Image source: Ahmed Banafa
The moment we started connecting devices to each other, and then to the Internet, the problem of virtual security reared its ugly head. Until then, physical attacks were the only way to access data: break in to a facility, rifle though some files or insert a floppy disk into ye olde computer, download and run.
Modems made it easier to do remote hacks, but then the Internet came. Everything got connected, and security became our modern-day bogeyman, from military installations to banking, corporate records, utilities, and of course the humble IoT device at home or now being installed in factories, globally.
More words have been written about securing the IoT than actions have been taken. Basic steps do work well, but it takes time to implement them and verify their operation. The latter part is often the biggest drain on time and resources when it comes to IoT devices, for home, retail, industrial or smart-city applications. Yes, do implement Secure Boot, TPM 2.0, memory locks, port closures, firewalls, two-factor authentication, all of that, but also push back on management when they ask to ship the product before those have been verified to the nth degree. Otherwise, it’s a feature, not a function, and you may be out of a job in a year.
Ironically, the connected nature of our virtual world has enabled the development of Blockchain, which may be the solution to what ails us. Below the froth of IoT excitement are bubbles of insecurity about IoT’s many vulnerabilities. A network may be perfectly secure, but when a low-grade IoT device is connected to that network, that device becomes an attack surface, and suddenly everything becomes compromised.
This potential fault has resulted in global industry calls for more intense focus on security, and collaboration among industry players to do the right thing. The problem is that the industry is both competitive and moving fast. Who has time resources to dedicate to working with external teams on misty security manifestos when there are managers to please and customers to satisfy? However, the one thing all companies share is a concern, and a high level of connectivity, both of which are what’s required to let Blockchain solve the problem for us.
Dig deep into the many online Blockchain resources and books for more details on its operation, but in short, it’s a distributed database with no single point of vulnerability. When access is required, or data is to be stored, that access, storage or “transaction,” needs to be validated by all nodes on the chain (Figure 1). Once approved, the transaction is stored in a block, along with other transactions, and sent to the other nodes in the network.
Figure 1: Blockchain transactions need to be validated by all nodes on a network, so there’s no single point of vulnerability. (Image source: Blockgeeks.com)
Unlike current hub-and-spoke, or centralized models, Blockchain has the advantage of being decentralized, so even if one device is hacked, any transactions require validation by a globally distributed set of nodes. Also, there’s no single authority. Another advantage is that it’s public. While anyone can see the blocks and their stored transactions, the content requires the use of a private key for the encryption algorithm. A whole industry has been built up around ways of storing that key, and this is the most vulnerable aspect as it’s the one point where human fallibility still comes into play.
The benefits of Blockchain are that it’s secure, low cost, decentralized, public and fast. Its ledger is distributed and can’t be manipulated, which are some of the many reasons why it’s used for cryptocurrencies such as Bitcoin. These same characteristics make it useful for IoT-based devices and transactions.
Challenges Equals Opportunity
As interesting as Blockchain may be for IoT networks and devices, there are some challenges. The right IoT solution provider can start addressing these challenges and turn them into opportunities. These challenges include scalability, legal and compliance, a definite lack of knowledge and skills around how to use Blockchain, storage capacity – especially for small, low-cost IoT devices – processing power and time.
It may be the case that IoT solution providers need to work with each other to solve for these issues. When solved, the solution will underpin the next generation of IoT devices and diminish the cloud of security that currently hangs over IoT.
This collaboration will take time, but those who partake will be the leaders in the next stage of IoT, a stage that will have firmer technological underpinnings, not be as reliant upon shaky industry agreements and evolving standards groups with constant in-fighting, and ensure security is built in at the start into every device, without shortcuts to meet low-ball budgets and artificial shipping deadlines.