Internet of Things (IoT) has pervaded every aspect of our lives. Smart homes, smart cars, wearables and RFID sensors testify to its ubiquity. What could be imagined only in a sci-fi movie two decades back has become a reality today.
You can switch off a heater in your home while sitting anywhere just by tapping your smartphone. You can have your coffee timed to be ready the moment you arrive home, or wake up in the morning.
Internet of Things (IoT) is gaining ground
Internet of Things (IoT) has been embraced by individuals and enterprises alike. One can gauge its popularity by the sheer number of IoT devices already in use.
There were around 10 billion IoT devices in 2018. A Business Insider report has estimated that there will be 20 billion IoT devices by 2020 and 64 billion IoT devices by 2025.
Figure 1: IoT has pervaded every aspect of our lives
Manufacturing companies have been the clear leader in the deployment of IoT. They have implemented IoT at every step right from procurement of raw materials, production to warehousing and transportation. IoT lies at the heart of logistic companies that track and trace every move of their fleet using high precision sensors.
IoT has penetrated its way into government projects as well. Los Angeles in the USA, for example, has 145,000 streetlights and 4,500 intersections fitted with IoT sensors.
Los Angeles has decided to collect data from city installed sensors, smartphones and smartwatches to be used for improving situational awareness. The city has collaborated with the California Institute of Technology on a project entitled ‘Quake Alert’ that uses sensors to detect tremors and alert citizens on time.
Even the armed forces have initiated steps towards the adoption of IoT. The US Army, for instance, has collaborated with Lockheed Martin to integrate and use IoT data gleaned from different platforms, such as weapon systems, aircraft, ground vehicles and troops to automate decision making. If successfully implemented, this would help them identify possible threats quickly and accurately.
Internet of Things (IoT) is vulnerable to attack and existing solutions are not effective enough
Picture a situation where a person steals your smartphone and switches on the heater in your smart home. Or worse, a person hacks your computer and gets the credentials for your home security system. Considering the fact that all IoT devices on any network are controlled using a central hub, this can be a very likely scenario.
In any IoT system, there is a centralized server that controls and manages the interaction among devices. It means even if the devices are placed next to each other they have to pass through a central hub. This centralization makes IoT devices susceptible to attack.
Adoption of IoT in any enterprise, be it a corporate office, a hospital, a power plant or a manufacturing facility entails the installation of additional devices. Each one of these devices can be a potential entry point for attack.
Besides, IoT devices run on low power and have less computing capability. As a result, they cannot have complex security protocols.
Most enterprises that implement IoT are blissfully unaware of the fact that IoT devices are manufactured with little oversight or regulatory control. They are designed to connect immediately through Wi-Fi or Blue Tooth. These devices are usually installed by individuals who have little knowledge of securing the device from external threats.
IoT devices installed in any facility need to be upgraded from time to time. Companies that provide these devices do not emphasize on upgrading them regularly. Even a slightly outdated device in an IoT network can be a potential entry point for hackers.
Craig Young, a cybersecurity researcher explains, “These companies sometimes have the intention of fixing a vulnerability like that through a firmware upgrade, but then never get around to it because they don’t want to disrupt the user base.”
Enterprises are trying to jump on the IoT bandwagon without contemplating the potential risks. It comes as no surprise that 48% of US companies using IoT have suffered security breaches.
Most of the IoT networks require just a username and password and sometimes a two-factor authentication for access. These security measures are not adequate by any means.
Biometrics could offer a possible solution here. Devices relying on fingerprint scan, facial recognition and voice recognition have been developed in recent years. These devices work on the principle that everyone has a unique fingerprint, facial features and voice. So only individuals who are biometrically verified would get access to the IoT network.
But biometric recognition technology is far from ready. Few devices can uniquely and consistently verify an individual’s identity.
What makes matters worse is that IoT is burgeoning and creating a large interconnected mesh of IoT devices. More IoT devices mean more security issues. We need solutions to fix these issues before things go out of control.
