How Blockchain can protect IoT devices from cyber attacks

T the world is full of connected devices – and others are coming. In 2017, there were about 8.4 billion Internet-enabled thermostats, cameras, street lamps and other electronic devices. By 2020 this number could exceed 20 billion and in 2030 there could be 500 billion or more. Because they will always be all online, each of these devices – be it a personal assistant for speech recognition or a pay-by-phone meter or a temperature sensor in depth in an industrial robot – will be vulnerable to a cyber attack and could even be part of one.

Today, many "smart" devices connected to the Internet are made by large companies with well-known brands such as Google, Apple, Microsoft and Samsung, which have both technological systems and incentive marketing to quickly solve any security problems. But this is not the case in the increasingly crowded world of smaller Internet-enabled devices, such as light bulbs, bells and even parcels shipped from UPS. These devices, and their digital "brain", are typically made by unknown companies, many in developing countries, without the funds or capabilities – or the need for brand recognition – to incorporate strong security features.

Insecure "Internet of Things" devices have already contributed to major cyber-disasters, such as the October 2016 cyber attack on the internet routing company Dyn which has blocked more than 80 popular websites and blocked the internet traffic in the United States. The solution to this problem, in my opinion as a scholar of the "internet of things" technology, blockchain systems and information security, could be a new way to monitor and distribute security software updates using blockchains.

Making security a priority

Today's big tech companies are working hard to keep users safe, but they have been discouraging: thousands of complex software packages running on systems around the world invariably present errors that make them vulnerable to hackers. They also have teams of researchers and security analysts who try to identify and correct defects before they can cause problems.

When those teams discover vulnerabilities (either from their work or from others, or from user reports of malicious activity), they are well positioned to schedule updates and send them to users. Computers, telephones and even many programs from these companies periodically connect to their manufacturers' sites to check for updates and can download and even install them automatically.

Beyond the staff needed to track problems and make corrections, this effort requires huge investment. It requires the software to respond to automated requests, storage space for new software versions, and network bandwidth to quickly send it to millions of users. Here's how people's iPhones, PlayStations and copies of Microsoft Word all remain perfectly up-to-date with security fixes.

None of this is happening with the manufacturers of the next generation of Internet devices. Take, for example, Hangzhou Xiongmai technology, based near Shanghai, China. Xiongmai makes cameras and accessories connected to the Internet under its own brand and sells parts to other suppliers.

Many of its products – and many other similar companies – contained administrative passwords set at the factory and difficult or impossible to change. This left the door open to hackers to connect to devices created by Xiongmai, enter the preset password, take control of webcams or other devices and generate massive amounts of malicious Internet traffic.

When the problem – and its global scope – became clear, there was little Xiongmai and other producers could do to update their devices. The ability to prevent future such cyber attacks depends on creating a way in which these companies can quickly, easily and economically issue software updates to customers when defects are discovered.

A Potential Response

Simply put, a blockchain is a transaction -registering the computer database that is stored in many different places at once. In a sense, it's like a public bulletin board where people can publish transaction notifications. Each post must be accompanied by a digital signature and can never be modified or deleted.

I am not the only person who suggests the use of blockchain systems to improve the security of devices connected to the Internet. In January 2017, a group included the US giant Cisco, the German engineering company Bosch, Bank of New York Mellon, the Chinese electronic producer Foxconn, the Dutch computer security company Gemalto, and a number of startups blockchain formed to develop just such a system. [19659002] It would be available for device manufacturers to use instead of creating their own software upgrade infrastructure like technology giants. These smaller companies would have to periodically program their products to check with a blockchain system to see if there was any new software. They will then upload their updates securely as they develop them. Each device would have a strong cryptographic identity, to ensure that the manufacturer communicates with the right device. As a result, device manufacturers and their customers would know that the equipment would effectively maintain its updated security.

These types of systems should be easy to program in small devices with limited memory space and processing power. They would need standard ways to communicate and authenticate updates, to communicate hacker efforts to official messages. The existing blockchains, including Bitcoin SPV and Ethereum Light Client Protocol, look promising. And blockchain innovators will continue to find better ways, making it even easier for billions of "internet of things" devices to check in and automatically update their security.

The importance of external pressure

It will not be enough to develop blockchain-based systems that are able to protect "internet of things" devices. If device manufacturers do not actually use these systems, everyone's cyber security will still be at risk. Companies that produce cheap devices with reduced profit margins, so they will not add these levels of protection without help and support from outside. They will need technological assistance and pressure from government regulations and consumer expectations to shift from their current practices.

If it is clear that their products will not sell if they are no longer secure, unknown producers of "internet of things" will increase and make users and the Internet as a whole safer.


This article was originally published in The Conversation of Nir Kshetri. Read the original article here.

Source link