Blockchain for IoT Security and Privacy: The Case Study of a Smart Home

Conference Paper (PDF Available) · March 2017with 33,431 Reads 
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
DOI: 10.1109/PERCOMW.2017.7917634
Conference: IEEE PERCOM WORKSHOP ON SECURITY PRIVACY AND TRUST IN THE INTERNET OF THING
Cite this publication
Abstract
Internet of Things (IoT) security and privacy remain a major challenge, mainly due to the massive scale and distributed nature of IoT networks. Blockchain-based approaches provide decentralized security and privacy, yet they involve significant energy, delay, and computational overhead that is not suitable for most resource-constrained IoT devices. In our previous work, we presented a lightweight instantiation of a BC particularly geared for use in IoT by eliminating the Proof of Work (POW) and the concept of coins. Our approach was exemplified in a smart home setting and consists of three main tiers namely: cloud storage, overlay, and smart home. In this paper we delve deeper and outline the various core components and functions of the smart home tier. Each smart home is equipped with an always online, high resource device, known as " miner " that is responsible for handling all communication within and external to the home. The miner also preserves a private and secure BC, used for controlling and auditing communications. We show that our proposed BC-based smart home framework is secure by thoroughly analysing its security with respect to the fundamental security goals of confidentiality, integrity, and availability. Finally, we present simulation results to highlight that the overheads (in terms of traffic, processing time and energy consumption) introduced by our approach are insignificant relative to its security and privacy gains.
Advertisement
Blockchain for IoT Security and Privacy: The Case
Study of a Smart Home
Ali Dorri, Salil S. Kanhere , Raja Jurdakand Praveen Gauravaram
School of Computer Science and Engineering
The University of New South Wales
Sydney, Australia
Email:(ali.dorri,salil.kanhere)@unsw.edu.au
CSIRO
Brisbane, Queensland, Australia.
Email: Raja.Jurdak@csiro.au
Tata Consultancy Services, Australia.
Email: p.gauravaram@tcs.com
Abstract—Internet of Things (IoT) security and privacy re-
main a major challenge, mainly due to the massive scale and
distributed nature of IoT networks. Blockchain-based approaches
provide decentralized security and privacy, yet they involve
significant energy, delay, and computational overhead that is
not suitable for most resource-constrained IoT devices. In our
previous work, we presented a lightweight instantiation of a
BC particularly geared for use in IoT by eliminating the Proof
of Work (POW) and the concept of coins. Our approach was
exemplified in a smart home setting and consists of three main
tiers namely: cloud storage, overlay, and smart home. In this
paper we delve deeper and outline the various core components
and functions of the smart home tier. Each smart home is
equipped with an always online, high resource device, known
as ”miner” that is responsible for handling all communication
within and external to the home. The miner also preserves
a private and secure BC, used for controlling and auditing
communications. We show that our proposed BC-based smart
home framework is secure by thoroughly analysing its security
with respect to the fundamental security goals of confidentiality,
integrity, and availability. Finally, we present simulation results
to highlight that the overheads (in terms of traffic, processing
time and energy consumption) introduced by our approach are
insignificant relative to its security and privacy gains.
I. INTRODUCTION
Internet of Things (IoT) consists of devices that generate,
process, and exchange vast amounts of security and safety-
critical data as well as privacy-sensitive information, and hence
are appealing targets of various cyber attacks [1]. Many new
networkable devices, which constitute the IoT, are low energy
and lightweight. These devices must devote most of their
available energy and computation to executing core application
functionality, making the task of affordably supporting security
and privacy quite challenging. Traditional security methods
tend to be expensive for IoT in terms of energy consumption
and processing overhead. Moreover many of the state-of-the-
art security frameworks are highly centralized and are thus not
necessarily well-suited for IoT due to the difficulty of scale,
many-to-one nature of the traffic, and single point of failure
[2]. To protect user privacy, existing methods often either
reveal noisy data or incomplete data, which may potentially
hinder some IoT applications from offering personalised ser-
vices [3]. Consequently, IoT demands a lightweight, scalable,
and distributed security and privacy safeguard. The Blockchain
(BC) technology that underpins Bitcoin the first cyptocurrency
system [4], has the potential to overcome aforementioned
challenges as a result of its distributed, secure, and private
nature.
Bitcoin users that are known by a changeable Public Key
(PK), generate and broadcast transactions to the network to
transfer money. These transactions are pushed into a block by
users. Once a block is full, the block is appended to the BC by
performing a mining process. To mine a block, some specific
nodes known as miners try to solve a resource consuming
cryptographic puzzle named Proof of Work (POW) [5], and
the node that solves the puzzle first mines the new block to
the BC. In our previous work [6], we argued that adopting
BC in the context of IoT is not straightforward and entails
several significant challenges such as: high resource demand
for solving the POW, long latency for transaction confirmation,
and low scalability that is a result of broadcasting transactions
and blocks to the whole network. We proposed a novel
instantiation of BC by eliminating the concept of POW and the
need for coins. Our proposed framework relies on hierarchical
structure and distributed trust to maintain the BC security
and privacy while making it more suitable for the specific
requirement of IoT. We exemplified our ideas in the context
of a smart home, but our framework is application agnostic
and can be applied in other IoT contexts. The design consists
of three core tiers that are: smart home, cloud storage, and
overlay. Smart devices are located inside the smart home tier
and are centrally managed by a miner. Smart homes constitute
an overlay network along with Service Providers (SP), cloud
storages, and users’ smartphones or personal computers as
illustrated in Figure 1. The overlay network is akin to the peer-
to-peer network in Bitcoin and brings the distributed feature
to our architecture. To decrease network overhead and delay,
nodes in the overlay are grouped into clusters and each cluster
elects a Cluster Head (CH). The overlay CHs maintain a public
Fig. 1. Overview of the proposed BC-based architecture discussed in more
details in [6].
