It’s estimated that by the year 2020 there will be about 50 Billion devices connected to the Internet. Now that’s a lot of devices at the disposal of hackers thus increases their attack surface. Smart devices such as smart phone, cookers, refrigerators, webcams, and many other household appliances that are fitted with sensors and are connected to the Internet so they can share data collectively create what is known as the Internet of Things (IoT).
In October 2016, hackers managed to infect thousands of household appliances such as smart baby monitors, smart printers and refrigerators with the Mirai malware and used them to send heavy traffic to a DNS service provider called Dyn. This Distributed Denial of Service (DDoS) attack brought down major websites such as Twitter, GitHub and Amazon. This malware’s primary way of compromising these IoT devices was breaking weak passwords set on the devices.
In this article we take a look at Blockchain technology and how it can be used to enhance security of IoT devices and information security as a whole.
The goal of information security is to maintain data Confidentiality, Integrity and Availability. Blockchain enables this to be achieved in the following ways.
Identity is closely linked to access. Blockchain technology revolutionises the way users and devices are authenticated by using what is called a distributed public key infrastructure. This does away with weak passwords used by IoT devices or users when authenticating themselves. A practical example of using this concept is where you have a smart home network and each device on this network is provided with a specific SSL certificate to authenticate itself. Data relating to this SSL certificate is then stored in a public or private Blockchain, since we know that data in a Blockchain cannot be illegally altered this prevents hackers from using fake SSL certificates on such a network thus protecting IoT devices from attacks that rely on weak authentication.
So, there is no central server or database that hackers can target, thus no weak points. By using distributed public key authentication, IoT devices and users are shielded from attacks such as the Mirai attack, password breaches, brute force attacks as well as keylogging.
The fact that Blockchain technology is distributed or decentralised also means that there is no single point of failure. Data is kept on multiple nodes and should one go down this data will still be accessible via other nodes. This makes networks much more resilient to DDoS and ransomware attacks.
It’s important to note that Blockchain is not 100% immune to DDoS attacks but definitely very resilient.
Blockchain allows for an excellent and reliable audit trail. Every time a transaction is added to the Blockchain it contains a timestamp and digital signature. This sorts out the issue of non-repudiation (meaning someone cannot deny their authenticity). When the state of a Blockchain changes the previous state is kept in a historical log thus providing a reliable audit trail. As a result, data cannot be easily modified without changes being detected.
Blockchain technology is definitely here to stay, each day we are discovering various applications of this technology. With its characteristics Blockchain technology will definitely have a huge role to play in implementing better information security in the future and revolutionise the way the Internet and IoT devices operate, so be on the lookout.