IoT's Quest for Security and the Blockchain Promise

By Prasad Kandikonda

Vice President, Engineering

Multi-Tech Systems

August 28, 2018


IoT's Quest for Security and the Blockchain Promise

Though blockchain technology is hitting headlines as a possible security solution, it is leaving many still scratching their heads.

Internet of Things (IoT) security and privacy remain a major challenge, mainly due to the massive scale and distributed nature of IoT networks. Though blockchain technology is hitting headlines as a possible security solution, it is leaving many still scratching their heads. As it evolved solving problems in the financial industry, the technology itself seems very beneficial for addressing industries where many third parties exchange information, trust is involved and an immutable ledger needs to be maintained. Adopting Blockchain, however, is far from straight forward. Not only are there different flavors of the technology, there are public and private options and attention to existing data parameters must be considered. Ultimately, IoT customers need to consider multiple implementation challenges before opting for its ultimate promise of privacy.

Blockchain and IoT Devices

Blockchain is an evolution of crypto and database technologies to solve real-world problems created by double accounting and also to eliminate many intermediaries involved in settling transactions and the time it is taking to do them. Though blockchain-based approaches provide decentralized security and privacy, they involve significant energy, delay and computational overhead that is not always suitable for most resource-constrained IoT devices. IoT devices range from small sensors being used in residences to giant machines, such as those being used by GE and Boeing. In all of these cases, one very important consideration is the life-cycle tracking of the IoT device as it is becoming very critical to track this journey. There is no doubt that blockchain could be a very useful technology in solving this problem.

Blockchain vs. Distributed Database

Blockchain and distributed databases are very comparable in terms of what they can do. They connect different third-party entities and allow for exchange of data in a consistent way. Many of the features being positioned as unique to Blockchain can also be accomplished with distributed database technologies. For example, the feature like ‘smart contracts,’ which is becoming a useful extension (such as Ethereum and HyperLedger) can easily be accomplished by ‘stored procedures,' which is a feature of many database technologies. Likewise, the append only feature can be accomplished in DB using strict permissions and actions, executing a block of transactions can be done by ‘combining a group of actions’ into an atomic entity. So, it looks like many of the same things claimed as Blockchain features can be done by distributed databases. So, what does Blockchain bring to the table?

The first thing Blockchain contributes is the elimination of the middleman or entity who is responsible for maintaining all the distributed databases, their data integrity, software updates, etc. With Blockchain, there is no need for this intermediate entity. Every peer in the node becomes an owner and responsible for maintaining a copy of the DB and completely freeing up from ‘intermediacy.’

The second big benefit is availability. With Blockchain, the network is no longer dependent on any one node. Since the same data is maintained by all the peers, any peer can go down and come back without affecting the overall functionality of the network. Whereas in a distributed DB, if a node with critical information goes down, your network goes down. You can include additional redundancy and use SHARDing and other techniques with the conventional DBs, but the overall cost of the design goes up.

Different Flavors of Blockchain

There are various Blockchain networks that are out in the market. As of 2017, according to an independent research firm, there are at least 1,500 companies building Blockchain networks with a total of $519 million invested by different VCs. It all started with Bitcoin, followed by Ethereum, MultiChain, OpenChain, HyperLedger, and many more.

At a very high level, there are two types of Blockchains. One is public and the other is private, also being referred to as permission-less and permissioned, respectively. If you look at Bitcoin or Ethereum, they are public, which means anyone can join the network and participate in transactions. Whereas, with private Blockchains, you need to be authorized and authenticated before you can join the network.

The other big difference you’ll notice is Blockchains that would allow ‘smart contracts’ versus those that do not allow any program to be executed. With Bitcoin, you cannot do ‘smart contracts’ whereas with Ethereum, you can.

From a technology perspective, the other main difference comes in terms of what type of ‘consensus algorithm’ is being used for validating the blocks of transactions, how they are hashed and keyed into the Blockchain. The most popular among them are ‘proof of work’ (used by Bitcoin), ‘proof of stake’ (used by Ethereum) and ‘delegated Byzantine Fault Tolerance’ (dBFT) used by HyperLedger. There are others like Proof of Activity, Proof of Burn, Proof of Elapsed Time and Proof of Capacity.

