Could a blockchain really prevent malware in the Internet of Things?

22

6

This article claims that using a blockchain-based security system for an IoT network would prevent some types of attacks:

Blockchain technology may help offer an answer. Gada observes that blockchain offers inherent security not present in current, traditional networks. “Blockchain technology is seen as a way to add security and privacy to sensors and devices,” he states. “In traditional IT architectures, tampering can occur if a hacker is able to get through firewalls and other defenses built up by an organization. Once inside, tampering is often not recorded or noticed, and can occur unimpeded. This is simply not possible when using blockchain.”

Blockchain, Gada explains, is “a suitable solution in at least three aspects of IoT, including big data management, security and transparency, as well as facilitation of micro-transactions based on the exchange of services between interconnected smart devices.”

This seems like a bold, yet rather vague claim. How, exactly, would a blockchain system provide such protection to a network of connected devices? Are the benefits mainly due to the improved transparency of the public blockchain, or are there other benefits too?

Aurora0001

Posted 2017-01-12T20:32:47.543

Reputation: 11 277

Answers

25

Blockchain, Gada explains, is “a suitable solution in at least three aspects of IoT, including big data management, security and transparency, as well as facilitation of micro-transactions based on the exchange of services between interconnected smart devices.”

Big data management: I couldn't disagree more. Blockchains are inherently inefficient at processing and storing large amounts of data. All data must be relayed to and processed by every full node, and is stored forever by every archival node. Bitcoin transactions are tiny at about 250 byte a piece, and the Bitcoin blockchain is currently growing at a rate of about one gigabyte per week – it's now 117GB in size. Contrary to popular narrative, blockchains are a terrible solution to most problems that they are hyped to solve.

Security: Security of what? Blockchains like Ethereum and Bitcoin are secured by their protocols paying large rewards of native tokens to the validators. The validators in turn provide work by spending irretrievable resources, which would have to be replicated to change the recorded history. This makes their blockchain essentially write-only and immutable. Additionally, the rules make sure that only the owner of assets can reassign them.
From the excerpt, it neither becomes clear who would be validating the state of the network, nor what the supposed "assets" stored in the database would be or how the convergence and validation of the network would be incentivized.

Transparency: Agreed, open blockchains are public goods and every participant can be as transparent as they want.

Micro-transactions: It is very unlikely that micro-transactions will be solved directly on a blockchain. Again, we're talking about a terribly inefficient data structure that requires replication of all information in the network. Bitcoin transactions currently cost about $0.15 a piece. There is a real cost associated to storing every transaction forever on the blockchain. Second layer systems being built on top of blockchains such as Raiden on Ethereum and the Lightning Network on Bitcoin may provide cheaper micro transactions in the future, but even then each payment channel would need to be anchored to the blockchain with a blockchain transaction, so there is a palpable minimum value to be transferred before this becomes cost-effective.

I'd like to end with pointing out an article by Gideon Greenspan of MultiChain on Avoiding the pointless blockchain project. It seems to me that the proposed project here infringes on multiple points, e.g.:

  • We already trust the producer with the firmware, why then would we not trust them with updates of it?
  • For the same reason, why would we need multiple arbitrary writers? Aren't we just trusting the producer of the hardware anyway?
  • What sort of interaction is there between transactions?

It seems plausible to me that multiple publish-subscribe databases in combination with digital signature cryptography would offer the sought benefits. (But maybe I'm missing something.)


Update 2017-07-17: The paper Wüst, Karl, and Arthur Gervais. "Do you need a Blockchain?" makes explicit mention of IoT:

4.4.4 Internet of Things
[…] If computers supply values that were read from sensors to the blockchain, the blockchain does not guarantee the correctness of these values, i.e. if smart contracts behave according to values supplied by sensors, the sensors – and whoever controls them – necessarily need to be trusted. […] In other cases, the specific trust assumption have to be studied and evaluated carefully to determine whether the use of a blockchain provides additional value.

Murch

Posted 2017-01-12T20:32:47.543

Reputation: 366

4Blockchains != Bitcoin. Not all blockchains use Bitcoin. Bitcoin transactions are expensive, but it's possible to build blockchains that are much more efficient, for instance, by ditching the proof-of-work -- essentially, it just becomes hash chaining. (The term "blockchain" is more of a marketing term here than a strict technical term. Yes, I know it's lame to call it a "blockchain" when "hash chain" is a long-standing term from the technical community, but... marketing.) You lose something, but if all you care about is big data management, that might be OK.D.W. 2017-01-13T20:28:09.837

1@D.W.: Alright, my answer may be somewhat too focused on Bitcoin and POW, however, the cost is derived from the indefinite storage on all archival nodes, not the POW. So, I'm not sure that I get what you're trying to tell me.Murch 2017-01-14T01:39:49.303

22

Blockchains have applications on IoT devices, but there's nothing about IoT which makes blockchains more or less applicable.

