Legal-Sultan1 assignment

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/333255641

IOT Security Issues Via Blockchain: A Review Paper

Conference Paper · March 2019

DOI: 10.1145/3320154.3320163

CITATIONS

4 READS

2,351

3 authors, including:

Some of the authors of this publication are also working on these related projects:

Blockchain in Internet of things View project

Abid Sultan

University of Sargodha

5 PUBLICATIONS   11 CITATIONS   

SEE PROFILE

Muhammad Azhar Mushtaq

University of Sargodha

9 PUBLICATIONS   12 CITATIONS   

SEE PROFILE

All content following this page was uploaded by Muhammad Azhar Mushtaq on 30 September 2019.

The user has requested enhancement of the downloaded file.

IOT Security Issues Via Blockchain: A Review Paper Abid Sultan

Department of CS & IT University of Sargodha, Sub- Campus Bhakkar, Pakistan

+92-453-220072

Abidsultan006@gmail.com

Muhammad Azhar Mushtaq Department of CS & IT

University of Sargodha, Sub- Campus Bhakkar, Pakistan

+92-453-220072

Azhar.mushtaq@uos.edu.pk

Muhammad Abubakar Department of CS & IT

University of Sargodha, Sub- Campus Bhakkar, Pakistan

+92-453-220072

Abubakar.shibly@gmail.com

ABSTRACT In the past few years block chain has gained lot of popularity

because blockchain is the core technology of bitcoin. Its

utilization cases are growing in number of fields such as security

of Internet of Things (IoT), banking sector, industries and

medical centres. Moreover, IoT has expanded its acceptance

because of its deployment in smart homes and city developments

round the world. Unfortunately, IoT network devices operate on

limited computing power with low storage capacity and network

bandwidth. Thus, they are extra close to attacks than other end-

point devices such as cell phones, tablets, or PCs. This paper

focus on addressing significant security issues of IoT and maps

IoT security issues in contradiction of existing solutions found in

the literature. Moreover issues that are not solved after

implementation of blockchain are highlighted.

CCS Concepts • Computer systems organization → Embedded and cyber-

physical systems → Embedded systems.

• Networks → Network properties → Network reliability

Keywords Blockchain, IoT, Network Security, Data security, LLNs &POW

1. INTRODUCTION In today’s era, technologies have revolutionized the living

standard of our society. This is often because of innovation in

communication and semiconductor technologies, which permit

devices to be connected over a network and alter the way of

connectivity between machines and humans. Such a trend is

usually noted as Internet-of-Things (IoT) [15].

With the fast rise of brilliant devices and high-speed networks,

the IoT has gained wide acceptance and fame because it uses the

standard called low-power lossy networks (LLNs). These LLNs

have the potential to use the limited resource by consuming very

low power [1] [2]. The devices in IoT may be controlled

remotely to perform the specified function. The data sharing

among the devices takes place through the network that uses the

standard protocols of communication. The well-connected

devices or “things” vary from easy wearable accessories to huge

machines which contain detector (Sensor) chips [14].

However, as it becomes popular the connectivity between

devices is increasing, and also the computing infrastructure can

become additionally complicated. This complication can give a

rise to vulnerabilities for the cyber-attacks. In IoT, the physical

devices are placed in unsecured environments which could be

defenceless from hackers thus giving them the opportunity to

alter the information that transmits over the network. Therefore,

device authorizations and information root would be a vital issue.

In last few years blockchain has begun as the technology that

have many characteristics to solve different issues faced by IoT

network devices. Blockchain keeps a distributed database of

records. In which proof of work between the network nodes is

completely deprived of a

third party. This will help in solving the problem of single point

of failure. Network transaction records are immutable and can be

founded via the history of IoT network which finally helps to get

the attraction by trust of public in the IoT network. This Public

trust have a vital role for the public financial transactions,

introductory for a new world of distributing economy in the

Internet of Things domain [8] [14] [3] [18].

The blockchain is sequences of blocks that hold all transaction

record occuring in a blockchain network. As described in

figure.1 each block contains block header and block body/

transaction counter. Block header contains the following;

1. Block version which indicates the software version

and validation rules.

2. Merkle Tree root hash represents the hash value of

the transaction and summary of all transaction.

3. Timestamp consists of current universal time since

January 1970.

4. N-Bits define the number of bits required for

transaction verification.

