By: K. Yadav
IoT security becomes an important research topic in recent times, due to the exponential growth of high-speed networks and smart devices. IoT devices are resource-constrained devices containing sensors that are interconnected via a network . IoT devices have a wide application these days. They can be used for making health monitoring devices, surveillance cameras, and weather alert systems.
IoT security attacks
As IoT devices are tiny and resource-constrained, in current days, they exist in billions of numbers and are decentralized around the world. Since IoT devices are resource-constrained in nature, several layers of security protocol cannot be embedded inside them, which results in several security attacks. It’s decentralized nature leads the adversaries to have control over it. Moreover, since thousands of IoT devices are connected to the same network, the gain of control over one node puts other IoT nodes at risk. These days, the possible attacks are very large in number and can be categorized into three groups on the basis of the severity of the attacks . The corresponding attacks in each category are shown in figure 1.
Low-level attacks are concerned with the physical and data link layers of the IoT network. For example, a Jamming attack produces radio frequency signals without following any specific protocol, which creates interference of signals and slows the working of IoT nodes. Similarly, spoofing attacks attempt to change the MAC address of a malicious user to benign users denying benign users to connect with the IoT network.
These attacks are concerned with routing, communication, and session management and mainly occur in the transportation layer of an IoT network. For example, unsecured communication may give adversaries a chance to read the data propagating between the nodes. The information gained then may be used for several malicious purposes.
As the name suggests, these attacks are usually associated with higher OSI layers such as application layers. Insecure interfaces in the application layer may lead to several attacks, such as XSS and SQL Injection.
Blockchain based IoT security
A blockchain is a decentralized peer-to-peer network that stores a registry of immutable transactions  . A block contains the hash of the previous block along with different things such as balance, nonce, etc. Since the blocks are interconnected by the hash, the change in the hash of one block changes the hashes of the entire blockchain. Additionally, when any blocks are added to the network, it is validated with the help of consensus algorithms making a transaction immutable and non-deletable. Another term associated with blockchain is called a smart contract. The smart contract is the transaction that executes a series of functionality whenever any user completes the term of the contract. The immutable property of a blockchain makes blockchain very secure. These immutable properties can be greatly used in solving several security issues in IoT, such as authorization and authentication. Similarly, smart contracts also act as a powerful means to enhance security in IoT networks. Some major security areas where the potential of blockchain can be integrated for security enhancement are listed below.
IoT security by Data authenticity and Integrity
IoT networks act as a medium to transfer several data. Sometimes attacks like Man-in-the-middle may inject deceptive information and redirect it in an IoT network . To prevent such attacks, blockchain can act as a third party to verify this information before further propagation in a network. Similarly, attacks like DNS poisoning alter the DNS table for various malicious activities . When IoT is integrated with the blockchain network, the immutability property of blockchain may prevent DNS poisoning.
IoT security by Identity and Access Management
The ownership of IoT devices changes with time . When the identity of an IoT device is integrated with a blockchain network, it can be greatly benefitted. Whenever it is resold, the ownership can be changed or revoked with the help of smart contracts. Moreover, if an IoT device gets stolen, it becomes very hard for the thief to tamper with it’s identity. In , authors have developed a method called TrustChain to register ownership and for tracking IoT devices.
IoT security by improving Authorization and Privacy
These days, IoT devices use various authorization mechanisms such as OAuth 2.0, OpenID, OMA, RBAC . The problem with these authorization mechanisms is that they are very complex in nature for resource-constrained devices like IoT. Instead of these protocols, smart contracts mechanisms can provide better authorization techniques for single as well as multiple users.
With the help of smart contracts, several rules can be set up for an individual while using IoT devices such as time duration, software update authorization, and updating keypairs. Making restrictions with the help of smart contracts on these kinds of access mechanisms can greatly enhance the security of an IoT network.
Reliable and secure communication.
IoT follows HTTP, XMPP, MQTT as a protocol to communicate between the nodes . Such communicating protocols need to be wrapped inside other protocols such as TLS for secure communication. Similarly, for routing, key management is done through a protocol called PKI. The use of blockchain can eliminate the key management requirement as each IoT device has its own ID registered to a blockchain network initially. The requirement of handling and exchanging PKI certificates then becomes not necessary, and securing the communication becomes very much smooth.
- Krčo, Srdjan, Boris Pokrić, and Francois Carrez. “Designing IoT architecture (s): A European perspective.” 2014 IEEE world forum on internet of things (WF-IoT). IEEE, 2014.
- Khan, Minhaj Ahmad, and Khaled Salah. “IoT security: Review, blockchain solutions, and open challenges.” Future generation computer systems 82 (2018): 395-411.
- Nofer, Michael, et al. “Blockchain.” Business & Information Systems Engineering 59.3 (2017): 183-187.
- Cekerevac, Zoran, et al. “Internet of things and the man-in-the-middle attacks–security and economic risks.” MEST Journal 5.2 (2017): 15-25.
- Mann, Prince, et al. “Classification of Various Types of Attacks in IoT Environment.” 2020 12th International Conference on Computational Intelligence and Communication Networks (CICN). IEEE, 2020.
- D.U. Sinthan, M.-S. Balamurugan, Identity authentication and capability based access control (IACAC) for the Internet of Things, J. Cyber Secur. Mob. 1 (4) (2013) 309–348.
- . Otte, M. de Vos, J. Pouwelse, TrustChain: A Sybil-resistant scalable blockchain, Future Gener. Comput. Syst. (2017). http://dx.doi.org/10.1016/ j.future.2017.08.048.
- S. Emerson, Y. Choi, D. Hwang, K. Kim and K. Kim, “An OAuth based authentication mechanism for IoT networks,” 2015 International Conference on Information and Communication Technology Convergence (ICTC), 2015, pp. 1072-1074, doi: 10.1109/ICTC.2015.7354740.
- Dipesh Signla, Sudhakar Kr (2021) Blockchain for Data Science, Insights2Techinfo, pp. 1
Cite this article:
K. Yadav (2021) Blockchain for IoT Security, Insight2Techinfo, pp.1