The specific threats mentioned in the article are:

  1. Malware. Blockchain does nothing to prevent this. The router/camera/DVR vulnerabilities were mostly due to poor design. Firmware verification (when implemented, which is rare) is already solved through digital signatures. Even if you did distribute firmware through a blockchain, you still have to trust the single centralized entity putting the firmware on the blockchain in the first place, and so you're back to square one.

  2. Tampering. "tampering can occur if a hacker is able to get through firewalls and other defenses built up by an organization". This is a legitimate application of blockchain. There is no central authority that stores the ledger and so modifications on one instance of the ledger do not affect the remainder of the network. Even legitimate users cannot rewrite history without there being a record of the change.

In short, blockchain does nothing to address the problem of IoT malware.

Ian Howson

Posted 2017-01-12T20:32:47.543

Reputation: 321

1Preventing to get the malware to the device is a valid application.Helmar 2017-01-13T10:33:44.677

@Helmar Could you elaborate? I can't think of any way that a blockchain would prevent malware reaching the device.Ian Howson 2017-01-13T11:21:13.727

1In the sense of what you detail in point #2, if fire wall rules for example are propagated via block chain it might not be enough hack one firewall. Of course, we don't have a very specific environment we are discussing here.Helmar 2017-01-13T11:30:31.690

@Helmar Who distributes the firewall rules and why do we trust them? http://www.multichain.com/blog/2015/11/avoiding-pointless-blockchain-project/ is superb. Remember that many of the IoT camera problems were because the camera made a hole in the firewall as part of its intended function. The outside attacker did not 'hack' the firewall.

Ian Howson 2017-01-13T21:40:22.380

Yeah, many IoT devices are insecure by bad design.Helmar 2017-01-13T22:23:38.987

9

Blockchain technology provides a distributed transaction record. New data is appended to the chain and encrypted by multiple parties. The encryption process is compute intensive which makes it relatively hard for the data to be either corrupted or retrospectively modified.

The most well known application of the blockchain is in enabling financial transations without having to rely on a network of banks or other trusted parties, although banks are taking an interest in the blockchain and may soon be competing to contribute to contributing the majority of the encryption effort.

The most relevant application of the blockchain to IoT technology appears to be in distributing trusted items (keys, firmware, etc). Although the blockchain is hard to subvert, the compute effort required to verify it is also non-trivial. So as a communication mechanism, it has more strength in being able to detect tampering than in being hard to forge.

Facilitating micro-transactions certainly enables new functionality, but it is not clear that this scales well to all types of endpoint any more than any other payment technology.

Sean Houlihane

Posted 2017-01-12T20:32:47.543

Reputation: 7 357

9

  1. Big data management

    Blockchain is distributed network so the blockchain file can get very large. Right now the Bitcoin blockchain is about 50 gig. Do you want small devices to have 50 GB of data each? I don't think so.

  2. Security

The security is there, but it is provided by miners. Who is going to verify all these IoT transactions?

  1. Transparency

    All transactions are recorded on the blockchain, because its a distributed ledger.

  2. Micro-transactions

    Blockchain can handle transactions since it is a distributed ledger.

Patrick

Posted 2017-01-12T20:32:47.543

Reputation: 191

6

How, exactly, would a blockchain system provide such protection to a network of connected devices?

Below is a quick breakdown with a source explaining with an example in more detail but essentially it makes it so there are multiple approvers that approve a transaction, some level of access, etc. so if something slips through the cracks of one, it still has to make it through the other levels of approval.

World Economic Forum explains it on their website as follows:

What is blockchain?

Currently, most people use a trusted middleman such as a bank to make a transaction. But blockchain allows consumers and suppliers to connect directly, removing the need for a third party.

Using cryptography to keep exchanges secure, blockchain provides a decentralized database, or “digital ledger”, of transactions that everyone on the network can see. This network is essentially a chain of computers that must all approve an exchange before it can be verified and recorded.

How does it work in practice?

