Blockchain-Enabled Security and Privacy Schemes in IoT Technologies

Introduction and Motivation

Internet of Things

The last two decades have been catalyzed by developments on a myriad of technological fronts and these developments have severely affected the way in which society functions. Technology has been increasingly integrated with our way of living and daily life, ranging from the moment we w'ake up at home and use smart home appliances to the usage of integrated technology in the workplace to health monitoring and analytics of our sleep. This development has asymmetrically changed the way industries perceive and use technology and w'ith the incumbent developments they have been trying more and more to integrate them into their operations for efficiency. The reports suggest that the estimated count of connected IoT devices is set to rise to 50 billion by the end of this decade [1]. The ecosystem involves a myriad of elements such as: IoT devices, sensors, actuators, network elements (servers, routers etc.) and associated industrial machinery. In this pursuit of connecting conventional devices across networks and over the internet, the Internet of Things and Web of Things (WoT) have been pivotal in catalyzing and catering to this need. IoT as an emerging technology offers novel solutions and optimizing paradigms to both conventional and unconventional industrial operations. One such example of this innovative behavior is the case of innovative transportation in the field of Intelligent Transportation Systems (ITS) where IoT and associated technology have provided the ability for smart traffic management and traffic prediction through monitoring and predicting traffic location.

As discussed above, the Internet of Things or IoT encompasses a global network of nodes and devices that are addressable uniquely via standard communication protocols. The Internet of Things, which has witnessed a dramatic surge in the recent past, has had an immense impact on every aspect of human lives, ranging from wearable gear to sensors monitoring ecological changes in remote locations to regulating physical metrics in manufacturing processes. The set of devices or the “Things” which share a common resemblance in order to directly or indirectly connect to the Internet, operate within the confines of their functionality and exchange, analyze, process and deliver data in the common language; these sets of devices working in tandem are defined as “Internet of Things”. Although large swathes in advancement in technology have unequivocally reduced human intervention and have significantly integrated devices with the real world, the big question of privacy and protection in IoT devices has been left largely unaddressed and now presents a potential threat to the cyber landscape. The lack of a standard IoT framework safeguarding privacy across all platforms has been attributed to varied communication protocols, a multitude of programming languages and differing levels of distributed computing in devices, networking and perceiving data in real-time systems [2].

The developers and research community have been meticulously working to develop tailor-made frameworks and structures for specific platforms. In its pursuit of this, the community has encountered several challenges pertaining to hardware which involve energy efficiency, ranging from the lightweight computation of devices and sensors to virtual threats including encryption attacks which occur on system vulnerabilities and tend to impede system integrity. Privacy is another concern that many nations across the globe have echoed. Policy measures such as the EU’s General Data Protection Regulation (EU GDPR) have already been enforced with stringent rules for privacy yet there exist several challenges on the regulatory and technological front which this chapter touches upon in its first section. Industries such as healthcare, which incorporates one of the largest numbers of IoT devices, are especially under threat as revealed in the analysis by the Ponemon Institute and IBM. The most severe example of this is the case of Singapore, when an attack on SingHealth exposed the data of more than 1.5 million patients. The aforementioned cyber threats present us with a unique conundrum.

IoT Architecture

Every IoT system implemented globally is different; however, the data process flow and general architecture have some similarity. The first element is “Things”; this entails the nodes/devices that sense data from the environment via embedded sensors and actuators and are connected to the internet via appropriate gateways. The second layer includes the data acquisition systems and gateways that are responsible for gathering large amounts of raw and processed data (filtration, amplification and other associated electronic signal conditioning), and convert it into a digital form that is ready for further analysis. The third layer is where data visualization and intelligent control steps in, through which the processed data is transferred for long-term storage to data centers and cloud-based facilities which form the fourth layer.

FIGURE 1.1 IoT general Architecture.

These four layers are illustrated in Figure 1.1 of this chapter. The figures entail a five-layer architecture that comprises of:

• 1. Business Layer
• 2. Application Layer
• 3. Service Management Layer
• 4. Object Abstraction Layer
• 5. Perception Layer

The business layer is responsible for the management of all activities, services and development of business models, graphs, and flowcharts based on the data it receives from the application layer. Further, this layer is responsible for supporting the decision-making aspect, based on big data analysis and determining the course of action. The application layer is responsible for service delivery and acts as an interface to the business layer. Furthermore, it is responsible for providing a control mechanism for accessing data and provides global management of the application based on objects’ information processed in middleware. The service management layer is responsible for the pairing of services with their requester based on addresses and names, and for processing received data, making decisions and delivering the required services over network wire protocols. Furthermore, it is tasked to receive and process data from other layers. The object abstraction layer is responsible for the transfer of data produced by the objects to the service management layer. Also, it is responsible for transmitting data between devices and from devices to the receiver. Lastly, the object or perception layer is responsible for collecting sensor data in addition to digitizing and transferring data to the object abstraction layer. The details of the architecture and associated aspects are described in online literature [3-7].

TABLE 1.1

Vulnerability in loT device

Attacks that focus on IoT devices that have resource constraints have increased significantly in the past few years. The vulnerabilities in the security sector of the IoT technologies used are incessantly being identified; these technologies are used in both industrial and home environments such as sensors, industrial actuators, home appliances, medical devices, etc. The current state of affairs is exacerbated by defects in application, hardware chips that are faulty, and tamperable devices along witli misconfigurations.

This section aims to use a risk-like approach to examine cyber attacks with respect to IoT-enabled devices, so as to highlight its existing threat landscape and isolate hidden and covert attack paths taken against critical infrastructure.

