The significant cultural and technological shift of the Internet of Things’ deep embedment into people’s lives, bodies, homes and almost everything else they touch has allowed for efficiency, flexibility and convenience with our day-to-day lives.
That connectivity is an incredible thing, but one major question remains within the burgeoning IoT industry: how do companies secure all of this data?
Consider the information at stake. Wi-Fi-enabled security cameras can give real-time information about when and if someone’s home. Same with internet-connected alarm systems.
Even a smart TV has valuable information as information on Netflix and Amazon accounts can lead to a credit card or identity details.
Of course, the mother of all identity concerns comes from the smartphone: a centralised resource of account information that can connect with almost all smart devices, a smart home and even a car – something that becomes even more vulnerable as the age of self-driving cars approaches.
Recently, a CBS 60-Minutes story demonstrated the multitude of capabilities of a hacker that only has a person’s phone number.
It’s clear that the Internet of Things presents security concerns in ways that seemed unthinkable just a decade ago. The solution, though, may stem from one of the most unique innovations of the digital era: the blockchain.
Originally developed as part of the bitcoin digital currency platform, the open blockchain model has inherent transparency and permanence. These are essential to creating a secure means of direct authentication between smart devices.
The model currently used for Bitcoin can be propagated into other applications – any industry that requires archival integrity can adopt the blockchain.
For the Internet of Things, a blockchain can be created to manage device identity to prevent a spoofing attack where a malicious party impersonates another device to launch an attack to steal data or cause some other mayhem.
Blockchain identity chains will enable two or more devices to be able to communicate directly without going through a third-party intermediary, and in effect make spoofing more cost prohibitive.
Regarding this type of authentication, the model allows users to synchronise multiple devices against a single system of authority that is distributed and censorship resistant.
This would apply to an open blockchain, not permissioned or private. The identity chain, created for each device, is a permanent record. Through cryptography, only validated devices receive access. As new devices are added, their identity records become part of the blockchain for permanent reference.
Any change to a device configuration will be registered and authenticated in the context of the blockchain validation model, ensuring that any falsified records can be caught and ignored.
This is a new technology and will take some time to move from testing into our everyday lives. Many industry leaders and governments will begin testing this year. Beyond whether or not the tech works, many stakeholders will need to get on board.
An industry conglomerate that agrees on a blockchain design would be helpful. Having all the Internet of Things devices write to the same source or have systems that are interoperable will be critical.
It’s not necessarily that every Internet of Things device manufacturer or software developer write data to the same blockchain – instead, it could go further upstream and be an agreement between OEM manufacturers of essential components that are used in the authentication process flow.
In addition to baseline authentication (device model, serial number, etc.), the blockchain can create records of any data it generates – for example, a smart front door lock can have a transaction log of video activation when someone exits/enters the home or unlocks it remotely.
Each item in the history creates another historical link in its respective identity chain that can provide further data to use for authentication matching. If someone with malicious intent was to try and change the protocol of the door lock without the correct credentials or there was a change in the configuration, the blockchain validation model would not allow for the door lock to be changed.
An important component of the blockchain’s effectiveness comes from its standing as a public record, with user nodes all auditing the same record. Of course, with a public record, there will always be privacy concerns over sensitive data.
However, the blockchain protects against this through the use of one-way hashes. In the blockchain world, a cryptographic hash function is a mathematical algorithm that maps data and shortens its size to a bit string, “a hash function”, which is also designed to be one-way and infeasible to invert. This means it is nearly and practically impossible to obtain the content of a hash without the source data.
The Internet of Things is still a new industry, but it will become more pervasive and significant as technological innovations turn science fiction into people’s everyday lives. At this early stage, it’s critical to establish a scalable solution that will push the industry forward as the volume of connected devices grows exponentially.
Blockchain represents a unique type of solution, one that is established as a secure means of protecting financial data but flexible enough to be applied to any high-stakes record keeping.
With the Internet of Things demonstrating the ability to connect just about every aspect of a person’s life, it truly doesn’t get any more high stakes than that.
Sourced from Tiana Laurence, co-founder and CMO, Factom, Inc.