The technologies also differ in terms of which allow mining and provide incentives to the peer nodes in terms on ‘crypto coins’ or where there is no mining allowed. Most of the public networks have some kind of crypto tokens awarded to the peers, whereas private ones do not do any.

Some of the newer technologies coming into the market are focused on speed and time of execution. In such cases, instead of waiting to create a block of transactions to insert into a blockchain, they are creating a single chain between peers participating in a dialogue and insert the transactions into this chain. Some examples of this are OpenChain, MultiChain, etc.

Decision is Ultimately Based on Data

In the world of IoT, depending upon the type of network and the bandwidth available and the processing power of the end-device, you have to choose your data parameters. In constrained devices, with very little memory and processing power, you end up sending all data upstream. At the edge, if you have a smarter gateway, you could do some screening and processing by adding business intelligence before pushing actionable data to the cloud. This is becoming more and more preferred as IoT customers want to conserve the bandwidth and operate on lower data plans.

It is primarily going to be a question of how much investment you can make on the edge device versus how much you can afford in terms of data plan and data storage. If you have a high-end device, most of the processing can be done at the edge and conserve the bandwidth and space. On the other hand, in some cases it may not be possible to do anything, as it is legally required to store everything originating from an IoT device. If it is critical data, you may need to track everything if some kind of auditing needs to be done at a later time. However, if it is like monitoring the temperature of a solar panel or the humidity of a farm field, it may not be a big deal.

So, how does Blockchain fit into the world of IoT? It may not be possible to add each end node of an IoT network into the blockchain. However, all the end nodes that go through an edge gateway can make the gateway participate in the validation/authentication using Blockchain techniques before transferring any kind of data into the network. The edge gateways and the capable end nodes can be enabled using Blockchain for key applications like authentication/validation, certificate rotation and validation, verifying firmware levels and security patches and also de-commissioning if deemed as rogue devices. There needs to be a high level of coordination and inter-operability between various entities participating in the Blockchain network to successfully deploy a solution.

Understanding the Challenges

Ultimately, one must consider all of the challenges before jumping on the Blockchain train.

  • Since the technology is still in its early stages, there is a general lack of full understanding on what it can do and cannot do. There is lots of skepticism.
  • There are many vendors providing Blockchain solutions, but all of them are not interoperable. This creates disparate systems.
  • All parties that are part of this solution need to agree and adhere to a common platform for a successful roll-out.
  • Since blockchain technology crosses many boundaries, keeping legal entities satisfied at each entry and exit point could be very challenging. Regulatory compliance is a challenge.
  • Since blockchain technology eliminates and removes the control for the third-party intermediaries, it will be hard to overcome the vested interest of incumbent agencies.
  • In some of the public Blockchain implementations, the response time for hashing and inserting a block into the chain can take a few seconds to a few minutes, with no guarantee.
  • There are also not many developers and consulting resources that can help easily implement Blockchain solutions.
  • Finally, there is also a dark connotation that Blockchain and Crypto currency are associated with some illegal, under-the-table kind of dealings. This myth needs to be dispelled before it can be largely accepted and becomes a mainstream technology.

Prasad began his 26 years with MultiTech by founding the company’s India software division in Bangalore in 1990. Since then, he has held progressive responsibility including unified communications, innovation and ultimately software across the MultiTech product line covering everything from legacy product to the latest in communications technology. Before joining MultiTech, Prasad was a systems engineer at Wipro. He holds multiple degrees including a masters in technical engineering from the Indian Institute of Technology at Kanpur and as well as an FTGMP in Management from the Indian Institute of Management in Bangalore.

Development and deployment of Internet of Things (IoT) and Low Power WAN (LPWA) solutions Design, Architect and deploy Cloud based management solutions for M2M and IoT devices Embedded Linux based Product and Systems Development - cellular gateways, networking routers Telecom and Datacom product Development - VoIP gateways, SMS gateways, Fax servers Management of Offshore Software Development Centers - India, Eastern Europe.

More from Prasad