BC in conjunction with two key lists. These key lists are:
requester key lists that is the list of overlay users’ PKs that
are allowed to access data for the smart homes connected to
this cluster; requestee key lists that is the list of PKs of smart
homes connected to this cluster that are allowed to be accessed.
Cloud storage is used by the smart home devices to store and
share data. We discussed details of the overlay and the cloud
storage in our previous work [6].
This paper’s contribution is to give a comprehensive dis-
cussion on the details of the smart home tier in our design.
We first outline how the IoT devices are initialised and then
explain how transactions are processed. A local and private
BC is employed for providing secure access control to the IoT
devices and their data. Besides, the BC generates an immutable
time-ordered history of transactions that is linkable to other
tiers for giving specific services. The design security comes
from diverse features including: (1) indirectly accessible de-
vices; and (2) different transaction structures in the smart home
and the overlay. To achieve a lightweight security, symmetric
encryption is employed for smart home devices. We provide
qualitative arguments to demonstrate that the smart home tier
achieves confidentiality, integrity, and availability and also
discuss how key security attacks such as linking attack [7] and
Distributed Denial of Service (DDOS) are thwarted. Finally,
we present quantitative results using simulations and show that
the overheads induced by our framework are relatively small.
The rest of the paper is organized as follow: In Section II
we present the main components of the design. The BC-based
smart home is discussed in depth in Section III. Simulation
results and security discussions are presented in Section IV.
Section V summarizes related works, and finally Section VI
concludes the paper.
II. CORE COMPONENTS
This section discusses the main smart home components as
shown in Figure 2.
A. Transactions
Communications between local devices or overlay nodes are
known as transactions. There are different transactions in the
BC-based smart home each designed for a specific function.
Store transaction is generated by devices to store data. An
access transaction is generated by a SP or the home owner to
access the cloud storage. A monitor transaction is generated
by the home owner or SPs to periodically monitoring a device
information. Adding a new device to the smart home is done
via a genesis transaction and a device is removed via a
remove transaction. All of the aforementioned transactions
use a shared key to secure the communication. Lightweight
hashing [8] is employed to detect any change in transactions’
content during transmission. All transactions to or from the
smart home are stored in a local private BlockChain (BC).
B. Local BC
In each smart home, there is a local private BC that keeps
track of transactions and has a policy header to enforce users’
policy for incoming and outgoing transactions. Starting from
the genesis transaction, each device’s transactions are chained
together as an immutable ledger in the BC. Each block in the
local BC contains two headers that are block header and policy
header as shown at the top of Figure 2. The block header has
the hash of the previous block to keep the BC immutable. The
policy header is used for authorizing devices and enforcing
owner’s control policy over his home. As shown in the top
right corner of Figure 2, the policy header has four parameters.
The ”Requester” parameter refers to the requester PK in the
received overlay transaction. For local devices, this field is
equal to the ”Device ID” as shown in the fourth row of the
proposed policy header in Figure 2. The second column in the
policy header, indicates the requested action in the transaction,
which can be: store to store data locally, store cloud to store
data on the cloud storage, access to access stored data of a
device, and monitor to access real-time data of a particular
device. The third column in the policy header is the ID of
a device inside the smart home, and finally, the last column
indicates the action that should be done for the transaction that
matches with the previous properties.
Besides the headers, each block contains a number of
transactions. For each transaction five parameters are stored
in the local BC as shown in the top left corner of the Figure
2. The first two parameters are used to chain transactions of
the same device to each other and identify each transaction
uniquely in the BC. The transaction’s corresponding device
ID is inserted on the third field. ”Transaction type” refers to
the type of transaction that can be genesis, access, store, or
monitor transactions. The transaction is stored on the fifth field
if it comes from the overlay network, otherwise, this filed is
kept blank. The local BC is kept and managed by a local
miner.
C. Home miner
Smart home miner is a device that centrally processes
incoming and outgoing transactions to and from the smart
home. The miner could integrate with the home’s Internet
gateway or a separate stand-alone device, e.g. F-secure [9],
could be placed between the devices and the home gateway.
Fig. 2. Overview of the Smart home: The smart home consists of IoT devices, local storage (see section II.D), the miner (see section II.C), and the local BC
(see section II.B).
Similar to existing central security devices, the miner authen-
ticates, authorizes, and audits transactions. In addition the
miner also accomplishes the following additional functions:
generating genesis transactions, distributing and updating keys,
changing the transactions structure, and forming and managing
the cluster. The miner collects all transactions into a block
and appends the full block to the BC. To provide additional
capacity, the miner manages a local storage.
D. Local Storage
Local storage is a storing device e.g. backup drive that
is used by devices to store data locally. This storage can
be integrated with the miner or it can be a separate device.
The storage uses a First-in-First-out (FIFO) method to store
data and stores each devices’ data as a ledger chained to the
device’s starting point.
III. THE BC-BA SE D SMA RT HOME
First, we discuss the initialization steps, transactions han-
dling, and shared overlay.
