CRP with University of Wollongong

Enhancing IoT security with Blockchain Technology

Data61 SCS, University of Wollongong
Partners: Prof Willy Susilo

It is an undeniable fact that the Internet of Things (IoT) has been part of our daily life, as it enables new opportunities and provides significant advantages for businesses in the current and forthcoming market. IoT deals with simply everything. It is not merely about data, but it also involves how, when, where and why we collect them. IoT has empowered everything to be connected to the Internet. With IoT, sensors, devices, gateways on the edge of the network, and even home appliances, can now request services or conduct actions without any user intervention.

The interconnectivity that is created by IoT has brought new challenges to keeping the IoT secure, and to ensure that any part of the IoT cannot be used as a mechanism to launch an attack against other enterprise IT systems. The International Data Corporation (IDC) has estimated that 90% of organisations that implement IoT will suffer from an IoT-based breach of back-end IT systems by 2017.

The primary challenge faced in IoT deployment is due to its centralised, brokered communication models, which are commonly known as the client/server paradigm. All connected devices will be identified, authenticated and connected through the servers that have massive processing power and storage capabilities. This enforces that connections among devices will have to go via the Internet, even though they happen to be located just a few metres apart.

Existing solutions for enabling IoT remain expensive due to the need for high infrastructure and maintenance cost related to centralised cloud servers and networking equipment. Due to the architecture of the system, the cloud servers will be a bottleneck and point of failure.

In this CRP, we focus on several specific challenges that will benefit IoT security:

  1. Decentralising IoT: the main bottleneck of IoT adoption is due to the centralised IoT model. Hence, we will first propose an approach to adopting a peer to peer communication model that will prevent the failure of any single node in a network from halting the entire IoT system.
  2. Blockchain Technology: we aim to incorporate blockchain technology, which offers a way to record transactions in a secure, transparent, and auditable manner, into IoT to create a more cost-effective security protection.

Blockchain is well-known as the backbone technique for enabling cryptocurrency. Blockchain is a decentralised database which maintains a public ledger. The construction of blockchain is made possible through public key cryptography. In this public ledger, all users, instead of a trusted central party, are involved as peer nodes to maintain the continuously growing chain. Blockchain enjoys numerous attractive features such as being distributed, autonomous and trackable. Peers can join and leave at their own volition, which makes the system very flexible and practical.

Blockchain is a promising tool for securing decentralised IoT systems where the validation and consensus of huge amounts of transactions performed by the IoT devices form a major challenge. The publicly verifiable nature of blockchain allows IoT devices to securely share data or execute smart contracts among multiple entities or partners without involving any trusted central authority or auditor.

The main drawback of blockchain, which underpins the bitcoin protocol, is due to its weak privacy protection. As all transactions are public, anyone can validate the transactions and hence, transaction privacy is compromised. Therefore, users can easily be identified by the addresses instead of their real-world identities. While transactions are identified with pseudonyms, the re-use and co-use of the addresses will make it possible to link several addresses to the same user and to eventually map the addresses to the real identity.

These drawbacks make blockchain impractical or less attractive to be used directly in IoT, as privacy is being violated when it is implemented using blockchain technology. Nevertheless, blockchain is currently the most promising solution for enabling a secure decentralised IoT. This is because the ledger is tamper-proof and it cannot be manipulated by malicious users, as it is not located in any single location.

To address the gap between securing IoT and incorporating blockchain technology, we aim to deliver the following technical objectives:

  1. Develop the construction of a lightweight privacy-preserved blockchain technology.
  2. Adopt the proposed technology to provide a new architecture for secure IoT.
  3. Present new applications of the new blockchain technology.

On the positive side, we will be able to achieve several applications that will result from this new cryptographic primitive. To name a few, we aim to develop a practical cryptocurrency with a customisable trade-off between efficiency and privacy. From the example of Zerocash, we know that strong privacy preserving features can be achieved using a protocol like zk-SNARKs. Nevertheless, the resulting scheme is rather inefficient as to mint a coin will require one or two minutes for just its creation. This makes Zerocash impractical for the IoT environment where many devices have limited resources and computing power. On the other hand, CryptoNote has better efficiency but weak privacy. With the proposed privacy-preserved blockchain, we aim to achieve a customisable trade-off between performance efficiency and privacy protection for the heterogeneous IoT environment. This is an example of applications that will be achieved in addition to creating a new infrastructure for IoT.

In addition, we aim to achieve new cryptographic primitives, which will be of independent interest. These include a new ABE with new features, such as a flexible access policy while maintaining its privacy preserving property, and cryptographic protocols with anonymity features, such as ring signatures and linkable ring signatures that have applications in cryptocurrency.