Security is crucial when developing any solution that involves the Internet of Things (IoT). According to Deloitte’s 2018 Risk Management Survey, 62% of CEOs and 75% of boards cite cybersecurity and technology acquisitions as top priorities. When handling so much information and acting upon it in ways that will benefit operations, a company must be able to trust that the data collected by IoT devices hasn’t been stolen, altered, or otherwise compromised by hackers or other bad actors.
The main challenge in securing an IoT deployment is a feature that is also inseparable from IoT: multiple points of entry. Sensors, smartphones, and other edge devices that connect to an IoT network have the potential to be breached if they aren’t properly secured. This is why developers give priority to ensuring that IoT devices are secure by design with multiple layers of protection. Once breached, even a smart device as innocuous as a doorbell can be a hacker’s path to private data.
According to Gemalto’s Breach Level Index, more than three billion data records were compromised by cybersecurity breaches in the first half of 2018 alone. As more IoT devices enter regular use, meeting these security challenges will become even more fundamental to IoT development.
Protecting Data through Decentralization
One promising solution to IoT cybersecurity is blockchain. Famously known as the underlying technology for cryptocurrencies, such as Bitcoin, blockchain is a decentralized method of data storage that is often described as a distributed digital ledger. Information—usually transactions, in the case of cryptocurrency—is stored in data blocks that are strung together in a digital chain shared across the network.
Each device in the blockchain network has its own copy of the blockchain that participates in authenticating the whole. Each time someone submits information to the digital ledger, the rest of the devices check to make sure the transaction is valid and forms a new block with a unique digital fingerprint. If the devices cannot reach consensus on the block, then the information is rejected. Blockchain’s consensus method of authenticating information makes IoT data significantly more difficult for hackers to manipulate. Instead of a central system that only needs to be breached once, a hacker intent on compromising a blockchain would need to breach a majority of the devices on the blockchain network.
Blockchain technology can be used to secure both IoT systems and devices against attack from outside sources, and protect data exchanges between IoT devices. In an IoT blockchain, authentication, data verification, and security decisions are made by every device on the network as opposed to the central IoT platform. If the blockchain determines device activity to be abnormal in a way that indicates a data breach, the platform can instantly deny the device access to the network and signal a security alert for system managers to investigate.
In addition to decentralizing IoT security, blockchain can also decentralize data storage. In this case, if a hacker was to breach an entry point, they would be unable to access full repositories of data stored on the system. Users can archive data on the blockchain and grant unique permissions to third parties as necessary. To revoke access, a user or the platform simply has to deny that unique permission.
Current Challenges with IoT Blockchain Implementation
While blockchain is a promising way to secure IoT devices, there are a few challenges with implementation. For example, the technology requires a large amount of processing power that is currently out of the scope of many IoT devices. Current blockchains also are vulnerable if a group of users control more than 50% of the network’s devices. Due to the global distribution of nodes in applications such as a cryptocurrency, this amount of control is nearly impossible in most blockchains. However, a smaller, more localized IoT blockchain deployment could be more vulnerable. To prevent hackers from gaining a majority control of smaller IoT deployments, each device will still require current IoT defense-in-depth security solutions such as VPNs, certificate-based authentication, unique identities for devices that are built into the hardware, and hardware-enforced barriers.
Despite the implementation challenges, however, blockchain holds significant potential for the security of IoT networks. NASA recently released a study regarding its use of blockchain technology to secure air traffic services against denial-of-service and other cyberattacks, and organizations, such as the Trusted IoT Alliance are dedicated to implementing a secure IoT blockchain network. As these efforts continue, it is highly likely that blockchain will be a potent tool for ensuring cybersecurity in IoT.
Security for Your IoT Deployment
Robust security is at the forefront of an agile, cost-effective, and scalable IoT solution. That’s why Aeris is dedicated to making sure our network is guarded with ironclad protection. From connectivity solutions that are secure by design to our industry-leading connectivity platform, Aeris technology sets standards for tomorrow’s enterprise IoT deployments.