blockchain for internet of things security and privacy

www.data61.csiro.au

BlockchainforInternetofThingsSecurityandPrivacyProfRajaJurdakSeniorPrincipalResearchScientistResearchGroupLeader,DistributedSensingSystems

DistributedSensingSystemsGroup

• 45researchers,postdocs,engineers,andstudents

BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak3 |

IoT security and privacy is challenging

4 |

• Heterogeneity in device resources• Multiple attack surfaces• Centralization• Scale • Context specific risks• Poor implementation of

security/privacy mechanisms in off-the-shelf products

IoT Privacy and Security Challenges

BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak

5 |

• Heterogeneity in device resources• Multiple attack surfaces• Centralization• Scale • Context specific risks• Poor implementation of

security/privacy mechanisms in off-the-shelf products

IoT Privacy and Security Challenges


a possible solution

Blockchain Features

6 |

• A distributed immutable time-stamped ledger

• Creates a secure network over untrusted users

• Changeable PKs as users identity introduce high level

privacy

• Demands for solving a puzzle to append blocks to the

BlockChain (mining)


Blockchain challenges in IoT

7 |

BlockChain IoT Resource Consuming Mostly devices are resource restrictedBlock mining is time consuming Demands low latencyBlockChain scale poorly with large networks

IoT is expected to contain a large number of nodes

BlockChain has high bandwidth consumption

IoT devices have limited bandwidth and resources


Blockchain for IoT

8 |

• Hierarchical structure: resource optimization, scalability

• Limited nodes process BlockChain: processing overhead


Dorri,Kanhere,Jurdak, IOTDI,2017

Blockchain for IoT Features

9 |

Data and transactions flow separation: decrease

delay, resource optimization

Reduce processing: Distributed trust between CHs

Two tiers of BlockChain: linked for further

applications


Smart Home Transactions

10 |

LBM

Local Immutable Ledger

Indirectly accessible

IoT devices: security,

resource optimization


Dorri,Kanhere,Jurdak, Percom,2017

Transactions handling

11 |

CHs


12 |

CHs

Transactions handling


Comparison with Classical Blockchain

13 |

Our BlockChain Vs Bitcoin BlockChain

Feature BitcoinBlockChain Immutable Ledger PublicBlockChain

Mining requirement POW None None

Forking Notallowed Allowed Allowed

Doublespending Not acceptable Not applicable Notapplicable

Encryption Asymmetric Symmetric Asymmetric

BlockChain visibility Public Private Public

Transactiondissemination

Broadcast Unicast Unicast/Multicast


Security and privacy analysis

14 |

Accessibility threats

• DDOS attack

– Devices are not directly

accessible

– Home manager controls all

incoming and outgoing

transactions

– Keylists on CHs

– Target threshold of received

transactions



15 |

Accessibility threats

Appending attack Dropping attack



16 |

Anonymity threats

• Linking attack


Performance evaluation

17 | BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak

We conduct simulation using NS3 to study the trust method

50 nodes in which 13 are CHs

0

10

20

30

40

50

60

70

80

90

100

0

0.05

0.1

0.15

0.2

0.25

1 10 20 30 40 50 60

Perc

enta

ge o

f tra

nsac

tions

to b

e ve

rifie

d

Proc

essi

ng ti

me (

s)

Blocks in the overlay BC

Without trust Our method Trust

OtherIoTApplications

18 |

- Futureconnectedandautonomous vehicles- Smartgrids- …

6

As shown in Fig.2, these roles are SW providers, OEMs, cloud storages (CS), and vehicular interfaces (VI) representing either smart connected vehicles or local SW update providers such as service centers or vehicle assembly lines.

OEMCloudStorageServiceCenter

SW Provider

VehicleInter-ClusterIntra-Cluster

Overlay

Fig. 2. The proposed BC-based architecture to securely interconnect all involved parties. The cloud storage is essential for our architecture as it serves as a repository for

storing new SW images sent by the SW provider or the OEM, and furthermore handles the data download to the VIs. In our architecture, the cloud storage pro-vides a sophisticated authentication mechanism to ensure that only authorized en-tities can write, adapt and download a specific SW image.