A. Initialization
In this section, we describe the process of adding devices
and policy header to the local BC. To add a device to the smart
home, the miner generates a genesis transaction by sharing a
key with the device using generalized Diffie-Hellman [10]. The
shared key between the miner and the device is stored in the
genesis transaction. As for defining policy header, the home
owner generates its own policies according to our proposed
policy structure in Figure 2 and adds the policy header to the
first block. The miner uses the policy header in the latest block
in BC; therefore, to update the policy the owner should update
the latest block’s policy header.
B. Transaction Handling
The smart devices may communicate directly with each
other or with entities external to the smart home. Each device
inside the home may request data from another internal device
to offer certain services, e.g., the light bulb requests data
from the motion sensor to turn on the lights automatically
when someone enters the home. To achieve user control over
smart home transactions, a shared key should be allocated
by the miner to devices which need to directly communicate
with each other. To allocate the key, the miner checks the
policy header or asks for permission from the owner and then
distributes a shared key between devices. After receiving the
key, devices communicate directly as long as their key is valid.
To deny the grant permission, the miner marks the distributed
key as invalid by sending a control message to devices. The
benefits of this method is twofold: on one hand, the miner
(and so the owner) has a list of devices that share data, and
on the other, the communications between devices are secured
with a shared key.
Storing data on the local storage by devices is the other
possible transaction flow inside the home. To store data locally,
each device needs to be authenticated to the storage that is
done using a shared key. To grant the key, the device needs to
send a request for the miner and if it has storing permission,
the miner generates a shared key and sends the key for the
device and the storage. By receiving the key, the local storage
generates a starting point that contains the shared key. Having
the shared key, the device can store data directly in the local
storage.
The devices may demand to store data on the cloud storage
that is known as store transaction. Storing data in the cloud
is an anonymous process that is discussed in [6]. To store
data the requester needs a starting point that contains a
block-number and a hash used for anonymous authentication
purpose. The cloud storage may be either owned and managed
by the SP (e.g. Nest thermostat) or paid for and managed by
the home owner (e.g. Dropbox). In the former instance, the
miner requests for the starting point by generating a signed
transaction with the device key. In the latter case, payment is
done through Bitcoin. In either storage type, after receiving a
request the storage creates a starting point and sends it to the
miner. When a device needs to store data on the cloud storage,
it sends data and the request to the miner. By receiving the
request, the miner authorizes the device for storing data on
the cloud storage. If the device has been authorized, the miner
extracts the last block-number and hash from the local BC, and
creates a store transaction and sends it along with the data to
the storage. After storing data, the cloud storage returns the
new block-number to the miner that is used for further storing
transactions.
The other possible transactions are access and monitor
transactions. These transactions are mainly generated by either
the home owner to monitor the home when he is outside or
by SPs to process devices’ data for personalized services. By
receiving an access transaction from nodes in the overlay, the
miner checks whether the requested data is on the local or
the cloud storage. If data is stored in the local storage, the
miner requests data from the local storage and sends it to
the requester. On the other hand, if the data is stored in the
cloud, the miner either requests data from the cloud storage
and sends it to the requester, or sends the last block-number
and hash to the requester. The latter scenario empowers the
requester to read entire data stored by the device in cloud
storage and is suitable when the stored data are for a unique
device. Otherwise, the user’s privacy might be endangered as
part of a linking attack which is discussed later in Section IV.
By receiving a monitor transaction, the miner sends current
data of the requested device to the requester. If a requester
is allowed to receive data for a period of time then the
miner sends data periodically until the requester sends a close
request to the miner and abolish the transaction. The monitor
transaction enables home owners to watch cameras or other
devices in which send periodic data. In order to avoid overhead
or possible attacks, the owner should define a threshold in
minutes for the periodic data. If the time in which the miner
is sending data for the requester reaches to the threshold, then
the connection is terminated by the miner.
C. Shared overlay
When an individual has more than one home, he needs
separate miners and storage for each of the homes. To reduce
the cost and managing overhead in this instance, a shared
overlay is defined. The shared overlay consists of at least
two smart homes that are managed centrally as a single
home by a shared miner. The shared overlay is similar to
the smart home, however, the structure of the shared BC is
different to that of a smart home. In the shared BC each
home has a genesis transaction and the genesis transaction
of all devices are chained to their home’s genesis transaction
by the shared overlay miner. Another difference in the shared
overlay is regarding the communications between the homes
with the miner. Devices that are in the same home with the
miner experience no change, while for devices in other homes
a Virtual Private Network (VPN) connection is established
between the Internet gateway in each home and the miner of
the shared overlay that routes the packets to the shared miner.
IV. EVALUATION AND ANALYS IS
This section provides a complete discussion on the security,
privacy, and performance of the BC-based smart home.
A. Security Analysis
There are three main security requirements that need to
be addressed by any security design, namely: Confidentiality,
Integrity, and Availability, known as CIA [11]. Confidentiality
makes sure that only the authorized user is able to read the
message. Integrity makes sure that the sent message is received
at the destination without any change, and availability means
that each service or data is available to the user when it is
needed. Employed methods to achieve the first two require-
ments are discussed in Section III. To increase smart home
availability devices are protected from malicious requests. This
is achieved by limiting the accepted transactions to those
entities with which each device has established a shared key.
Transactions received from the overlay are authorized by the
miner before forwarding them on to the devices. Furthermore,
it can be argued that our BC-based framework only introduces
a marginal increase in the transaction processing delays as
compared to existing smart home gateway products. There is
also an additional one-time delay during initialization for gen-
erating and distributed shared keys. In summary, the additional
delays are not significant and do not impact the availability of
the smart home devices.
