will also increase. So assure the safety and confidentiality of the information kept
information sets are kept in distant origins and a centralized in the devices. This will also address in decreasing the
server is preserved which will lonely kept the references to these option of the hardware and software of an IoT device
origins. Moreover Blockchain is used to keep RIM (Reference from being compromised if the device is accessible to
Integrity Matrix) of information set. As the Blockchains have everyone.

63
Table.1 IoT issues and Blockchain characteristics that solve them

IOT Blockchain Characteristics


Issues
Decartelization Persistency Anonymity Scalability Resilient High Transparency Smart
or More Backend efficiency contract
Addressing
Space

Data ✓ ✓ ✓
Privacy

Data ✓ ✓ ✓
Integrity

Third party ✓ ✓ ✓

Trusted ✓ ✓ ✓
Data
Origin

Access ✓ ✓
control ✓

Single ✓ ✓ ✓
Points of
Failure

Scalability ✓

Illegal use ✓
of Personal
Data

64
8. REFERENCES
[1] L. Atzori, A. Iera and G. Morabito (2010) ‘The Internet of [11] Yu Zhang and Jiangtao Wen (2015), ‘An IoT electric
Things: a survey’, Computer Networks 54 2787–2805. business model based on the protocol of bitcoin’. ICIN.
[2] D. Giusto, A. Iera, G. Morabito and L. Atzori (2014) ‘The IEEE, pp. 184–191.
Internet of Things’, 20th Tyrrhenian Workshop on Digital [12] Z. Zheng, S. Xie, H. Dai, X. Chen and H. Wang (2017),
Communication, Springer Publishing Company, ‘An overviewof blockchain technology: Architecture,
Incorporated. consensus,and future trends.’,Big Data (Big DataCongress)
[3] K. Christidis and M. DevetsikIoTis, (2016) ‘Blockchains IEEE International.
and Smart Contracts for the Internet of Things,’ IEEE [13] Seyoung Huh, Sangrae Cho and Soohyung Kim
Access, vol. 4, pp. 2292–2303. (2017),’Managing IoT Devices using Blockchain
[4] S.Nakamoto.(2008).’Bitcoin:A.PeertoPeer.electroniccashs Platform’, ICACT2017 February 19 ~ 22.
ystem,’https://bitcoin.org/bitcoin.pdf. [14] M.A. Khan and K. Salah (2017) ‘IoT security: Review,
[5] M. Pilkington. (2016).’Blockchain technology: Principle blockchain solutions, and open challenges’, Future
and applications,’ Research Handbook on Digital GenerationComputer.Systems,
Transformations. https://doi.org/10.1016/j.future.2017.11.022

[6] M.S. Ali, K. Dolui and F. Antonelli, (2017) ‘IoT data [15] M. Banerjee, J. Lee and K.-K.R. Choo (2017),’A
privacy via blockchains and IPFS’ International blockchain future to Internet of Things security: A
Conference on the Internet of Things (ACM, New York). position paper’, Digital Communications and
Networks,doi: 10.1016/ j.dcan.2017.10.006.
[7] M. Gord,(2016), Smart Contracts Described by Nick
Szabo 20 Years ago now becoming Reality, Bitcoin [16] M. Conoscenti, D. Torino, A. Vetr, D. Torino, and J. C.
Magazine. De Martin , (2016) ‘Blockchain for the Internet of
Things : a Systematic Literature Review,’ IEEE/ACS 13th
[8] A. M. Antonopoulos, (2014). ‘Mastering Bitcoin. First International Conference of Computer Systems and
Edition’. O’Reilly Media,USA. Applications (AICCSA)
[9] T. Chollet, J. Castiaux, M.Bruneton and L. [17] M Banerjee, J. Lee, and K. K. R. Choo (2018). ‘A
Sainlez(2013),(2015),(2016),’Continuous interconnected Blockchain future for internet of things security: a
supply chain using blockchain and internet of things position paper,’ Digit. Commun. Networks, vol. 4, no. 3,
supply chain traceability’ , deloitte blockchain. pp. 149–160.
[10] X.Liang, J.Zhao, S.Shetty and, D.Li, (2017) ,‘Towards [18] Swan, (2015). ‘Blockchain Blue Print for a new economy.
data assurance and resilience in IoT using blockchain’, First Edition’ O’Reilly Media,USA.
Conference Paper.

65

View publication stats

You might also like