IOT Security Issues Via Blockchain: A Review Paper
IOT Security Issues Via Blockchain: A Review Paper
IOT Security Issues Via Blockchain: A Review Paper
net/publication/333255641
CITATIONS READS
28 4,837
3 authors, including:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Muhammad Azhar Mushtaq on 30 September 2019.
60
covered in section 4 and section 5 provides the solution of exceeding blockchain network, all nodes implement the proof-
security issues using blockchain. Section 6 describes the of-work for every mining process by increase a nonce value
problems that are not solved by blockchain. Finally in Section 7 within the block till a value is founded that offers the block’s
conclusion and future work is presented. hash desired bits. Once the system unit effort has been spent to
satisfy the proof-of-work, the block can't be modified until not
redoing the work.
Blockchain feature distributed IoT information management can
provide users the choice of sharing the information with third
party entities. The target is to supply a distributed information
access model for IoT, that ensures that user-data isn't assigned to
centralized entities or corporations [4].
2. BLOCKCHAIN PROPERTIES
2.1. Blockchain Working Steps
1. Nodes communicate with the blockchain network via a
combination of private & public keys. Theuserusesitsown
private key to digitally sign its own transactions and then can
access the network via the public key. Each signed transaction is Figure 2. Proof of Work.
broadcast by a node that makes the transaction [3].
2. The transaction is then verified by all nodes within the
3. CHARACTERISTICS OF BLOCKCHAIN
blockchain network except the node that makes the transaction. 3.1. Decentralization
During this step, any invalid transactions are discarded. It’s In centralized transaction processing environment, each
known as verification. transaction needs to be validated through the centralized trusted
3. Mining is the third step in which every legitimate transaction party (e.g., banking system), that result into high-cost and low
is collected by the network nodes during a fixed time into a performance at the central point. With respect to the centralized
block and implements a proof-of-work to find a nonce for its IoT model, the third party is no longer needed in the blockchain.
block. Once a node finds a nonce, it broadcasts the block to all Consensus algorithms in blockchain are used to maintain data
participating nodes [4]. integrity and consistency [12].
4. Each node collects a newly generated block and confirms 3.2. Persistency
whether the block contains (a) legal transactions and (b) declares Once a transaction record is validated by a miner node (special
the accuracy of parent block by utilizing the hash value. After nodes that validate the transaction) in a blockchain network its
the completion of confirmation, nodes will add the block to the copy is broadcast on the entire network and that record is not
blockchain and apply the transactions to bring the blockchain deleted or rollback from entire blockchain [12].
up-to-date. In case, if the block is not confirmed, the projected
block is rejected. This ends the existing mining round [3]. 3.3. Anonymity
In Blockchain, nodes interact with the network using a public
2.2. Verification key that addresses the node on the entire blockchain network by
Blockchain technology ensures the elimination of the duplication keeping the real identities of the user as a secret [12].
issues by taking assistance from asymmetric cryptography which
contains a public and a private key. The private key is kept 3.4. Security
secret from other nodes whereas the public key is shared among Blockchain uses the asymmetric cryptographic technique to
all other nodes [5]. Moreover, the transaction (step 1) is digitally secure the entire network. Asymmetric or public key
signed by a node that creates the transaction which is cryptography contain 2 keys one public key and second private
broadcasted to the entire blockchain network. All receiving key. The public key is used by the node to address the
nodes will verify the transactions by decrypting the signature blockchain network and the private key is used by the node to
with a public key of the initializing node. The transaction is sign the transaction that it initiates. The identity of transaction
verified by the verification of signature which indicates the creator node is verified by using its public key.
initializing node is not modified.
3.5. Scalability or More Addressing Space
2.3. Proof-of-Work (POW) AS scalability is concerned blockchain contains 160-bit address
The proof-of-work (figure 2) contains the process of finding a space as compared to 128 bit in IPv6. These 160-bits are
value that is hashed with Secure Hash Algorithm 256. The generated by ECDSA (Elliptic Curve Digital Signature
typical work needed is exponential within the variety of zero bits Algorithm). Blockchain has 4.3 billion more Addresses over
needed and confirmed by running the hash algorithm. In an IPv6 [8].
