Weaknesses in IoT Security
The Internet of Things IoT is a large network of things embedded with software, sensors, and similar technologies for the sole purpose of exchanging information with other systems and devices over the internet (Do-Hyeun and Hang, 2019). The Internet of Things also represents a set of techniques provided by specific identifiers that enable the conveyance of information and data over large networks without the help of human beings. The term IoT encompasses a variety of devices and networks that include Wi-Fi, Cellular, Bluetooth devices, health wearables, LPWANs, and ZigBee (Ahmad, Hang, Kim, 2018). The use of the IoT is quite vulnerable to attack. Indeed, the technique and process of hacking different IoT systems may not necessarily be to access consumer data, but also to harm the victims financially, endanger their lives, and put them at risk since these devices are connected with the activities they engaged in daily. Similarly, the devices of the IoT system are hacked and exploited to attack the internet infrastructure of the supplier companies (Bhattacharjee, Salimitari, Chatterjee, Kwiat, Kamhoua, 2017). In this research proposal, we examine the many weaknesses associated with IoT security, to better understand how Blockchain can be embedded to alleviate the challenge facing the IoT system.
The most common attack or vulnerability of most IoT systems is the denial of service attack which is abbreviated as DDOS. In this attack, the perpetrator makes a machine or an internet resource temporarily or permanently unavailable for its intended users by disrupting the services supplied to the users (Sicari, Rizzardi, Grieco, 2015). The DDOS attack is mainly achieved by sending a superfluous amount of requests to the targeted machine or internet resource; this is done to block of unable the delivery of services to consumers by simply overloading the system. There are two major types of denial of service attack; the network-centric attack where an attacker or hacker attempts to overload a database or a service to cause a denial of service. The second is that the hacker may have thousands or billions of hacked devices that act as soldiers for his hacking attempts; the attacker usually directs the soldiers or hacked devices to conduct huge attacks on institutions, enterprises, and vendors (Khan, Salah, 2018). As a result, it is critical to note that the IoT system opens itself to a diverse range of weaknesses and challenges that make the system unsustainable in the delivery of critical services.
It must be established that the security weakness of the IoT occurs because any device that is connected to the internet like the smart lamp lighting, smart car, or a surveillance camera contains a system that performs a specific task (Fernandez-Carames, Fraga-Lamas, 2018). The IoT is apt to hacking since the systems are usually weak and the infrastructure easy to infiltrate. The Research Gate discusses a range of security weaknesses for the IoT infrastructure. These weaknesses include the privacy problem that may put consumer information at risk, material damage as a result of the tampering of user devices, misusing the technology like monitoring users, and violating their confidentiality and privacy. The other risk of the IoT system is violating the use of location data like that of a car location. Closely tied to the IoT weaknesses are the security vulnerabilities that represent quite a paramount challenge for the IoT system (Zheng, Xie, Dai, Wang, 2019). There are vulnerabilities in the communication interfaces between the internet of thing and the user, weaknesses in the authentication process, inadequate methods to identify authorized users (Yuan, Wang, 2016). Failure to identify authorized users leads to an infiltration of unauthorized users posing a serious threat of data compromise.
Why Blockchain is a Solution to IoT Security
Building a robust security infrastructure for the internet of things has been a focal point of enterprises, vendors, and consumers alike for the past many years. The Blockchain which represents a distributed ledger technology used to oversee transactions has been viewed as an ideal solution to the growing problem of Blockchain security. The existing research shows that with a looming increase in IoT usage, most companies and vendors are considering the possibility of integrating Blockchain into the IoT infrastructure to solve the glaring security challenges of the IoT system (Gordon, Catalini, 2018). The existing evidence shows that the deployment of IoT leads to the emergence of a large surface of attack that demands end-to-end security and mitigation. The Blockchain represents a potent solution to the IoT security since many of the Blockchain mechanisms widely abbreviated as BCMs play a central role in securing IoT applications and being part of the security mosaic (Dubovitskaya, Xu, Ryu, Schumacher, Wang, 2017). The Institute of Electrical and Electronic Engineering IEEE notes that Blockchain offers a lasting solution for IoT security.