Table I summarizes how our framework achieves the afore-
mentioned security requirements
Next we analyze the effectiveness of our solution to prevent
two critical security attacks that are particularly relevant for
smart homes. The first one is Distributed Denial of Service
(DDOS) attack in which the attacker uses several infected
IoT devices to overwhelm a particular target node. Several
recent attacks [12] have come to light which have exploited
IoT devices to launch massive DDoS attacks. The second is a
linking attack in which the attacker establishes a link between
multiple transactions or data ledgers with the same PK to find
the real world ID of an anonymous user. This attack endangers
users privacy.
DDOS attack: Our design has a hierarchical defence against
this attack. The first level of defence can be attributed to the
fact that it would be impossible for an attacker to directly
install malware on smart home devices since these devices are
not directly accessible. All transactions have to be checked
by the miner. Let us for a moment assume that the attacker
somehow still manages to infect the devices. The second level
of defence comes from the fact that all outgoing traffic has to
be authorized by the miner by examining the policy header.
Since the requests that constitute the DDoS attack traffic would
not be authorized, they would be blocked from exiting the
home. The next two defence layers are specially designed and
managed by the target of DDOS attack that can be any user in
the overlay. These defense layers, that are granting permission
by using CH key lists and changing the PK in the CH key lists,
are discussed in our previous paper [6] and are not in the scope
of this paper.
Linking attack: To protect against this attack, each device’s
data is shared and stored by a unique key. The miner creates
unique ledger of data in the cloud storage for each device
using a different PK. From the overlay point of view, the miner
should use a unique key for each transaction.
B. Performance Evaluation
BC-based architecture incurs computational and packet
overhead on the smart home devices and the miner for
providing improved security and privacy. To evaluate these
overheads, we simulated a smart home scenario in Cooja
simulator [13]. To compare the overhead of the BC-based
architecture, we simulated another scenario that handles trans-
actions without encryption, hashing, and BC. We refer to this
baseline method as the ”base method”. We used IPv6 over Low
Power Wireless Personal Area Networks (6LoWPAN) as the
underlying communication protocol in our simulation, since
it is well-suited to the resource constraints for a smart home
setting. We simulated three z1 mote sensors (that mimick smart
home devices) which send data directly to the home miner
(also simulated as a z1 mote) every 10 seconds. Each simula-
tion lasted for 3 minutes and the results presented are averaged
over this duration. A cloud storage is directly connected to
the miner for storing data and returning the block-number.
It is worth noting that the overlay delay and processing is
not considered in our simulation. To provide a comprehensive
evaluation we simulated store and access transactions.For the
TABLE I
SEC URI TY R EQU IRE ME NT EVAL UATIO N.
Requirement Employed Safeguard
Confidentiality Achieved using symmetric encryption.
Integrity Hashing is employed to achieve integrity.
Availability Achieved by limiting acceptable transactions by devices
and the miner.
User control Achieved by logging transactions in local BC.
Authorization Achieved by using a policy header and shared keys.
store transaction we simulated two different and realistic traffic
flow patterns:
Periodic: In this setting, devices periodically send their
data to the cloud storage. This is fairly typical for various
current smart home products such as Nest thermostat.
Query-based: Herein, the device sends data on-demand
and in response to a query received from the miner. This
flow is equivalent to storing data to the cloud by the home
owner.
We evaluated the following metrics:
Packet overhead: Refers to the length of transmitted
packets.
Time overhead: Refers to the processing time for each
transaction in the miner and is measured from when a
transaction is received in the miner until the appropriate
response is sent to the requester.
Energy consumption: Refers to the energy consumed by
the miner for handling transactions. The miner is the
highest energy consuming device in the smart home since
it handles all transactions and performs lots of hashing
and encryption. The energy consumption of other devices
is limited to encryption for their own transactions.
The discussion on the evaluation is as follows:
Packet overhead: Table II illustrates the simulation results
for packet overhead. The table content applies to both access
and store transactions since both have the same packet size.
Using encryption and hashing increases the packets payload
size; however, considering the lower layer headers (i.e. 6Low-
PAN), the increase in the data payload has relatively small
effect.
Time overhead: Figure 3 shows the results for the time over-
head. The BC-based design consumes more time to process
packets compared to the base method which can be attributed
to the additional encryption and hashing operations. In the
worst case for the query-based store transaction the additional
overhead introduced by our method is 20ms, which is still
small.
Energy consumption: Figure 4 outlines the energy con-
sumption results. As is evident, the BC method increases the
energy consumption by 0.07 (mj). The table at the bottom of
Figure 4 outlines the energy consumption for the 3 core tasks
performed by the miner, namely: CPU, transmission (Tx), and
listening (Lx). The energy consumption by CPU increased
roughly 0.002(mj) in our design due to encryption and hashing.
Transmitting longer data packets doubled the transmission
energy consumption of our method in compare to the base
method. It should be noted that we have assumed a 100% radio
duty cycle in our evaluations (i.e. the radio is always on). If the
TABLE II
EVALUATI ON OF T HE PAC KET OV ER HEA D
Packet Flow Base (Bytes) BC-based (Bytes)
From devices to the miner 5 16
From the miner to the cloud 5 36
From the cloud to the miner 5 16
radio is switched off intermittently to conserve energy, then the
relative listening overhead incurred by our method would be
higher. However, even assuming a very aggressive duty cycle
of 1%, the relative increase in listening energy would still only
be about 60%.