61
3.6. Resilient Backend 4.8 Illegal use of Personal Data.
Every distributed node within the blockchain IOT network IoT device are basically sensors and implanted chips that gather
maintains a replica of the whole ledger. This helps in individual, important information and convey it through the
safeguarding the network form any potential failures and attacks internet. The gathered information is stored in a central database
[10]. of any firm. This data exposes the personal performance of users;
confidentiality of users is at risk as firms might use the data
3.7. High Efficiency illegally [16] [6]. An example of such confidentiality misuse is
Since the transaction removes the involvement of the third party PRISM Surveillance program.
and may proceed in low-trust condition, the time spent to verify
a transaction will be decreed whereas the efficiency will be 4.9 IOT Network Information Sharing.
increased [11]. The information gathered by IoT network devices are recorded
distinctly for the purpose of analysis. Information sets may
3.8. Transparency contain IoT devices network data load or their functioning logs.
Changes made to public blockchain network are publicly To confirm the efficiency of tools and tests, open accessibility of
viewable by all participants in the network. Moreover, all information plays a vital role. So, every time these information
transactions are immutable, meaning they cannot be altered or sets are openly shared their integrity is significant.
deleted [9].
5. BLOCKCHAIN SOLUTIONS FOR IOT
3.9. Smart Contract 5.1. Data Integrity
The smart contract is one of the most efficient aspects of the The blockchain is a peer-to-peer network in which all nodes
Ethereum introduced by Nick Szabo in 1994 [7]. Using smart have the same copy of records. When a transaction is initiated,
contract programs are written in which access rights and initiator node signs the transaction with its private key and sends
different policies are defined. Many programming languages are to other nodes for validation. All other miner nodes take part
supported by Ethereum to write smart contracts such as Solidity invalidation process and try to find nonce. The node which finds
[13]. the nonce first has the right to validate and get a reward.
4. SECURITY NECESSITIES FOR IOT Moreover, the newly created block will be broadcasted to all
other nodes of the entire network. Once the record is loaded in
OR ISSUES blockchain it cannot be modified or deleted [10].
4.1. Data Privacy
Because of a diversified integration of services and network, the 5.2. Data Privacy
data recorded on a device is vulnerable to attack by Consortium blockchain used to provide data privacy in a
compromising nodes existing in associate IoT network. blockchain network. As in figure.3,nodes used for a particular
Moreover, an attacker can access the data without owner purpose are combined together to form a private
permission [14]. network/sidechain. Each sidechain is responsible to manage its
own IoT data. Nodes that are participating in one sidechain are
4.2. Data Integrity not allowed to take part in the validation process of other
In a centralized client-server model, the attacker may gain sidechains. In order to access the data of consortium blockchain
unauthorized access to the network and change the original data network the node first need to register and become part of that
or information and forward it. For example, X sends data to Y, sidechain network. Consortium blockchain has access control
Z the middle guy might get data first and forward the data after and prevents unauthorized access [6].
modification [14].
62
5.4. Trusted Accountability. Immutability feature, and accessibility of the RIM with all IoT
Every operation record must be uploaded to the blockchain network devices in Blockchain, ensured the Integrity of RIM.
network. This gives every operation an identity and each Every time an obligatory Information Set is taken from the
operation is traceable. When an abnormal behaviour is detected origin, its Integrity can be confirmed by comparing its RIM
in an entity, blockchain will be used for an additional being maintained on Blockchain [17].
investigation [10]. In Table 1 characteristics of blockchain are highlighted through
which problems of IoT can be tackled.
5.5. Fault Tolerance
Decentralized devices are less likely to fail accidentally because 6. BLOCKCHAIN IMPLEMENTATION
they rely on many separate components. The blockchain is a
point to point decentralizing network, in it, every device has the
PROBLEMS.
same copy of a record that’s why the failure of a single node has Anonymity
no effect on the network. So, blockchain prevents from a single Blockchain is a distributed network; anonymity is significant to
point of failure. protect privacy. Appropriately, blockchain provides
pseudonymity means the users don’t have a real-world ID. The
5.6. Trusted Data Origin users have a Public key which is used to achieve transactions on
In order to track data in the blockchain network, a unique id is this distributed network. Using this ID a user can be found via a
assigned to each IoT device. Data collected from a device is combination of these Ids and IP addresses related with them.
associated with its id and after calculating a hash on data, the Moreover, when a user uses more than one Public key it can be
data is submitted to the entire network. This becomes the basis traced by checking whether the different addresses belong to the
for trusted data origin [10]. same user. Solution to the Anonymity is a future work [16].