5. Nonce is any 4-byte number which starts from 0 and

increases for every hash of the transaction.

6. Parent block hash holds the hash value which

indicates the previous block.

Transaction counter is capable of covering all the transaction and

a maximum number of the transaction depends upon the block

size [12].

Blockchain technology referred as a public ledger and all

completed transactions are recorded in a list of blocks. This

chain of blocks grows as new blocks are added to chain

continuously. Public key cryptography and distributed consensus

algorithms implemented for user security. The blockchain

technology has key characteristics of decentralization,

persistency, anonymity, and auditability. With these

characteristics, blockchain can save the cost and increases the

effectiveness [12].

This paper is ordered as follows. Section 2 covers the

Blockchain properties where as section 3 highlights its

characteristics. Different security necessities and issues are

Permission to make digital or hard copies of all or part of this work for

personal or classroom use is granted without fee provided that copies are

not made or distributed for profit or commercial advantage and that

copies bear this notice and the full citation on the first page. Copyrights

for components of this work owned by others than ACM must be

honored. Abstracting with credit is permitted. To copy otherwise, or

republish, to post on servers or to redistribute to lists, requires prior

specific permission and/or a fee. Request permissions from

Permissions@acm.org.

ICBCT 2019, March 15–18, 2019, Honolulu, HI, USA

© 2019 Association for Computing Machinery.

ACM ISBN 978-1-4503-6268-9/19/03…$15.00

DOI: https://doi.org/10.1145/3320154.3320163

60

covered in section 4 and section 5 provides the solution of

security issues using blockchain. Section 6 describes the

problems that are not solved by blockchain. Finally in Section 7

conclusion and future work is presented.

Figure 1. Block Architecture [12].

2. BLOCKCHAIN PROPERTIES

2.1. Blockchain Working Steps 1. Nodes communicate with the blockchain network via a

combination of private & public keys. Theuserusesitsown

private key to digitally sign its own transactions and then can

access the network via the public key. Each signed transaction is

broadcast by a node that makes the transaction [3].

2. The transaction is then verified by all nodes within the

blockchain network except the node that makes the transaction.

During this step, any invalid transactions are discarded. It’s

known as verification.

3. Mining is the third step in which every legitimate transaction

is collected by the network nodes during a fixed time into a

block and implements a proof-of-work to find a nonce for its

block. Once a node finds a nonce, it broadcasts the block to all

participating nodes [4].

4. Each node collects a newly generated block and confirms

whether the block contains (a) legal transactions and (b) declares

the accuracy of parent block by utilizing the hash value. After

the completion of confirmation, nodes will add the block to the

blockchain and apply the transactions to bring the blockchain

up-to-date. In case, if the block is not confirmed, the projected

block is rejected. This ends the existing mining round [3].

2.2. Verification Blockchain technology ensures the elimination of the duplication

issues by taking assistance from asymmetric cryptography which

contains a public and a private key. The private key is kept

secret from other nodes whereas the public key is shared among

all other nodes [5]. Moreover, the transaction (step 1) is digitally

signed by a node that creates the transaction which is

broadcasted to the entire blockchain network. All receiving

nodes will verify the transactions by decrypting the signature

with a public key of the initializing node. The transaction is

verified by the verification of signature which indicates the

initializing node is not modified.

2.3. Proof-of-Work (POW) The proof-of-work (figure 2) contains the process of finding a

value that is hashed with Secure Hash Algorithm 256. The

typical work needed is exponential within the variety of zero bits

needed and confirmed by running the hash algorithm. In an

exceeding blockchain network, all nodes implement the proof-

of-work for every mining process by increase a nonce value

within the block till a value is founded that offers the block’s

hash desired bits. Once the system unit effort has been spent to

satisfy the proof-of-work, the block can't be modified until not

redoing the work.

Blockchain feature distributed IoT information management can

provide users the choice of sharing the information with third

party entities. The target is to supply a distributed information

access model for IoT, that ensures that user-data isn't assigned to

centralized entities or corporations [4].

Figure 2. Proof of Work.

3. CHARACTERISTICS OF BLOCKCHAIN

3.1. Decentralization In centralized transaction processing environment, each

transaction needs to be validated through the centralized trusted

party (e.g., banking system), that result into high-cost and low

performance at the central point. With respect to the centralized

IoT model, the third party is no longer needed in the blockchain.

