Could Blockchain Prevent the Internet of Vulnerable Things?
The Internet of Things is coming. Unfortunately, connected devices have a variety of vulnerabilities and almost any smart device is a vulnerable device. Security issues include technical problems (outdated software, insecure data transmissions, etc.) and people problems (simple and default passwords, public Wi-Fi, etc.). As more devices connect to the internet and each other without proper security, the Internet of Things will quickly become the Internet of Vulnerable Things.
With the Internet of Things being around the corner now, it is time to start securing connected devices. Especially, because the main driver behind the Internet of Things is nearing completion in the coming years: 5G. 5G will be the main driver behind the Internet of Things, and without it, the Internet of Things will remain an illusion. So why do need 5G and how can we prevent the Internet of Vulnerable Things?
Why the IoT Needs 5G?
The benefits of 5G compared to 4G are substantial. 5G will not only offer network speeds as high as 10Gbps but also enable lower communication latency – up to 1 millisecond. The combination of high speed and such low latency will enable new products, applications and services that are currently not possible. Simply, because currently, it takes too long for data to move between a device and a data centre (where the data crunching is done). 5G will also support the massive increase in connected devices expected with the Internet of Things. Gartner predicts approximately 50 billion devices to be added in the coming decade resulting in around 100 trillion connected sensors by 2030.
Why are these features important for the Internet of Things? Simply consider a self-driving car; a car travelling at 100 km/hr would travel 2,7 meters further before the breaks are applied if there is a latency of 100 milliseconds. Obviously, that would be unacceptable. The same would apply to games, drones and many other (industrial) applications.
The Convergence of 5G and IoT
Thus, the convergence of 5G and the Internet of Things will drastically change society. The global IoT market is expected to grow to $6.5 trillion by 2024. When you have billions and billions of devices connected to the internet, it changes your perspective, especially when these connected devices are becoming truly smart thanks to machine learning and AI. IoT devices will become a lot better at understanding the user and adapting the product or service to the needs and context. Software updates will be done over the air, reducing the need to constantly buy a new product.
The Internet of Things will be all about automated actions based on data generated by the connected devices and its surrounding. For example, you have a connected thermostat, and your car knows that you are driving home; your car knows that the temperature is low in your house and tells the thermostat to turn up the heating. When you arrive home, it is nice, warm, and cosy inside. Of course, this is only an example for your home. The Internet of Things offers tremendous potential for enterprises. However, all this potential value will disappear if security remains an issue.
The Internet of Vulnerable Things
In my 2019 technology trend prediction, I wrote that a world full of connected devices and autonomous things has the potential to be a dangerous world. Security is not a core competence for IoT manufacturers and, as such, hackers will always have an unfair advantage.
Especially, since Internet of Things devices are often developed using many different products from many different suppliers. While there are several unified platforms emerging that cover IoT security standards, such as MIDAS, Unify IoT and Universal Internet of Things Platform, you could be dealing with dozens of devices whose suppliers don’t have the same protection in place. Outdated firmware and software could also make it easy to exploit IoT technology and use it as a point of attack.
The sheer variety of form factors, operating systems, feature sets and vendors introduce complications that current IT security resources may be unable to cover. Therefore, when datafying your organisation and introducing connected devices in your organisation, or you are developing connected devices for your customers, a complete re-evaluation of your IT security strategy and the personnel’s mindset is important. You do not want that your connected device is ‘responsible’ for the next DDoS attack that will bring down the internet again.
Identity, Reputation and the Internet of Things
One way to prevent the Internet of Vulnerable Things is using IoT reputation. Reputation is especially important with the Internet of Things. Just as humans should be able to trust each other, connected devices have to trust each other as well if they want to collaborate and perform transactions. After all, doing business with a malware-infested connected device is bad for business. But how can you determine and ensure the reputation of a connected device? Moreover, how can we create a system that incorporates all aspects of reputation, without invading privacy? To achieve that, we have to turn to blockchain technology.
Just like humans, connected devices and sensors also have an identity. This identity consists of attributes. An attribute is a characteristic or feature of that device. Each of these attributes has different, uniquely identifiable characteristics, and the combination of them constitutes a device’s identity. An IoT device also has a reputation: how reputable is the device, does it indeed do what it should do. Finally, IoT devices also have a shadow reputation. This revolves around the other devices in the same network and the reputation of those devices. A connected device linked to another device that contains malware is less valuable.
A connected device’s or machine’s identity can be defined by the 5P’s. It is personal (it is about that particular device or machine), portable (meaning the data can be easily shared in a secure way with other devices), private (the device controls the identity and data), persistent (it does not change without consent) and protected (the identity and data cannot be stolen). Ensuring IoT devices adhere to the 5P’s of identity is a key requisite to prevent the Internet of Vulnerable Things.
Blockchain and the Internet of Things
To enable the 5P’s of identity for connected devices, blockchain is important. With a decentralised network using distributed ledger technology data becomes immutable, verifiable and traceable. A device that is part of such a blockchain network will fulfil the 5P’s of identity:
- Personal: data created by a device registered on a blockchain can always be linked back to that device. As such, we will always be certain that the data used is indeed from that particular device and not another device that tries to mimic the original device.
- Portable: data can be easily shared and paid for with micro- or picotransactions. A single bit of data can contain valuable information and using a token it can be sold to another device. Smart contracts would ensure that that data will automatically be shared once the funds have been transferred.
- Private: only registered devices can store data on a particular blockchain. By decentralising the control of data, it becomes possible to avoid exposing data to centralised parties and/or irrelevant or unreliable peers.
- Persistent: data on a blockchain is immutable so that no hacker can alter the data for their own benefit. This has a lot of benefits when exchanging data among devices and organisations, especially in supply chains, as the other party can be certain that the data has not been changed since it was created.
- Protected: with data and an IoT’s identity stored on a blockchain removes the need to trust each other, and with no centralised single point of failure, DDoS attacks become a lot more difficult.
The convergence of blockchain and the Internet of Things will greatly reduce the chances of a large data breach, hack or attack. However, it does not free the manufacturers and organisations of their duty to ensure the correct security measures are built into the connected device – none-standard passwords and end-to-end encryption should be required for all connected devices.
The convergence of 5G, blockchain and the Internet of Things could drastically change how we organise our society and how we run our businesses. However, if done incorrectly it has also the chance to drastically disrupt our society as we have seen with the IoT DDoS attack in 2016 that brought down half the internet. Blockchain might greatly increase the security of an Internet of Things network. However, if the devices itself are still insecure, the Internet of Vulnerable Things will still have major consequences. The coming years will show how we will manage to build secure IoT devices that can be connected using a decentralised network while benefiting from the high speeds and low latency of 5G.