In summary, the low overheads introduced by our BC-based
method significantly outweigh given the significant security
and privacy benefits on offer.
V. RELATED WO RK S
There exist different studies on security and privacy of IoT
and smart home. Authors in [14] demonstrated that off-the-
shelf IoT devices lack basic security safeguards by hacking
into a variety of smart home device including a light bulb,
switch and smoke alarm. Authors in [15] argued that the
smart homes are vulnerable to attacks conducted by users’
smartphones even if the home gateway controls the exchange
of packets to and from the home.
Authors in [3] proposed a method with three modules to
protect users’ privacy in the smart home. The data collector
module collects users’ data from the smart home and sends
them to data receiver module that stores data in two different
datasets. The result module controls the user’s access to data to
protect the privacy. This method ensures that only the true user
can access data. Besides, by using two datasets it is guaranteed
that linking different data of a user to each other is impossible.
However, the method does not provide privacy when the user
needs to reveal his data to a service provider.
VI. CONCLUSION
IoT security is gaining a lot of attention these days from
both academia and industry. Existing security solutions are
not necessarily suited for IoT due to high energy consumption
and processing overhead. We previously proposed a method
that addresses these challenges by leveraging the Bitcoin
BC, which is an immutable ledger of blocks. The idea was
discussed using a smart home as a representative case-study.
In this paper, we outlined the various core components of
the smart home tier and discussed the various transactions
and procedures associated with it. We also presented an
all-inclusive analysis regarding its security and privacy. Our
simulation results demonstrate that the overheads incurred by
0
10
20
30
40
50
60
70
80
Base
BC-based
Store Transaction
Time Period
Store Transaction
Query Based Access Transaction
Time ( ms)
Fig. 3. Evaluation of time overhead.
56.3
56.32
56.34
56.36
56.38
56.4
56.42
56.44
56.46
56.48
56.5
56.52
Access Store-Query Store-Period
Base Idea
BC-based
CPU Tx Lx CPU Tx Lx CPU Tx Lx
Base Idea
0.0103 0.0102
56.3489
0.0117 0.0357
56.3393
0.0121 0.0549
56.3645
BC
-
based
0.0127 0.0834
56.3496
0.0132 0.1106
56.3379
0.0133 0.1166
56.3657
Consumed Energy (mj)
Fig. 4. Evaluation of energy consumption in different traffic flows.
our method are low and manageable for low resource IoT
devices. We argue that these overheads are worth their weight
given the significant security and privacy benefits on offer.
To the best of our knowledge, this research is the first work
that aims to optimize BC in the context of smart homes. In
our future research, we will investigate the applications of our
framework to other IoT domains.
REFERENCES
[1] S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security,
privacy and trust in internet of things: The road ahead,Computer
Networks, vol. 76, pp. 146–164, 2015.
[2] R. Roman, J. Zhou, and J. Lopez, “On the features and challenges
of security and privacy in distributed internet of things,Computer
Networks, vol. 57, no. 10, pp. 2266–2279, 2013.
[3] A. Chakravorty, T. Wlodarczyk, and C. Rong, “Privacy preserving data
analytics for smart homes,” in Security and Privacy Workshops (SPW),
2013 IEEE. IEEE, 2013, pp. 23–27.
[4] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” 2008.
[5] S. King, “Primecoin: Cryptocurrency with prime number proof-of-
work,” July 7th, 2013.
[6] A. Dorri, S. S. Kanhere, and R. Jurdak, “Blockchain in internet of things:
Challenges and solutions,” arXiv preprint arXiv:1608.05187, 2016.
[7] A. Narayanan, J. Bonneau, E. Felten, A. Miller, and S. Goldfeder,
Bitcoin and cryptocurrency technologies. Princeton University Pres,
2016.
[8] A. Bogdanov, M. Kneˇ
zevi´
c, G. Leander, D. Toz, K. Varıcı, and I. Ver-
bauwhede, spongent: A Lightweight Hash Function. Berlin, Heidelberg:
Springer Berlin Heidelberg, 2011, pp. 312–325.
[9] F.-S. sense, https://sense.f-secure.com/, [Online; accessed 19-November-
2016].
[10] H. Delfs, H. Knebl, and H. Knebl, Introduction to cryptography.
Springer, 2002, vol. 2.
[11] N. Komninos, E. Philippou, and A. Pitsillides, “Survey in smart grid and
smart home security: Issues, challenges and countermeasures,” IEEE
Communications Surveys & Tutorials, vol. 16, no. 4, pp. 1933–1954,
2014.
[12] wired, https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/,
[Online; accessed 10-December-2016].
[13] Cooja, http://anrg.usc.edu/contiki/index.php/CoojaSimulator/, [Online;
accessed 19-November-2016].
[14] S. Notra, M. Siddiqi, H. H. Gharakheili, V. Sivaraman, and R. Boreli,
“An experimental study of security and privacy risks with emerging
household appliances,” in Communications and Network Security (CNS),
2014 IEEE Conference on. IEEE, 2014, pp. 79–84.
[15] V. Sivaraman, D. Chan, D. Earl, and R. Boreli, “Smart-phones attacking
smart-homes,” in Proceedings of the 9th ACM Conference on Security &
Privacy in Wireless and Mobile Networks. ACM, 2016, pp. 195–200.
  • ... have been proposed, such as [9], [11], [12]. Nonetheless, these studies focus on the methodology of employing blockchain technology in eHealth, smart homes, and other areas. ...