Consensus algorithms in blockchain are used to maintain data

integrity and consistency [12].

3.2. Persistency Once a transaction record is validated by a miner node (special

nodes that validate the transaction) in a blockchain network its

copy is broadcast on the entire network and that record is not

deleted or rollback from entire blockchain [12].

3.3. Anonymity In Blockchain, nodes interact with the network using a public

key that addresses the node on the entire blockchain network by

keeping the real identities of the user as a secret [12].

3.4. Security Blockchain uses the asymmetric cryptographic technique to

secure the entire network. Asymmetric or public key

cryptography contain 2 keys one public key and second private

key. The public key is used by the node to address the

blockchain network and the private key is used by the node to

sign the transaction that it initiates. The identity of transaction

creator node is verified by using its public key.

3.5. Scalability or More Addressing Space AS scalability is concerned blockchain contains 160-bit address

space as compared to 128 bit in IPv6. These 160-bits are

generated by ECDSA (Elliptic Curve Digital Signature

Algorithm). Blockchain has 4.3 billion more Addresses over

IPv6 [8].

61

3.6. Resilient Backend Every distributed node within the blockchain IOT network

maintains a replica of the whole ledger. This helps in

safeguarding the network form any potential failures and attacks [10].

3.7. High Efficiency Since the transaction removes the involvement of the third party

and may proceed in low-trust condition, the time spent to verify

a transaction will be decreed whereas the efficiency will be

increased [11].

3.8. Transparency Changes made to public blockchain network are publicly

viewable by all participants in the network. Moreover, all

transactions are immutable, meaning they cannot be altered or

deleted [9].

3.9. Smart Contract The smart contract is one of the most efficient aspects of the

Ethereum introduced by Nick Szabo in 1994 [7]. Using smart

contract programs are written in which access rights and

different policies are defined. Many programming languages are

supported by Ethereum to write smart contracts such as Solidity

[13].

4. SECURITY NECESSITIES FOR IOT

OR ISSUES

4.1. Data Privacy Because of a diversified integration of services and network, the

data recorded on a device is vulnerable to attack by

compromising nodes existing in associate IoT network.

Moreover, an attacker can access the data without owner

permission [14].

4.2. Data Integrity In a centralized client-server model, the attacker may gain

unauthorized access to the network and change the original data

or information and forward it. For example, X sends data to Y,

Z the middle guy might get data first and forward the data after

modification [14].

4.3. Third Party Data collected in a centralized environment is stored and

controlled by a third centralized entity that may miss use this

data or provide it to someone else.

4.4. Trusted Data Origin In IoT environment, it is difficult to know the origin of data and

data might be altered during the transmission by anyone.

4.5. Access Control Access control is one off the main issue in IoT network. It is

difficult to define in IoT network that which node has the right

to access and perform a different function with data.

4.6. Single Points of Failure Continuous growth of centralized networks for the IoT based

infrastructure could expose single-points-of-failure. As all data

of the entire network is stored and verified by a central authority

in the case, if the central point fails or goes down the whole

network is disturbed [14].

4.7. Scalability IoT connects a large number of sensors and other devices for

information sharing and a large number of applications via the

internet. It challenges the structure and the rapid growth of the

system to meet scalability.

4.8 Illegal use of Personal Data. IoT device are basically sensors and implanted chips that gather

individual, important information and convey it through the

internet. The gathered information is stored in a central database

of any firm. This data exposes the personal performance of users;

confidentiality of users is at risk as firms might use the data

illegally [16] [6]. An example of such confidentiality misuse is

PRISM Surveillance program.

4.9 IOT Network Information Sharing. The information gathered by IoT network devices are recorded

distinctly for the purpose of analysis. Information sets may

contain IoT devices network data load or their functioning logs.

To confirm the efficiency of tools and tests, open accessibility of

information plays a vital role. So, every time these information

sets are openly shared their integrity is significant.

5. BLOCKCHAIN SOLUTIONS FOR IOT

5.1. Data Integrity The blockchain is a peer-to-peer network in which all nodes

have the same copy of records. When a transaction is initiated,

initiator node signs the transaction with its private key and sends

to other nodes for validation. All other miner nodes take part

invalidation process and try to find nonce. The node which finds

the nonce first has the right to validate and get a reward.

Moreover, the newly created block will be broadcasted to all

other nodes of the entire network. Once the record is loaded in

blockchain it cannot be modified or deleted [10].