In the case of Bitcoin, blockchain stores the details of every transaction of the digital currency, and the technology stops the same Bitcoin being spent more than once.

picture about how blockchain works

From World Economic Forum: All you need to know about blockchain, explained simply

Facebook

Posted 2017-01-12T20:32:47.543

Reputation: 295

4

The fundamental purpose of blockchain is not building a distributed ledger or a distributed database. The basic thing that people find hard to understand is that blockchain is not an ultimate architecture that solves every problem of their. But, It's just a tool that offers some features. Use it, only if it suits you.

Definitely not good for Big data storage.

I don't fully agree with others that it can't be used in IoT Malware Analysis.

I give you a case where it can be used in Malware Protection,

You have done some data analysis on the data moving through your IoT device and you say that particular set of data bits are malicious. You put that information into the ledger. Now others claim that it is not. Using a consensus mechanism of blockchain we can figure out what are the malicious bits present. Also, since these updates were real time, you do not need for your particular antivirus software to update their definitions as now you are using a transparent ledger open to all and updated by consensus. Also, since we would be putting limited data the transaction costs won't go that high.

user144880

Posted 2017-01-12T20:32:47.543

Reputation: 41

1

If the overall cyber security as well malware breach points you're all referring too, requires that of simple IP to IP connections, or LAN spreads, of ports which are not necessarily open at all times, but once either an active session on the server side either opens an/ the range of ports (that of a service, remote connection, etc) a user(s) could commit and xfer a payload of packets, resulting in an authorized login or command received and executed server side.

Take the very first step into account, the genesis of all basic data transmission, resulting with either a denial or OK verification result;

A) first request from client to server for a RDP connection via preset port

B) client-side receives either auth or denial packet(s), login or fail; that is a generic and basic use case

Inject C) Hypothetical session with A + B, but include a MITM attack vector. https://github.com/citronneur/rdpy

Justification: Rdpy is an open source python script that allows one to hijack windows RDP sessions and perform MITM attacks, to record communication and display actions performed on servers. This tool could not only perform the 'Man In The Middle' proxy functionality but also allows to run an RDP honeypot to make the attackers system run a fake RDP session.

Rdp Honeypot will set the daemon that you can use on the network for testing purposes or to detect suspicious activities such as worm attacks or any machine that is running brute force on the network. RDPY is fully implemented in python, except the bitmap decompression algorithm which is implemented in C for performance purposes, this provides a honeypot.

Inject D) Blockchain / Crypto integration hypothesis: If the RDP host on server-side is accessible via the desired and chosen port, then one would technically write something similar to that of an Dapp execution style call, or script. Where inherently, this would allow the client side initial request packet(s) to contain what the server-side/ Dapp listening daemon requires to then open the required port(s). The client side transmit an encrypted layer containing the proper authorization token(s)/ and or "coin(s)", of which are decrypted and then sequentially verified via the server-side blockchain that either a) the entire private server-side blockchain a precompiled set of scripts and pre-built modules, to allow for a pre-generated and auto-deployed token amount; which directly in turn is what the client-side genesis token based pool was spawned from

(We can go into this and how pre-set and pre-mined block ranges are how client transmits it's Auth pattens, but we won't for that if time's sake, and due to my thumbs on this qwerty phone keyboard are hurtin'.)

So, once the individual coin/ range of blocks, etc, are authorized on both sides ---> the Dapp variables and pre-written code, which have proper chmod access, can spawn many things server-side, from opening ports, load virtual machines, anything you can dream of.

BMG Consulting

Posted 2017-01-12T20:32:47.543

Reputation: 11

2That doesn't make it clear to me how the blockchain helps with authorization. If the client already has the proper authorization that's basically the same as PKI client certificates or any properly secured client secret.Helmar 2017-09-03T21:54:24.347

1

Yes. IoT devices (e.g. wifi thermostat) with no open/listening ports, such as telnet or http, usually dial into a central server, and stay connected to that server 24/7. When you are abroad, the thermostat app on your smartphone contacts the same CENTRALIZED server when you want to change the temperature, and that server relays the command back to the thermostat at your house. If hackers compromise that server, they have control of the thermostats. It was in Mr. Robot season 1. You can use certain blockchains, such as Ethereum, to interact with an IoT device, instead of a using a centralized server. An example is the SlockIt ethereum door lock

GusGorman402

Posted 2017-01-12T20:32:47.543

Reputation: 409