The “Internet of Things” is here and has more data on you than you may know. The significant cultural and technological shift of this deep embedment into our lives, bodies, homes and almost everything else we touch has allowed for efficiency, flexibility and convenience with our day-to-day lives. That connectivity is an incredible thing, but one major question remains within the burgeoning IoT industry: how do companies secure the data collected on you?
Consider the information at stake. Your Wi-Fi-enabled security cameras can give real-time information about when and if you’re home. Same with your Internet-connected alarm system. Even a smart TV has valuable information; it’s connected to your Netflix or Amazon account. Any account information on these accounts can lead to a credit card or identity details. Of course, the mother of all identity concerns comes from the smartphone: it’s a centralized resource of account information that can connect with almost all smart devices, your smart home and even your car — something that becomes even more vulnerable as the age of self-driving cars approaches.
Recently, a CBS 60 Minutes story demonstrated the multitude of capabilities of a hacker that only has a person’s phone number.
It’s clear that the IoT age presents security concerns in ways that seemed unthinkable just a decade ago. The solution, though, may stem from one of the most unique innovations of the digital era: the blockchain.
Originally developed as part of the Bitcoin digital currency platform, the open blockchain model has inherent transparency and permanence. These are essential to creating a secure means of direct authentication between smart devices. The model currently used for Bitcoin can be propagated into other applications — any industry that requires archival integrity can adopt the blockchain. For the IoT industry, a blockchain can be created to manage device identity to prevent a spoofing attack where a malicious party impersonates another device to launch an attack to steal data or cause some other mayhem. Blockchain identity chains will enable two or more devices to be able to communicate directly without going through a third-party intermediary and in effect make spoofing more cost prohibitive.
Regarding this type of authentication, the model allows users to synchronize multiple devices against a single system of authority that is distributed and censorship resistant. This would apply to an open blockchain, not permissioned or private. The identity chain, created for each device is a permanent record. Through cryptography, only validated devices receive access. As new devices are added, their identity records become part of the blockchain for permanent reference. Any change to a device configuration will be registered and authenticated in the context of the blockchain validation model, ensuring that any falsified records can be caught and ignored.
This is a new technology and will take some time to move from testing into our everyday lives. Many industry leaders and governments will begin testing this year. Beyond whether or not the tech works, many stakeholders will need to get on board. An industry conglomerate that agrees on a blockchain design would be helpful. Having all the IoT devices write to the same source or have systems that are interoperable will be critical. It’s not necessarily that every IoT device manufacturer or software developer write data to the same blockchain; instead, it could go further upstream and be an agreement between OEM manufacturers of essential components that are used in the authentication process flow.
In addition to baseline authentication (device model, serial number, etc.), the blockchain can create records of any data it generates — for example, a smart front door lock can have a transaction log of video activation when someone exits/enters the home or unlocks it remotely. Each item in the history creates another historical link in its respective identity chain that can provide further data to use for authentication matching. If someone with malicious intent was to try and change the protocol of the door lock without the correct credentials or there was a change in the configuration, the blockchain validation model would not allow for the door lock to be changed.
An important component of the blockchain’s effectiveness comes from its standing as a public record, with user nodes all auditing the same record. Of course, with a public record, there will always be privacy concerns over sensitive data. However, the blockchain protects against this through the use of one-way hashes. In the blockchain world, a cryptographic hash function is a mathematical algorithm that maps data and shortens its size to a bit string, “a hash function,” which is also designed to be one-way and infeasible to invert. This means it is nearly and practically impossible to obtain the content of a hash without the source data.
The Internet of Things is still a new industry, one that will become more pervasive and significant as our technological innovations turn science fiction into our everyday lives. At this early stage, it’s critical to establish a scalable solution that will push the industry forward as the volume of connected devices grows exponentially. The blockchain represents a unique type of solution, one that is established as a secure means of protecting financial data but flexible enough to be applied to any high-stakes record keeping. With the IoT age demonstrating the ability to connect just about every aspect of a person’s life, it truly doesn’t get any more high stakes than that.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.