Blockchain is expected to be instrumental in a digital transformation in the coming years, especially in the field of IoT. But there are technical hurdles to overcome largely because most IoT devices lack the adequate computing power to participate in blockchains directly. That said, as with most IoT initiatives, a small thing like power isn’t going to stop the world from trying.

You just have to look at the importance of cryptocurrencies, which rely on blockchain to operate, to see the potential. Cryptocurrencies, which allow people to move money in the same way they move information on the internet, are being traded in huge sums.

There are currently more than 900 different cryptocurrencies being traded and the most popular, the Bitcoin (BTC), has a market cap of over $40 billion with daily volumes averaging $1 billion and peaking at around $2 billion.

Besides providing real opportunities for cyber criminals and clever, high risk, traders, our interest in cryptocurrencies has proven that blockchain is a viable technology to exponentially grow the IoT ecosystem.  At the moment though, technologists are grappling with exactly how it will do this.

Most of today's IoT ecosystems are built around a centralised, brokered communication model.Click To Tweet

The future of IoT is decentralised

To understand the need for technologies like blockchain for IoT, we need to understand the problem IoT will be facing in the future. Most of today’s IoT ecosystems are built around a centralised, brokered communication model.  All the IoT devices in the system are known and authenticated by and communicate through a centralised, large cloud which provides huge amounts of processing power and storage.

At its basic level, any two IoT devices exchanging information are brokered through the central system, even if they are a couple of feet away. They rely on a private network and internet cloud servers to exchange even the smallest bit of information. While the cloud provides immense potential for computing and storage and will continue to persist as a design pattern for small scale IoT deployments, this central model will not be able to cope with the huge ecosystems we expect to see shortly. Even if centralised cloud servers could accommodate the scale in an economical fashion, they are still the single point of failure for the whole ecosystem.

For an ecosystem of devices to scale to millions or even billions, a decentralised approach is preferred in which each device represents an autonomous system. All communication and information exchange between devices, servers and services of the ecosystem should be based on distributed protocols. This is where blockchain can help.

In fact, IBM in partnership with Samsung has published a proof of concept whitepaper for a system, known as ADEPT, that uses elements of blockchain to create distributed networks of autonomous devices to form a decentralised IoT ecosystem.

It notes that any protocols used by the autonomous systems should be secured, authenticated and distributed and that each node in the ecosystem should be able to perform in a distributed fashion three things: messaging, file sharing and coordination.

It’s obvious IoT devices need to be able to message its ecosystem to alert it to a change in the environment, and do so in a distributed, secure and authenticated way.

But current IoT messaging systems such as MQTT use a central broker design, and while they can be secured and authenticated, they can’t scale to support millions or billions of devices without complex hierarchical designs.

So we are starting to see the development of new peer to peer messaging systems which provide encrypted messaging, low latency, and guaranteed delivery, store and forwarding of messages whereby the message can ‘hop-on’ to other devices. Known as Distributed Hash Tables, these allow devices to create their hashtag and find other devices in its network. We’re likely to her more about Telehash to name just one approach, which is an emerging open source version of this messaging technique.

Of course, there are times when files need to be shared – like software updates or configuration settings. Bittorrent is well known as a robust peer-to-peer file sharing protocol. But it’s still not enough.

When there is a need for an actual transaction, like payment, Blockchain will be the technology of choice, as it provides a decentralised ledger where autonomous ‘things’ in the network can follow the rules and verify the validity of transactions without relying on a central authority or human.

What’s more every device in the system keeps a complete history of all the transactions performed in the whole ecosystem and as it’s tamper proof it’s fundamentally secure which is essential if you are building complex networks where life or death is at stake – there is no risk of a ‘man in the middle’ cyber attack.

Combine all this together and IoT becomes smart, self-supporting and self-sustaining. Blockchain allows devices to make the right decisions at the right time and log the history, ideal for situations where there must be a ledger of transactions for regulatory compliance. It will even go as far as to fix the ecosystem if something breaks based on the protocols its programmed to follow.

However, we can’t get carried away yet. IoT ecosystems aren’t always closed; sometimes they need to talk to another ecosystem or network. This inherently brings risk as you create a bridge from one system to another. The minute an API or a web application in the cloud is introduced to create this bridge so you create a target for a hacker.

Consider the recent DDoS attacks on the Bitfinex and BTC-e Bitcoin exchanges, and theft of cryptocurrency in the case of Classic Ether Wallet. It wasn’t the blockchain nodes that targeted it was the web services they relied on. Plus you can’t always rely on the inherent security of the blockchain technology. If it’s not implemented correctly, you introduce weakness, as happened when a hacker exploited a blindspot in some code on the Etherum Investment Fund platform, draining it of around $53m worth of digital currency in a few hours.

What’s curious about all of this is that many of the technologies being developed using blockchain are similar to the botnets hackers have used to cause havoc – even the IBM and Samsung pilot is strikingly close. So while we strive to create secure smart IoT ecosystems, we have to build in security. Blockchain is going to be a large part of the puzzle in the future, but it is only ever going to be as good as the humans who design it – inadvertently put in a flaw and you destroy utopia.

 

Previous articleCustomer Intelligence and Security – Let’s talk AI – SAS’ Peter Pugh-Jones
Next articleIndustrial Internet and IoT – Unboxed – Mark Homer from ServiceMax (GE Digital Company)
As the EMEA Cyber Security Evangelist for Radware, Pascal helps execute the company's thought leadership on today's security threat landscape. Pascal brings over two decades of experience in many aspects of Information Technology and holds a degree in Civil Engineering from the Free University of Brussels. As part of the Radware Security Research team Pascal develops and maintains the IoT honeypots and actively researches IoT malware. He discovered BrickerBot, provided the updated Hajime report and follows closely any development and new threats in the IoT landscape.  Prior to Radware, Pascal worked with the largest EMEA cloud providers on their SDN and next gen data centre strategies as a consulting engineer for Juniper. As an independent consultant Pascal architected sensor networks, automated and developed PLC systems and lead security infrastructure and software auditing projects. At the start of his career he was a regular presenter at IBM conferences for Perl and Unix kernel development.