Blockchain can be a viable solution
Figure 2: Blockchain can be a viable solution to IoT security issues
Blockchain has gained attention over the past few years for being a decentralized digital ledger technology that can record and secure transactions. A transaction can involve a movement of goods, individuals or monetary value.
In a Blockchain network, several computers called nodes are present on a decentralized autonomous network.
Traditional IoT models operate on a client-server model where there is a central authority to control the network. Any hacker can attack this central authority and access any information across the entire network.
On the contrary, an IoT network powered by Blockchain Technology is decentralized. The entire digital ledger is distributed across all the nodes on the network.
The decentralized nature of Blockchain would prevent a single point of failure.
Targeting any individual node (computer) on the Blockchain for an attack would not help as other nodes would be notified immediately and resist the attack.
Hackers can gain control of the entire Blockchain only if they gain control of the majority of nodes on the network. This would be difficult in a Blockchain network, as all the nodes are inextricably linked to each other.
In any Blockchain network, all the transactions are immutable and cryptographically secured using a hashing feature. It means neither any node on the network nor an outsider can modify these transactions.
Besides, Blockchains follow a consensus protocol. Every transaction needs approval from the majority of nodes in the network before it becomes a part of the Blockchain.
In the context of IoT, it would mean that any transfer of goods or monetary tokens cannot take place across the network without approval from the majority of nodes.
Consider a supply chain where a product moves across multiple points before reaching the final customer. Every movement of the product gets captured through IoT sensors and is recorded as a transaction on the Blockchain.
If any product shows aberrant movement such as a missing or delayed delivery, the transaction will not be approved by nodes on the Blockchain. Besides, the entire network will be notified of this deviation.
Blockchains also have a unique feature called smart contracts. A smart contract is a piece of code which defines the rules of an agreement between two or more parties.
The agreement is executed automatically when certain pre-specified conditions are satisfied. Smart contracts ensure that the contract gets enforced and that too without an intermediary.
For example, consider a retailer that hires a logistics company to deliver products from the warehouse to the end customer. There is a smart contract between both the parties (retailer and logistics company) stating that the payment will be released (agreement) once the product reaches the end customer (condition to be fulfilled).
RFID sensors in the delivery vehicle track the product from beginning to end. When the product reaches the intended destination, the retailer gets notified and payment is automatically released and the smart contract is executed.
Challenges in using Blockchain solutions in IoT
Blockchain has been known to have scalability issues because of the complexity involved in validating transactions. Blockchain scales poorly as the number of nodes increases, and any worthwhile IoT ecosystem is expected to have a large number of nodes. Thus, scalability is going to be a key issue for IoT.
Blockchain involves verification and encryption of each transaction added to the network. This is a complex procedure and requires devices with very high computational power. Not all devices in any IoT network are equipped to handle computationally intensive operations characteristic of Blockchains.
Adoption of Blockchain in IoT would require developers having expertise in both the domains. Shortage of developers will pose difficulty in implementing Blockchain solutions.
In addition to all this, Blockchain is still in nascent stage and there are no compliance precedents to follow. Any enterprise implementing Blockchain solutions, therefore, would have to deal with issues of legal compliance.
The nodes present in any Blockchain network may operate from different locations and therefore different jurisdictions. Deciding which set of rules and laws should apply to the Blockchain would be difficult.
Blockchains enforce smart contacts but we are not sure if a smart contract would be considered valid in a court of law in event of any dispute. This challenge alone will prevent many enterprises from implementing Blockchain solutions.
Blockchain with its decentralized nature, immutability and cryptographic hashing feature has the potential to secure IoT ecosystems from potential threats.
However, we need to remember that IoT is no silver bullet. The technology is still in its infancy and most of the IoT networks are still not ready for integration with Blockchain. Add to it scalability issues, legal compliance hassles and a shortage of developers.
Blockchain is here to stay, but we need to wait before we see successful examples of large-scale integration of Blockchain with IoT.