5.2. Data Privacy Consortium blockchain used to provide data privacy in a

blockchain network. As in figure.3,nodes used for a particular

purpose are combined together to form a private

network/sidechain. Each sidechain is responsible to manage its

own IoT data. Nodes that are participating in one sidechain are

not allowed to take part in the validation process of other

sidechains. In order to access the data of consortium blockchain

network the node first need to register and become part of that

sidechain network. Consortium blockchain has access control

and prevents unauthorized access [6].

Figure 3. Consortium Blockchain Network.

5.3. Addressing Space Blockchain contains 160-bit address space as compaired to 128

bit in IPv6. These 160-bits are generated by ECDSA (Elliptic

Curve Digital Signature Algorithm). Blockchain has 4.3 billion

more addresses than IPv6 thus providing more addressing

spacing than IPV6 address [8].

62

5.4. Trusted Accountability. Every operation record must be uploaded to the blockchain

network. This gives every operation an identity and each

operation is traceable. When an abnormal behaviour is detected

in an entity, blockchain will be used for an additional

investigation [10].

5.5. Fault Tolerance Decentralized devices are less likely to fail accidentally because

they rely on many separate components. The blockchain is a

point to point decentralizing network, in it, every device has the

same copy of a record that’s why the failure of a single node has

no effect on the network. So, blockchain prevents from a single

point of failure.

5.6. Trusted Data Origin In order to track data in the blockchain network, a unique id is

assigned to each IoT device. Data collected from a device is

associated with its id and after calculating a hash on data, the

data is submitted to the entire network. This becomes the basis

for trusted data origin [10].

5.7. Removing Third-Party Risks Blockchain technology makes the devices capable of performing

operations without the intermediary or third party, thus making it

risk-free from a third party [4].

5.8. Access Control By using smart contract, programs for blockchain can be

developed in which access rights and different policies are

defined. Example a rule is set when the meter reaches to 135

KW, devices will enter in energy saving mode [7].

5.9 Illegal Use of Personal Data. Illegal use of personal data can be prohibited with the use of

blockchain. As Blockchain Peer to Peer (P2P) storing systems

can verify and record all actions accomplished on IoT network

data [16]. The aim is to deliver decentralized storage wherever

operators can have command over their data as an alternative of

any centralized intermediary authority. So the privacy is more

stretched to numerous levels [6] where ‘Consortium blockchain’

for IoTs is proposed.

5.10 IOT Network Information Sharing. As the size of IOT network information sharing is increasing,

thus the fundamental storage cost will also increase. So

information sets are kept in distant origins and a centralized

server is preserved which will lonely kept the references to these

origins. Moreover Blockchain is used to keep RIM (Reference

Integrity Matrix) of information set. As the Blockchains have

Immutability feature, and accessibility of the RIM with all IoT

network devices in Blockchain, ensured the Integrity of RIM.

Every time an obligatory Information Set is taken from the

origin, its Integrity can be confirmed by comparing its RIM

being maintained on Blockchain [17].

In Table 1 characteristics of blockchain are highlighted through

which problems of IoT can be tackled.

6. BLOCKCHAIN IMPLEMENTATION

PROBLEMS.

Anonymity Blockchain is a distributed network; anonymity is significant to

protect privacy. Appropriately, blockchain provides

pseudonymity means the users don’t have a real-world ID. The

users have a Public key which is used to achieve transactions on

this distributed network. Using this ID a user can be found via a

combination of these Ids and IP addresses related with them.

Moreover, when a user uses more than one Public key it can be

traced by checking whether the different addresses belong to the

same user. Solution to the Anonymity is a future work [16].

7. CONCLUSION This paper aims to present the literature review on Blockchain

and Internet of Things and emphasised issues linked to an IoT

atmosphere. IoT is the next immerging technology with the rise

of high-speed network and intelligent network devices.

Unfortunately, IoT devices are more prone to attacks and unable

to protect themselves. In this paper, the different properties and

characteristics of the blockchain network are highlighted such

order to remove the issues in IoT. Moreover issues that are not

solved after implementation of blockchain are highlighted.

7.1 Future Work We further aim to practically implement blockchain

properties on the internet of things for monitoring, error

discovery, and automatic fault correction in high critical

IoT systems. Moreover, simulation-based performance

assessment can be conduct to demonstrate the scalability

and effectiveness of the blockchain-based solutions.