  • ... In [12], the authors have proposed a complex approach for IoT device communication security in smart homes. Their framework has a hierarchical design and contains a public BC, local private BC per smart home, local storage and cloud storage as the core components. ...
    Preprint
    Full-text available
    The rapid development of the internet and communication throughout the world has made IoT one of the key components of the fourth industrial revolution. IoT has its impact on various aspects of our life and has remarkable contributions to world economics. Integrated with different technologies, IoT has been expanded to many more applications thus making direct interaction with our personal and corporate life. The security of these devices has been a major issue. But problems arise with on-demand security solution as devices are provided with low processing and energy resources. Heavy and expensive systems cannot be applied to IoT devices. Addressing these problems, in this paper we propose a novel blockchain-based framework for IoT device data sharing and communication. We implemented a prototype of our proposed framework using Hyperledger Fabric and evaluated its performance. We show that our proposed solution is efficient for IoT devices and different security requirements such as confidentiality, availability, and integrity of data are met.
  • ... The deep belief network can be used for prior learning due to its nature as a generating model; after learning the initial weight through prior learning, it can be used for unadjusted weights through reverse waves or other discriminating algorithms. These characteristics are very useful when training data are small, in which case the impact of the initial weighting on the resulting model is greater [39][40][41][42]. The initial value of the pre-learned weighting is closer to the optimum weighting than the initial value of the weighting set arbitrarily, which enables the performance and speed improvement of the unadjusted phase. ...
    Article
    Full-text available
    Blockchain and artificial intelligence are the most important keywords in the Fourth Industrial Revolution. This study sought to apply these core technologies to future validated algorithms that make real estate transactions secure to come up with an encryption algorithm. In addition, the real estate transaction is being paid a large fee by the middlemen, the real estate agent. Furthermore and recently, P2P (peer-to-peer) real estate exchange is used a lot. However, these P2P real estate exchanges also have problems that have not been identified by each other between landlords and tenants. In particular, a research model was established to compare and verify the PBFT (practical Byzantine fault tolerance) algorithm of Hyperledger through the blockchain agreement process. Subsequently, a process for verifying the real estate contract was established. Through VM (virtual machine) research methodology for the verification of blockchain real estate contracts, ElGamal communication was provided to prove quantum cryptography. We also automated lightweight encryption test verification tools and blockchain smart contract VM (virtual machine) models using artificial intelligence. Verification was performed through a reservation server and a monitoring server using a test verification tool for network-based lightweight security IoT (Internet of things) GW (gateway). It presents important ECP (elastic curve program) and elastic curve Qu-Vanstone (ECQV) models among the main functions of the blockchain smart contract, and it is equipped with quantum-based encryption algorithm. In addition, the necessary UML (unified modeling language) source code and performance data were calculated according to the actual experimental environment, and the average value for blockchain for administrative or government authorized assets—4000 TPS (transaction per second) were tested. In the future, we want to use this technology for real estate transactions.
  • ... The blockchain technology has appeared to be one good solution to provide a secure decentralized environment for information exchange [11,12]. Although it was originally introduced for exchanging digital currency as its underlying technology, it has found security and privacy applications in many other areas, such as Internet of Things (IoTs) [13], smart home [14], smart city [1], educational systems [15], and healthcare [16]. While governments around the world have not fully adopted the blockchain technology in the public sectors, many countries have initiated blockchain projects to explore the potential of blockchain technology in offering public services to individuals [17]. ...
    Preprint
    Full-text available
    Electronic government (e-government) uses information and communication technologies to deliver public services to individuals and organisations effectively, efficiently and transparently. E-government is one of the most complex systems which needs to be distributed, secured and privacy-preserved, and the failure of these can be very costly both economically and socially. Most of the existing e-government systems such as websites and electronic identity management systems (eIDs) are centralized at duplicated servers and databases. A centralized management and validation system may suffer from a single point of failure and make the system a target to cyber attacks such as malware, denial of service attacks (DoS), and distributed denial of service attacks (DDoS). The blockchain technology enables the implementation of highly secure and privacy-preserving decentralized systems where transactions are not under the control of any third party organizations. Using the blockchain technology, exiting data and new data are stored in a sealed compartment of blocks (i.e., ledger) distributed across the network in a verifiable and immutable way. Information security and privacy are enhanced by the blockchain technology in which data are encrypted and distributed across the entire network. This paper proposes a framework of a decentralized e-government peer-to-peer (p2p) system using the blockchain technology, which can ensure both information security and privacy while simultaneously increasing the trust of the public sectors. In addition, a prototype of the proposed system is presented, with the support of a theoretical and qualitative analysis of the security and privacy implications of such system.
  • ... It is designed as an immutable and distributed database for protecting privacy and security of the shared transactions among its trustless participants. In fact, the blockchain technology has been successfully exploited for security and privacy provision in supply chain (Tian, 2016), healthcare system (Peterson et al., 2016), Internet of Things (IoT) (Dorri et al., 2017), land registry (Ramya et al., 2018), smart cities (Biswas and Muthukkumarasamy, 2016), Elisa,Yang,Li,Chao & Naik The 19th International Conference on Electronic Business, Newcastle upon Tyne, UK, December 8-12, 2019 100 educational systems (Turkanovi´c et al., 2018), in addition to the well-known e-currency. The blockchain technology can be public (permissionless), private (permissioned) or consortium (semi-public and semi-private). ...