In IoT-enabled cyber attacks, the device is the amplifier or the enabler of an attack; the perpetrator identifies and takes advantage of inherent vulnerabilities related to one or multiple layers of the device so as to achieve his/her goal. We classify IoT vulnerabilities in two primary classes: “Embedded Vulnerabilities” and “Network Vulnerabilities”.

Distinguishing IoT from Conventional Networks

Since its inception, IoT has experienced significant development in parallel to conventional networks. In comparison to the internet the network connection is established via physical links between web pages. Conventional networks are relatively more mature and well established on the technological front and can communicate via natural languages witli efficacy. This is the reason which substantiates the prevalence of traditional networks and ease of their operation. In the IoT domain the standardization efforts are in their infancy and currently require skilled programming experts to implement an application.

Blockchain: An Overview

Blockchain is defined as a “public, permanent, appended-only distributed ledger” [8]. The issue of trust in information systems is extremely complex and quite prevalent.

FIGURE 1.2 Blockchain Mechanism with use of reference Hash.

TABLE 1.2

Bitcoin node and functionality

This situation is exacerbated in the absence of audit and verification mechanisms, particularly in the case of systems handling sensitive information such as but not limited to financial and economic transactions. The problem of double spending is solved by enabling blockchain technology in a peer-to-peer network where there is an absence of a trust-based system. Blockchain enables verification of transactions by a group of unreliable actors. This aims to provide an immutable, distributed, secure, transparent and auditable ledger. The chain may be accessed openly allowing access to all transactions since the genesis transaction of the system. The protocol structures a chain of blocks that are linked to its previous block by a reference, thus forming a chain. Figure 1.2 describes the blockchain mechanism along with the use of a reference hash.

In order to support and operate the blockchain, network peers provide functionality which can include functions such as storage, wallet, and service and mining. Based on their functionality they can be part of different networks. Table 1.2 compares common types of nodes in bitcoin networks. Further, it does so establishing a consensus-based mechanism in which the nodes vote via their CPU power on the computation of a proof of work in the form of a hash for a given block which is based on the work that came previously.

Generations of Blockchain

Currently we are witnessing a critical shift toward distributed applications. This enables decentralized data sharing via secure transactions. This section reviews the emergence of blockchain in form generation starting from Blockchain 1.0 to Blockchain 4.0.

Blockchain 1.0: Bitcoin and Cryptocurrency

The first ever recognized generation of blockchain can be attributed to the rise of distributed ledger in form a virtual currency/coin, Bitcoin. The virtual coin enabled users to perform financial transactions over the internet. In addition, the currency is also referred to as “cryptocurrency” as it uses two keys to enable and authenticate the transaction:

Public Key: for verification of the legitimacy of the transaction Private Key: for signing the transaction (enablement)

The Bitcoin ledger is composed of states of ownership of all existing bitcoin users informed of transactions between states, and output of any transaction state is essentially the transactional value if the transaction was successful. The copy of the above finite-length state transition system is maintained as a ledger record by the nodes of the network. The roles of third parties were eliminated in this decentralized and anonymous system as the proof of work is carried by hashing schemes based on Hashcash [9] and SHA-256 [10].

Figure 1.3 above illustrates the bitcoin transaction process, wherein the purchaser is referred by the entity to his signature which is a 16-digit encrypted code. The

FIGURE 1.3 Public Ledger in a Bitcoin(BTC) network via State Transfer Function(STF).

signature is decoded by the purchaser at his receiving node, thus making the currency digital in nature over a decentralized and anonymous network.

Blockchain 2.0: Smart Contracts and Ethereum

The advent of Bitcoin (BTC) marked the rise of decentralization in computing, but the limited purview of BTC renders it unsuitable for general-purpose applications. This requirement of general application based systems was felt and in 2013 this was catered for to some extent with the launch of Ethereum. Ethereum is a blockchain coupled with an inbuilt Turing Complete programming language; this solved several scripting-based issues in BTC. This enabled users to create virtual ownership, the format for specific transactions and the state transfer function. This facilitated the growth of computer programs which existed and executed in a block chain—“Smart Contracts”. These execute on their own in an autonomous manner through a set of predefined conditions. This resulted in reduction of the cost of verification and arbitration and enabled greater transparency in a transaction.

Figure 1.4 depicts the implementation of a smart contract on an Ethereum Blockchain. This includes a 20 В address and an STF. The contact code gets saved, authenticated and executed on a blockchain; each transaction comprises the following components:

• 1. Nonce
• 2. Ether Balance

FIGURE 1.4 Illustration of a Smart Contract between two contracting entities.

• 3. Code Hash
• 4. Storage Root

Blockchain 3.0: Convergence toward Decentralized Applications

There is a lack of infrastructure evident as the existing technology is unable to sustain the volume of micro transactions with the prevalence of smart contracts. Consequently, there has been a shifting trend for blockchain toward decentralized networks and eventually a decentralized internet. This will integrate information storage, Smart Contract and communication networks. Thus there is a strong need for decentralized applications or D-App which have their backend enabled on Blockchain.

Blockchain 4.0: Seamless Integration with Industry 4.0

With the rise of decentralized applications there is a need for a common platform which will be a confluence of a myriad of applications and services that facilitate cross-platform communication. This enables entities to collaborate from distinct platforms to collate and work a single unit thus catering to the requirement of Industry 4.0. Industry 4.0 is used to label the trend in industry which emphasizes automation and confluence of cyber space with physical space in conjunction with IoT, Artificial Intelligence and cognitive computing.