First, Blockchain contains strong and secure passwords that provide secure storage against data tampering, locks access to the existing pool of IoT devices, and completely shuts down compromised IoT devices (Ahmad, Hang, Kim, 2018). The ability to provide secure storage to a large pool of IoT devices, to provide secure passwords, and to destroy or shut down compromised devices ensures that Blockchain is a central component of the IoT security. For the Blockchain to be effective in IoT security, a board of the IEEE established that a range of issues needs to be considered including Blockchain mining. This means that the number of transaction records being entered in the bitcoin Blockchain requires a huge amount of power to be entered. However, IoT devices lack the amount of processing power required to enter any transaction records. The second challenge of integrating Blockchain into the IoT security infrastructure is storage space. The IoT devices produce a huge amount of data or data flow in real-time and the Blockchain can store only a limited amount of data at a time. This technical incompatibility must be solved to ensure that Blockchain finds a central application in IoT usage. The current Blockchain is vulnerable if a group of miners known as the Blockchain miners controls 50% of the mining hash rate (Dubovitskaya, Xu, Ryu, Schumacher, Wang, 2017).
Blockchain and IoT Integration
Lack of confidence in stored information or the cloud is a critical security challenge of the IoT system. The huge amount of data captured by IoT systems is often distributed and conveyed amid connected networks and devices (Panarello Alfonso et al.2018). The centralized architectures like the ones used in the cloud have provided immense opportunities for the growth of the IoT system, and the need for Blockchain is to afford the protection and safety mechanisms much needed to secure the system. This proposal recognizes the fact that albeit Blockchain presents a secure storage solution for data in enterprises and consumers, it equally presents an opportunity for the complex IoT systems. The Blockchain enriches the IoT system and network by simply providing a third-party network sharing service; where the information is reliable and can easily be traced. The existing empirical evidence shows that the IoT can greatly benefit from the functionality provided. The benefits that the integration of the IoT and Blockchain can bring include but not limited to; (a) decentralization and scalability which means that the shift from a centralized architecture to a peer-to-peer service P2P will remove any bottlenecks for failure as well as bottlenecks (Panarello Alfonso et al.2018). Decentralization and scalability will also occur by reducing the scenario where a few powerful enterprises control a huge amount of data of individual consumers.
Identity is a crucial advantage of integrating Blockchain with the IoT systems. By using common Blockchain technology, users can identify themselves. The data that is provided and fed into the system is usually immutable and identifies the actual, exact data that was provided by the individual devices (Ahmad, Hang, Kim, 2018). Autonomy will be boosted as a result of Blockchain and IoT integration since the Blockchain technology empowers the next-gen applications to autonomous systems. This makes it possible for the development of hardware as an asset and autonomous assets. With the Blockchain technology, the individual devices under the IoT can interact with one another without interference by servers (Bhattacharjee, Salimitari, Chatterjee, Kwiat, Kamhoua, 2017). Reliability and security are other paramount advantages of the process of integration. Essentially, Blockchain is more reliable as the information is immutable and can be distributed over large networks. The participants of this system can verify the authenticity of their personal information and data and ensure it is not tampered with. The secure deployment of the code is another advantage (Sicari, Rizzardi, Grieco, 2015). The integration of the IoT with Blockchain ensures that the secure and immutable security and storage functionality of Blockchain is utilized to ensure the privacy of the system (IoT and Blockchain).
Proposal and Design Architecture
The next section of this research looks at the design architecture of the integration. One of the most important elements to consider in the design architecture relates to interactions within the IoT. When designing the architecture, it would be important to decide and consider where these varied types of interactions will take place (Bhattacharjee, Salimitari, Chatterjee, Kwiat, Kamhoua, 2017). These interactions can take place in one of these three locations or areas; one is inside the IoT, the second is a hybrid design that involves the IoT and the Blockchain and the third is through the Blockchain. For this research proposal, the integration of the Blockchain and IoT system is mostly preferred and design architecture shall follow the hybrid approach although the other two models of integration shall also be considered.
IoT and IoT Design
The IoT and IoT design are appropriate in terms of security and latency as it can work offline. The IoT devices must be able to communicate with one another, convey and exchange information and data. A small part of the IoT data is stored in the BC and IoT interactions occur without relying on the Blockchain. This design is appropriate where IoT interactions occur with a relatively low latency rate.