    Preprint
    Since its inception as a solution for secure cryptocurrencies sharing in 2008, the blockchain technology has now become one of the core technologies for secure data sharing and storage over trustless and decentralised peer-to-peer systems. E-government is amongst the systems that stores sensitive information about citizens, businesses and other affiliates, and therefore becomes the target of cyber attackers. The existing e-government systems are centralised and thus subject to single point of failure. This paper proposes a secure and decentralised e-government system based on the consortium blockchain technology, which is a semi-public and decentralised blockchain system consisting of a group of pre-selected entities or organisations in charge of consensus and decisions making for the benefit of the whole network of peers. In addition, a number of e-government nodes are pre-selected to perform the tasks of user and transaction validation before being added to the blockchain network. Accordingly, e-government users of the consortium blockchain network are given the rights to create, submit, access, and review transactions. Performance evaluation on single transaction time and transactions processed per second demonstrate the practicability of the proposed consortium blockchain-based e-government system for secure information sharing amongst all stakeholders.
  • ... In the proposed scheme, a thorough security evaluation of the presented framework concerning the communication, costs and computation time that exposes the supermacy of EnergyChain was explained. In [37], a smart home system was used as a representative case study on blockchain. In this study, the core building blocks of the smart home tier were outlined by the author. ...
    Article
    Full-text available
    Smart Home automation is increasingly gaining popularity among current applications of Internet of Things (IoT) due to the convenience and facilities it provides to the home owners. Sensors are employed within the home appliances via wireless connectivity to be accessible remotely by home owners to operate these devices.With the exponential increase of smart home IoT devices in the marketplace such as door locks, light bulbs, power switches etc, numerous security concerns are arising due to limited storage and processing power of such devices, making these devices vulnerable to several attacks. Due to this reason, security implementations in the deployment of these devices has gained popularity among researchers as a critical research area. Moreover, the adoption of traditional security schemes has failed to address the unique security concerns associated with these devices. Blockchain, a decentralised database based on cryptographic techniques, is gaining enormous attention to assure security of IoT systems. The blockchain framework within an IoT system is a fascinating substitute to the traditional centralised models, which has some significant concerns in fulfilling the demand of smart homes security. In this article, we aim to examine the security of smart homes by instigating the adoption of blockchain and exploring some of the currently proposed smart home architectures using blockchain technology. To present our findings, we describe a simple secure smart home framework based on a refined version of blockchain called Consortium blockchain.We highlight the limitations and opportunities of adopting such an architecture.We further evaluate our model and conclude with the results by designing an experimental testbed using a few household IoT devices commonly available in the marketplace.
  • ... The research in [16] [17] proposes an optimized solution for a smart home use case with a specific focus on IoT security and privacy . They propose to deploy a "miner" in each home to manage the communication with the outside world. ...
    Article
    Full-text available
    The domain of transport and supply chain of goods is today strongly impacted by the digital technologies similarly to the logistic enterprises providing them. Due to their critical nature. Not only these services are required to be correct but a traceability of the end-to-end process of transportation has to be provided. The influence of cutting edge technologies such as the Internet of Things (IoT) and blockchain enables a new level of transparency and real-time verification of the process of transport. The impact of the IoT attributes to improving the quality of services in several domains so it does in transportation. The capacity of IoT devices to generate real-time information is essential to monitor process and other daily activities in the domain of transport. In the area of dangerous goods transportation, this is even more critical since stakeholders of the supply chain need to share and exchange information in a trustful manner. Sensitive information about the transportation process should verified before shared as well as protected from any unauthorized access and changes. For a trusted and transparent process of transport, the data captured by IoT devices to monitor the transportation of goods, should remain consistent, reliable and with proved integrity properties. In this paper, we present a research that highlights how the potential of the blockchain and IoT technologies can be efficiently integrated in order to secure information exchange in an end-to-end process of transport of dangerous goods (TDG). Firstly, we examine the process of TDG from the perspective of stake-holder collaboration i.e., information flow. Secondly, we propose a model that supports an end-to-end TDG based on the Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. regulatory framework. Third, we integrate blockchain and IoT technologies for securing information sharing during the process of TDG. Hence, we show how the transparent provides the righ level of abstractions to the process of TDG. A proof of concept applying our approach has been developed and tested.
  • ... Concerns regarding security and privacy of IoT can be solved using Blockchain based approach which provides decentralized security and privacy by employing a high resource device referred to as the miner which takes responsibility of all communication between the nodes and the server. [13] There is also a tremendous scope for integrating Blockchain methods for micro-financing and lending purposes. Implementing concepts of P2P Lending and Microfinance, farmers can stop worrying about waiting for confirmation of loans and lending and can concentrate more farming [14]. ...
    Conference Paper
    The Internet of Things (IoT) has the ability to transform the way in which people practice agriculture today. The recent advancements in the field of ultra-low power microcontrollers and sensors make the designing of these efficient systems possible. Similarly, developments in the field of Convolution Neural Networks also enabled developers to achieve state-of-the-art results in no time with fewer lines of code and limited resources as compared to a few years ago, one of them being image classification for plant diseases based on the leaves. In this work, various agricultural establishments are analyzed to design a device which offers a solution to some of the common problems faced in the field using IoT and Deep Learning (DL) deployment. Thus the aim is to develop a smart assistant to augment the lives of the farmers by making their lives easier.
