SESSION ID: CCS-T08 Blockchain Role in Smart Cities/IoT Security A Cryptographic Perspective! Dr. Hilal Houssain hilal.hussein@gmail.com
Agenda Internet of Things (IoT) IoT Security Requirements IoT Security Issues Blockchain Technology Blockchain for Securing IoT Way forward and Conclusion 2
Internet of Things (IoT) 3
Internet of Things (IoT) The Term IoT was first coined by Kevin Ashton in 1999 Network of devices able to: Configure themselves automatically, Generate, process, and exchange data as we as Request a service or start an action without human intervention at many levels. 4
Important Areas of Research for IoT Smart devices, sensors in real-time, Energy Saving WiFi, Bluetooth, ZigBee, etc Big-data, Machine learning, Predictive analytics, Security/Privacy, Trust, Authenticity/Identity, Anonymity, 5
Security Requirements for IoT Devices 6
Security Requirements for IoT Devices IoT adoption is set to rise exponentially in the coming years, but security, and a lack of in-house skills to manage that security risk, still feature at the top of business leaders concerns. IoT devices can generate, process, and exchange vast amounts of critical data as well as privacy-sensitive information, and hence are appealing targets of various cyber attacks. The IoT devices interact with each other and connected systems and infrastructures in a secure manner. 7
Security Requirements for IoT Devices Authentication & Data integrity Confidentiality (Encryption) is a NOT always required! Secure against node(s) key leakage 8
Security Issues for IoT Devices 9
Security Issues for IoT Devices Can be lost and stolen (security difficult ) Not reachable (mostly disconnected) Finite life (Credentials tied to lifetime) Resource Constrained (no processing power for crypto) 10
Security Issues for IoT Devices Studies Reveal 70% Of IOT Devices Are Vulnerable To Attack. Majority of IoT devices had the following security issues: Privacy concerns Lacked encryption (processed/exchanged data and Firmware upgrades) Insecure updates Lack of mutual authentication (device, gateway) 11
Security Issues for IoT Devices IoT Network Security More challenging than traditional network security. A wider range of communication protocols, standards, and device capabilities. Pose significant issues and increased complexity! 12
Security Issues for IoT Devices IoT Authentication IoT standards are important catalysts but still need time to mature. Authentication with no human intervention. Mostly authenticating embedded sensors (deviceto-device communication). 13
Security Issues for IoT Devices IoT Encryption Encryption is an absolute must Encrypting data at rest and in transit. Limited capability to have standard encryption processes and protocols. Encryption key lifecycle management processes. Data integrity and confidentiality. 14
Security Issues for IoT Devices IoT PKI Digital certificate, and key (generation, distribution, management, and revocation). Limited ability to utilize PKI. Digital certificates securely loaded onto IoT devices at the time of manufacture or installed post-manufacture. Data integrity and confidentiality. 15
Security Issues for IoT Devices Security Incidents Visibility: Caused by the scale and scope of IoT deployments!!! Low energy and lightweight (in terms of resources) IoT devices must allocate most of their available resources to executing core application functionality. Thus, supporting security and privacy is quite challenging. 16
Security Issues for IoT Devices More IoT-specific security threats will definitely drive innovative Security Solutions mainly in new Cryptographic Primitives and Blockchain-based Approaches 17
Blockchain Technology 18
Blockchain Technology Bitcoin Whitepaper 2008.10.31* 19
Blockchain Technology What is the problem that Blockchain attempts to solve? A technology that enables moving digital assets from one node to another node. 20
Blockchain Technology Traditional way Trusted third party 21
Blockchain Technology A Blockchain is an append-only distributed ledger that stores a time-ordered set of facts, aka transactions. Transactions are grouped into blocks and form a cryptographic hashchain, hence the name Blockchain. Role of Cryptography in Blockchain!!!! Integrity of ledger (Cryptographic hash function) Authenticity of transactions (Ellitpic Curve Digital Signature Alg.) Privacy of transactions (Pseudonymity through crypto tools) Identity of participants (Cryptographic signatures) Auditability and Transparency (Cryptographic hash chain) Exploit advanced cryptographic techniques, trust in Blockchain is shifted to Technology (not in participants or nodes) 22
Blockchain Technology Digitally signing (using Elliptic Curve Digital Signature Algorithm) a hash digest of the previous transaction and the public key of the recipient. Every viable transaction is stored in a public ledger Transactions are placed in blocks, which are linked by SHA256 hashes. 23
Blockchain for Securing IoT 24
Blockchain for Securing IoT Traditional security and privacy approaches are not applicable for IoT Blockchain-based approaches provide security and privacy in peer-to-peer networks with similar topologies to IoT Computationally expensive and involve high bandwidth overhead, delays, and significant energy. Not suitable for most resource-constrained IoT devices!!!! 25
Blockchain for Securing IoT Eliminate the Proof of Work (POW) and the concept of coins. Miners, as high resource device, are routers to manage communication between Private and Public Blockchain network. As a result: Traffic volume, processing time and energy consumption reduced noticeably. Security is preserved!!!,,, but what about IoT device authentication? 26
Blockchain for Securing IoT Combining Blockchain and Physical Unclonable Function (PUF) technology PUF Technology to: Authenticate an IoT device and Register that IoT device (including its ownership information) on the Blockchain,,, but still PKI is needed for securing IoT devices!!! 27
Blockchain for Securing IoT Reply PKI Digital Signature with Hash based signatures (or other Merkle tree schemes),,, anonymous IoT devices Joining & Leaving the network!!! 28
Blockchain for Securing IoT Group signatures using one or multiple pre shared group Key. This will remove anonymity in the IoT network.,,, what about secure firmware update for IoT devices? 29
Blockchain for Securing IoT Management all the updates in terms of integrity and source authenticity using blockchain. This is in addition to managing the IoT devices standardization and compliances auditing, device and cryptographic key management, etc IoT devices will need to freely (also securely with lowcost) buy, sell and trade their digital assets using Blockchain technology. 30
Way Forward and Conclusion A Standardized Lightweight Cryptographic Primitive is Needed for recourse constrained IoT devices. As blockchain-based solutions and technology become widespread, expect to see sophisticated attacks on Blockchain using weaknesses in its cryptographic primitives (design & implementation) Example, collision in hash, solution to increase the hash bit length! 31
Apply What You Have Learned Today First, have a better understanding of the Bitcoin Blockchain Technology, i.e., mastering the Satoshi while paper Bitcoin: A Peer-to-Peer Electronic Cash System. Then Conduct a survey of the Lightweight Cryptographic Primitive suitable for recourse constrained IoT devices. Finally, select three to five IoT applications, and review its security issues, and then assess the implication of deploying lightweight cryptosystem with Blockchain technology to secure these IoT applications. 32
Q & A Thank You 33