How Blockchain Can Improve Internet of Things Security

Two of the hottest technology trends today are the rise in Internet of Things (IoT) and blockchain adoption. A recent report by the Cloud Security Alliance (CSA) brings these two areas together—in a potentially good way.

The study by CSA, an organization that raises awareness of best practices to help ensure a secure cloud computing environment, examines the ways in which blockchain can facilitate and improve IoT security. Securing this highly connected environment, in which potentially thousands of objects will be linked via the Internet, is something many IoT practitioners are concerned about.

“Organizations on the forefront of implementing IoT are understandably encountering challenges in identifying appropriate security technologies that are capable of mitigating the unique threats that IoT presents,” noted Brian Russell, chair of the CSA IoT Working Group.

As the report points out, blockchain is a technology enabler that supports rapidly evolving crypto currencies such as BitCoin, Ethereum, Litecoin, Dash, and hundreds more. Its success as a foundation for crypto currencies has spawned new research aimed at securing systems and technologies using the distributed ledger.

DevOps Unbound Podcast

Most blockchain initiatives in the business context are limited to prototypes “that serve mostly to master the intricacies of this complex technology,” the report said. “Current applications only scrape the surface of their possible uses.”

Blockchain promises to increase speed, efficiency, and security of ownership transfer of digital assets; eliminate the need for central authorities to certify ownership and clear transactions; reduce fraud and corruption by providing a transparent and publicly auditable ledger; and reduce administrative cost using agreements that can automatically activate, secure, and certify trusted actions based on specific conditions, the report said.

The IoT has reached varying levels of maturity across sectors such as consumer, transportation, energy, healthcare, manufacturing, retail and financial, the report said, and is “having a major impact on how many companies conduct business and people go about their daily lives.”

Security has become a key stumbling block to widespread adoption or implementation of IoT, however.

IoT has long been associated with security weaknesses and challenges, and experts and organizations have begun exploring the use of blockchain to secure the IoT. In fact, blockchain holds great promise for securing connected devices and systems, according to Sabri Khemissa, co-chair for the Blockchain/Distributed Ledger Technology Working Group at CSA and the lead author of the report.

IoT devices can be configured either to make use of public blockchain services or to communicate with private blockchain nodes in the cloud over a secure application programming interface (API). Incorporating blockchain technology into the security framework of an IoT system allows IoT devices to securely discover each other, encrypt machine-to-machine transactions using distributed key management techniques, and validate the integrity and authenticity of software image updates, as well as policy updates, according to the report.

Based on various architectural patterns, an IoT device will communicate with a blockchain transaction node via an API, enabling even constrained devices to participate in the blockchain service. To ensure data security, organizations need to take care during the bootstrapping of an IoT device onto a particular blockchain service.

The researchers’ review of blockchain technology and the market initiatives available to develop it highlights five features to consider when securing the IoT using blockchain technology. These include scalable IoT discovery, trusted communication, message authentication/signing, IoT configuration and updates, and secure firmware image distribution and update.

As the report concludes, organizations implementing IoT solutions continue to experience challenges identifying security technologies and approaches sufficient to mitigate unique threats to IoT. Blockchain technology promises to play a major role in addressing these challenges.

Niche security vendors will begin to offer these services, but it is possible to take advantage immediately of the integrity and authenticity services provided by blockchain implementations.

While the report highlights features to consider when attempting to secure connected devices using blockchain technology, due to the hardware limitations of IoT the researchers said in a context of several hundred thousand or more IoT devices many of these devices could not serve as transaction nodes (generating transactions, providing consensus, etc.), and this would fall outside the secure blockchain.

Many devices will benefit from the security and other features offered by blockchain services through APIs from upstream transaction notes of networks or by specialized intermediaries, the study said. Those upstream capabilities can be used to secure IoT devices (configuration and update control, secure firmware update) and communications (IoT discovery, trusted communication, message authentication/signing).

As more organizations explore the potential benefits of the IoT and blockchain, it’s worth taking a look at how the two can work in unison to enhance data security.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Bogdan Botezatu. Read the original post at:

Integrated Security Data PulseMeter

Step 1 of 7

What percentage of your organization’s security data is integrated into a SIEM or data repository you manage? (Select one)(Required)