  • Chapter
    The usage of the internet of things (IoT) devices is growing for the ease of life. From smart homes to smart cars, from smart transportation to smart cities, from smart hospitals to smart highways, these IoT devices send and receive highly sensitive data regarding the privacy of users or other information regarding the movement of users from one location to another location. The timing traces users when present at home and out of the home. But how does one secure this information from the attacker? There is a need for IoT devices security. As there are three layers of IoT devices—the application layer, network layer, and perception layer—three layers to be secure. IoT devices are heterogeneous and constrain energy consumption. The proposed solution in this chapter is three-way authentication of IoT devices by generating tokens from the device serial number and from the few configuration devices at the network layer. For high availability of IoT device services, the protection against distributed denial of service attack is implemented at the network layer.
  • Primecoin: Cryptocurrency with prime number proof-ofwork
    • S King
    S. King, "Primecoin: Cryptocurrency with prime number proof-ofwork," July 7th, 2013.
  • Article
    Full-text available
    The Internet of Things (IoT) is experiencing exponential growth in research and industry, but it still suffers from privacy and security vulnerabilities. Conventional security and privacy approaches tend to be inapplicable for IoT, mainly due to its decentralized topology and the resource-constraints of the majority of its devices. BlockChain (BC) that underpin the cryptocurrency Bitcoin have been recently used to provide security and privacy in peer-to-peer networks with similar topologies to IoT. However, BCs are computationally expensive and involve high bandwidth overhead and delays, which are not suitable for IoT devices. This position paper proposes a new secure, private, and lightweight architecture for IoT, based on BC technology that eliminates the overhead of BC while maintaining most of its security and privacy benefits. The described method is investigated on a smart home application as a representative case study for broader IoT applications. The proposed architecture is hierarchical, and consists of smart homes, an overlay network and cloud storages coordinating data transactions with BC to provide privacy and security. Our design uses different types of BC’s depending on where in the network hierarchy a transaction occurs, and uses distributed trust methods to ensure a decentralized topology. Qualitative evaluation of the architecture under common threat models highlights its effectiveness in providing security and privacy for IoT applications.
  • Conference Paper
    The explosion in Internet-connected household devices, such as light-bulbs, smoke-alarms, power-switches, and webcams, is creating new vectors for attacking "smart-homes" at an unprecedented scale. Common perception is that smart-home IoT devices are protected from Internet attacks by the perimeter security offered by home routers. In this paper we demonstrate how an attacker can infiltrate the home network via a doctored smart-phone app. Unbeknownst to the user, this app scouts for vulnerable IoT devices within the home, reports them to an external entity, and modifies the firewall to allow the external entity to directly attack the IoT device. The ability to infiltrate smart-homes via doctored smart-phone apps demonstrates that home routers are poor protection against Internet attacks and highlights the need for increased security for IoT devices.
  • Conference Paper
    Full-text available
    Smart household appliances, ranging from light-bulbs and door-locks to power switches and smoke-alarms, are rapidly emerging in the marketplace, with predictions that over 2 billion devices will be installed within the next four years. However, security implementations vary widely across these devices, while privacy implications are unclear to users. In this paper we dissect the behavior of a few household devices, specifically the Phillips Hue light-bulb, the Belkin WeMo power switch, and the Nest smoke-alarm, and highlight the ease with which security and privacy can be compromised. We then propose a new solution to protect such devices by restricting access at the network-level. Our solution does not require changes from device manufacturers, reduces burden on the end-users, and allows security to be offered as an overlay service by the ISP or from a specialist provider in the cloud.
  • Article
    Full-text available
    The electricity industry is now at the verge of a new era-an era that promises, through the evolution of the existing electrical grids to smart grids, more efficient and effective power management, better reliability, reduced production costs, and more environmentally friendly energy generation. Numerous initiatives across the globe, led by both industry and academia, reflect the mounting interest around not only the enormous benefits but also the great risks introduced by this evolution. This paper focuses on issues related to the security of the smart grid and the smart home, which we present as an integral part of the smart grid. Based on several scenarios, we aim to present some of the most representative threats to the smart home/smart grid environment. The threats detected are categorized according to specific security goals set for the smart home/smart grid environment, and their impact on the overall system security is evaluated. A review of contemporary literature is then conducted with the aim of presenting promising security countermeasures with respect to the identified specific security goals for each presented scenario. An effort to shed light on open issues and future research directions concludes this paper.
  • Conference Paper
    Full-text available
    A framework for maintaining security & preserving privacy for analysis of sensor data from smart homes, without compromising on data utility is presented. Storing the personally identifiable data as hashed values withholds identifiable information from any computing nodes. However the very nature of smart home data analytics is establishing preventive care. Data processing results should be identifiable to certain users responsible for direct care. Through a separate encrypted identifier dictionary with hashed and actual values of all unique sets of identifiers, we suggest re-identification of any data processing results. However the level of re-identification needs to be controlled, depending on the type of user accessing the results. Generalization and suppression on identifiers from the identifier dictionary before re-introduction could achieve different levels of privacy preservation. In this paper we propose an approach to achieve data security & privacy through out the complete data lifecycle: data generation/collection, transfer, storage, processing and sharing.
  • Article
    In the Internet of Things, services can be provisioned using centralized architectures, where central entities acquire, process, and provide information. Alternatively, distributed architectures, where entities at the edge of the network exchange information and collaborate with each other in a dynamic way, can also be used. In order to understand the applicability and viability of this distributed approach, it is necessary to know its advantages and disadvantages – not only in terms of features but also in terms of security and privacy challenges. The purpose of this paper is to show that the distributed approach has various challenges that need to be solved, but also various interesting properties and strengths.
  • Article
    A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.