In this network, all interactions go through the Blockchain system, before going through a network of immutable interactions. This model ensures that all the interactions and records are traceable as they can be queried by the Blockchain. Blockchain architecture paves way for the recording of user details and the nature of interactions; this information can be queried anytime to provide accountability and traceability (Bhattacharjee, Salimitari, Chatterjee, Kwiat, Kamhoua, 2017). The ability to trace interaction assures autonomy. This research proposal notes that recording information conveyed over IoT systems would require more bandwidth and large storage which is one of the most common challenges of Blockchain (Ahmad, Hang, Kim, 2018).
In the hybrid design, part of the interactions takes place in the IoT devices while some take place in the Blockchain. The hybrid approach combines IoT and Blockchain capabilities making it easy to draw meaningful realizations (Panarello Alfonso et al.2018). One of the most paramount challenges of the hybrid approach is selecting or choosing which specific types of interactions should go through the Blockchain architecture, and deciding this in real-time (Panarello Alfonso et al.2018). In this case, fog computing and clouding computing come into place to complement the challenges of IoT and Blockchain.
Possible Code Design and Implementation
Data extraction from the Blockchain will be achieved by using queries. Each query will have two parts; the query description and query statement. The query description describes the function that the query will be performing while the statement part involves the control of the query functioning.
Ahmad, S.; Hang, L.; Kim, D.H. (2018). Design and Implementation of Cloud-Centric Configuration Repository for DIY IoT Applications. Sensors18, 474.
Alharbi, Alhassan & Tawfik, Mohammed & Al-madani, Ali. (2015). A Review: The Risks and Weakness of Security on the IoT. IOSR Journal of Applied Physics. PP XX-XX.
Bhattacharjee, S.; Salimitari, M.; Chatterjee, M.; Kwiat, K.; Kamhoua, C. Preserving Data Integrity in IoT Networks under Opportunistic Data Manipulation. In Proceedings of 15th IEEE Intl Conference on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence & Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/ DataCom/CyberSciTech), Orlando, FL, USA, 6–10 November 2017; pp. 446–453.
Do-Hyeun, K, and Hang, L. (2019). Design and Implementation and the Integrated IoT Blockchain Platform for Sensing Data Integrity. The MDPI Official. Pg. 1 – Pg. 26.
Dubovitskaya, A.; Xu, Z.; Ryu, S.; Schumacher, M.; Wang, F. Secure and trustable electronic medical records sharing using Blockchain." In Proceedings of AMIA 2017, American Medical Informatics Association Annual Symposium, Washington, DC, USA, 4–8 November 2017.
Fernandez-Carames, T.M.; Fraga-Lamas, P. A Review on the Use of Blockchain for the Internet of Things. IEEE Access2018, 6, 32979–33001, DOI:10.1109/ACCESS.2018.2842685.
Gordon, W.J.; Catalini, C. Blockchain Technology for Healthcare: Facilitating the Transition to Patient-Driven Interoperability. Comput. Struct. Biotechnol. J.2018, 16, 224–230.
Khan, M.A.; Salah, K. IoT security: Review, Blockchain solutions, and open challenges. Future. Gener. Comput. Syst.2018, 82, 395–411.
Panarello, Alfonso & Tapas, Nachiket & Merlino, Giovanni & Longo, Francesco & Puliafito, Antonio. (2018). Blockchain and IoT Integration: A Systematic Survey. Sensors. 18. 2575. 10.3390/s18082575.
Sicari, S.; Rizzardi, A.; Grieco, L. A.; Coen-Porisini, A. Security privacy, and trust in the internet of things: The road ahead. Comput. Networks2015, 76, 146–164.
Yuan, Y.; Wang, F.Y. Towards Blockchain-based intelligent transportation systems. In proceedings of 2016 IEEE 19th International Conference on Intelligent Transportation Systems (ITSC), Rio de Janeiro, Brazil, 1–4 November 2016; pp. 2663–2668.
Zheng, Z.; Xie, S.; Dai, H.N.; Wang, H. Blockchain challenges and opportunities: A survey. Available online: HTTP: //inpluslab.sysu.edu.cn/files/block chain/blockchain.pdf (accessed on 10 February 2019)