Furthermore, as IoT devices are in openly reachable areas

and actually below the control of an opponent, a

blockchain based solution can be implemented that will

assure the safety and confidentiality of the information kept

in the devices. This will also address in decreasing the

option of the hardware and software of an IoT device

from being compromised if the device is accessible to

everyone.

63

Table.1 IoT issues and Blockchain characteristics that solve them

IOT

Issues

Blockchain Characteristics

Decartelization Persistency

Anonymity

Scalability

or More

Addressing

Space

Resilient

Backend

High

efficiency

Transparency

Smart contract

Data

Privacy

✓

✓

✓

Data

Integrity

✓

✓

✓

Third party

✓

✓

✓

Trusted

Data

Origin

✓

✓

✓

Access

control

✓

✓

✓

Single

Points of

Failure

✓

✓

✓

Scalability

✓

Illegal use

of Personal

Data

✓

64

8. REFERENCES [1] L. Atzori, A. Iera and G. Morabito (2010) ‘The Internet of

Things: a survey’, Computer Networks 54 2787–2805.

[2] D. Giusto, A. Iera, G. Morabito and L. Atzori (2014) ‘The Internet of Things’, 20th Tyrrhenian Workshop on Digital

Communication, Springer Publishing Company,

Incorporated.

[3] K. Christidis and M. DevetsikIoTis, (2016) ‘Blockchains and Smart Contracts for the Internet of Things,’ IEEE

Access, vol. 4, pp. 2292–2303.

[4] S.Nakamoto.(2008).’Bitcoin:A.PeertoPeer.electroniccashs ystem,’https://bitcoin.org/bitcoin.pdf.

[5] M. Pilkington. (2016).’Blockchain technology: Principle and applications,’ Research Handbook on Digital

Transformations.

[6] M.S. Ali, K. Dolui and F. Antonelli, (2017) ‘IoT data privacy via blockchains and IPFS’ International

Conference on the Internet of Things (ACM, New York).

[7] M. Gord,(2016), Smart Contracts Described by Nick Szabo 20 Years ago now becoming Reality, Bitcoin

Magazine.

[8] A. M. Antonopoulos, (2014). ‘Mastering Bitcoin. First Edition’. O’Reilly Media,USA.

[9] T. Chollet, J. Castiaux, M.Bruneton and L. Sainlez(2013),(2015),(2016),’Continuous interconnected

supply chain using blockchain and internet of things

supply chain traceability’ , deloitte blockchain.

[10] X.Liang, J.Zhao, S.Shetty and, D.Li, (2017) ,‘Towards data assurance and resilience in IoT using blockchain’,

Conference Paper.

[11] Yu Zhang and Jiangtao Wen (2015), ‘An IoT electric business model based on the protocol of bitcoin’. ICIN.

IEEE, pp. 184–191.

[12] Z. Zheng, S. Xie, H. Dai, X. Chen and H. Wang (2017), ‘An overviewof blockchain technology: Architecture,

consensus,and future trends.’,Big Data (Big DataCongress)

IEEE International.

[13] Seyoung Huh, Sangrae Cho and Soohyung Kim (2017),’Managing IoT Devices using Blockchain

Platform’, ICACT2017 February 19 ~ 22.

[14] M.A. Khan and K. Salah (2017) ‘IoT security: Review, blockchain solutions, and open challenges’, Future

GenerationComputer.Systems,

https://doi.org/10.1016/j.future.2017.11.022

[15] M. Banerjee, J. Lee and K.-K.R. Choo (2017),’A blockchain future to Internet of Things security: A

position paper’, Digital Communications and

Networks,doi: 10.1016/ j.dcan.2017.10.006.

[16] M. Conoscenti, D. Torino, A. Vetr, D. Torino, and J. C. De Martin , (2016) ‘Blockchain for the Internet of

Things : a Systematic Literature Review,’ IEEE/ACS 13th

International Conference of Computer Systems and

Applications (AICCSA)

[17] M Banerjee, J. Lee, and K. K. R. Choo (2018). ‘A Blockchain future for internet of things security: a

position paper,’ Digit. Commun. Networks, vol. 4, no. 3,

pp. 149–160.

[18] Swan, (2015). ‘Blockchain Blue Print for a new economy. First Edition’ O’Reilly Media,USA.

65

View publication statsView publication stats