63
Table.1 IoT issues and Blockchain characteristics that solve them
Data ✓ ✓ ✓
Privacy
Data ✓ ✓ ✓
Integrity
Third party ✓ ✓ ✓
Trusted ✓ ✓ ✓
Data
Origin
Access ✓ ✓
control ✓
Single ✓ ✓ ✓
Points of
Failure
Scalability ✓
Illegal use ✓
of Personal
Data
64
8. REFERENCES
[1] L. Atzori, A. Iera and G. Morabito (2010) ‘The Internet of [11] Yu Zhang and Jiangtao Wen (2015), ‘An IoT electric
Things: a survey’, Computer Networks 54 2787–2805. business model based on the protocol of bitcoin’. ICIN.
[2] D. Giusto, A. Iera, G. Morabito and L. Atzori (2014) ‘The IEEE, pp. 184–191.
Internet of Things’, 20th Tyrrhenian Workshop on Digital [12] Z. Zheng, S. Xie, H. Dai, X. Chen and H. Wang (2017),
Communication, Springer Publishing Company, ‘An overviewof blockchain technology: Architecture,
Incorporated. consensus,and future trends.’,Big Data (Big DataCongress)
[3] K. Christidis and M. DevetsikIoTis, (2016) ‘Blockchains IEEE International.
and Smart Contracts for the Internet of Things,’ IEEE [13] Seyoung Huh, Sangrae Cho and Soohyung Kim
Access, vol. 4, pp. 2292–2303. (2017),’Managing IoT Devices using Blockchain
[4] S.Nakamoto.(2008).’Bitcoin:A.PeertoPeer.electroniccashs Platform’, ICACT2017 February 19 ~ 22.
ystem,’https://bitcoin.org/bitcoin.pdf. [14] M.A. Khan and K. Salah (2017) ‘IoT security: Review,
[5] M. Pilkington. (2016).’Blockchain technology: Principle blockchain solutions, and open challenges’, Future
and applications,’ Research Handbook on Digital GenerationComputer.Systems,
Transformations. https://doi.org/10.1016/j.future.2017.11.022
[6] M.S. Ali, K. Dolui and F. Antonelli, (2017) ‘IoT data [15] M. Banerjee, J. Lee and K.-K.R. Choo (2017),’A
privacy via blockchains and IPFS’ International blockchain future to Internet of Things security: A
Conference on the Internet of Things (ACM, New York). position paper’, Digital Communications and
Networks,doi: 10.1016/ j.dcan.2017.10.006.
[7] M. Gord,(2016), Smart Contracts Described by Nick
Szabo 20 Years ago now becoming Reality, Bitcoin [16] M. Conoscenti, D. Torino, A. Vetr, D. Torino, and J. C.
Magazine. De Martin , (2016) ‘Blockchain for the Internet of
Things : a Systematic Literature Review,’ IEEE/ACS 13th
[8] A. M. Antonopoulos, (2014). ‘Mastering Bitcoin. First International Conference of Computer Systems and
Edition’. O’Reilly Media,USA. Applications (AICCSA)
[9] T. Chollet, J. Castiaux, M.Bruneton and L. [17] M Banerjee, J. Lee, and K. K. R. Choo (2018). ‘A
Sainlez(2013),(2015),(2016),’Continuous interconnected Blockchain future for internet of things security: a
supply chain using blockchain and internet of things position paper,’ Digit. Commun. Networks, vol. 4, no. 3,
supply chain traceability’ , deloitte blockchain. pp. 149–160.
[10] X.Liang, J.Zhao, S.Shetty and, D.Li, (2017) ,‘Towards [18] Swan, (2015). ‘Blockchain Blue Print for a new economy.
data assurance and resilience in IoT using blockchain’, First Edition’ O’Reilly Media,USA.
Conference Paper.
65