All aforementioned entities are interconnected using the overlay network. This clustered network allows unicast as well as broadcast data streams and is able to provide suitable message flows for all different data exchanges involved in the SW distribution process. As described in Section 2.2, the overlay network basical-ly interconnects different (e.g., geographical) clusters encompassing one CH and numerous CMs. Thereby, a CH acts as gateway for messages sent from a CM of a specific cluster (e.g., CM1 in cluster A) to CM or CH of another cluster (e.g., CM2 in cluster B). In our architecture, a CM and a CH can occupy specific roles such as acting as OEM, CS, or VI. However, as a CH besides its dedicated role al-so has to maintain its local BC, it is very unlikely that a vehicle would act as a CH due to its resource constraints and the fact that a vehicle is mobile and therefore not able to be connected to the overlay at all times. Our architecture uses two types of messages: i) transactions and ii) blocks for implementing OTA updates.

Transactions are used to initialize the BC system (genesis transaction) and to handle the SW distribution process (update transaction). The latter is required to inform the OEM (i.e., when sent by the SWP) as well as the concerned VIs (i.e., when sent by the OEM) about newly available SW. Update transactions thus play a vital role in our architecture as they contain required information for both the OEMs and the VIs: it contains the identities of the SW provider as well as of the OEM (i.e., their PKs and signatures), the transaction ID (i.e., hash representation of the transaction), the ID of the previously created transaction (the genesis trans-action for the very first update transaction), and the metadata field. The metadata


M. Steger, A. Dorri, S. Kanhere, K. Romer, R. Jurdak, and M. Karner, “BlockChains securing Wireless Automotive Software Updates – A proof of concept,” To appear in Proceedings of the 21st International Forum on Advanced Microsystems for Automotive Applications (AMAA 2017), Berlin Germany, September 2017.

• BlockchainarchitectureforIoTsecurityandprivacy• Maintainsblockchainbenefitswithlightweightdesign• Usesdistributedtrusttoreduceblockvalidationload• BroadlyapplicabletootherIoTapplications

• Futurework• Implementandevaluatearchitectureempirically• Methodsforfurtherscalabilityacrossnetworksizeandduration

Summary

19 | BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak

www.data61.csiro.au

RajaJurdak,PhDSeniorPrincipalResearchScientist&ResearchGroupLeader,DistributedSensingSystemsCyberphysicalSystemsProgramt +61733274355e [email protected] http://research.csiro.au/dss

Thankyou

References

21 |

[1]: Nakamoto, Satoshi. "Bitcoin: A peer-to-peer electronic cash system." (2008): 28.[2]: Wood, Gavin. "Ethereum: A secure decentralised generalised transaction ledger." Ethereum Project

Yellow Paper 151 (2014).[3]: Brambilla, Giacomo, Michele Amoretti, and Francesco Zanichelli. "Using Block Chain for Peer-to-

Peer Proof-of-Location." arXiv preprint arXiv:1607.00174 (2016).[4]: Hashemi, Sayed Hadi, et al. "World of Empowered IoT Users." 2016 IEEE First International

Conference on Internet-of-Things Design and Implementation (IoTDI). IEEE, 2016.Our other publications

[1]: Ali Dorri, Salil S. Kanhere, and Raja Jurdak. “Towards an Optimized BlockChain for IoT”, Second IEEE/ACMInternational Conference on Internet-of-Things Design and Implementation (IoTDI) 2017 (to be presented inApril 2017)

[2]: Ali Dorri, Salil S. Kanhere, Raja Jurdak, and Praveen Gauravaram. “Blockchain for IoT Security and Privacy: The Case Study of a Smart Home”, The 2nd IEEE Percom workshop on security privacy and trust in the Internet of things, 2017.

[3] Ali Dorri, Marco Steger, Salil S. Kanhere, and Raja Jurdak (2017). BlockChain: A distributed solution to automotive security and privacy. arXiv preprint arXiv:1704.00073.


blockchain for internet of things security and privacy

Documents