www.data61.csiro.au
BlockchainforInternetofThingsSecurityandPrivacyProfRajaJurdakSeniorPrincipalResearchScientistResearchGroupLeader,DistributedSensingSystems
DistributedSensingSystemsGroup
• 45researchers,postdocs,engineers,andstudents
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak3 |
IoT security and privacy is challenging
4 |
• Heterogeneity in device resources• Multiple attack surfaces• Centralization• Scale • Context specific risks• Poor implementation of
security/privacy mechanisms in off-the-shelf products
IoT Privacy and Security Challenges
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
5 |
• Heterogeneity in device resources• Multiple attack surfaces• Centralization• Scale • Context specific risks• Poor implementation of
security/privacy mechanisms in off-the-shelf products
IoT Privacy and Security Challenges
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
a possible solution
Blockchain Features
6 |
• A distributed immutable time-stamped ledger
• Creates a secure network over untrusted users
• Changeable PKs as users identity introduce high level
privacy
• Demands for solving a puzzle to append blocks to the
BlockChain (mining)
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
Blockchain challenges in IoT
7 |
BlockChain IoT Resource Consuming Mostly devices are resource restrictedBlock mining is time consuming Demands low latencyBlockChain scale poorly with large networks
IoT is expected to contain a large number of nodes
BlockChain has high bandwidth consumption
IoT devices have limited bandwidth and resources
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
Blockchain for IoT
8 |
• Hierarchical structure: resource optimization, scalability
• Limited nodes process BlockChain: processing overhead
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
Dorri,Kanhere,Jurdak, IOTDI,2017
Blockchain for IoT Features
9 |
Data and transactions flow separation: decrease
delay, resource optimization
Reduce processing: Distributed trust between CHs
Two tiers of BlockChain: linked for further
applications
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
Smart Home Transactions
10 |
LBM
Local Immutable Ledger
Indirectly accessible
IoT devices: security,
resource optimization
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
Dorri,Kanhere,Jurdak, Percom,2017
Transactions handling
11 |
CHs
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
12 |
CHs
Transactions handling
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
Comparison with Classical Blockchain
13 |
Our BlockChain Vs Bitcoin BlockChain
Feature BitcoinBlockChain Immutable Ledger PublicBlockChain
Mining requirement POW None None
Forking Notallowed Allowed Allowed
Doublespending Not acceptable Not applicable Notapplicable
Encryption Asymmetric Symmetric Asymmetric
BlockChain visibility Public Private Public
Transactiondissemination
Broadcast Unicast Unicast/Multicast
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
Security and privacy analysis
14 |
Accessibility threats
• DDOS attack
– Devices are not directly
accessible
– Home manager controls all
incoming and outgoing
transactions
– Keylists on CHs
– Target threshold of received
transactions
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
Security and privacy analysis
15 |
Accessibility threats
Appending attack Dropping attack
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
Security and privacy analysis
16 |
Anonymity threats
• Linking attack
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
Performance evaluation
17 | BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
We conduct simulation using NS3 to study the trust method
50 nodes in which 13 are CHs
0
10
20
30
40
50
60
70
80
90
100
0
0.05
0.1
0.15
0.2
0.25
1 10 20 30 40 50 60
Perc
enta
ge o
f tra
nsac
tions
to b
e ve
rifie
d
Proc
essi
ng ti
me (
s)
Blocks in the overlay BC
Without trust Our method Trust
OtherIoTApplications
18 |
- Futureconnectedandautonomous vehicles- Smartgrids- …
6
As shown in Fig.2, these roles are SW providers, OEMs, cloud storages (CS), and vehicular interfaces (VI) representing either smart connected vehicles or local SW update providers such as service centers or vehicle assembly lines.
OEMCloudStorageServiceCenter
SW Provider
VehicleInter-ClusterIntra-Cluster
Overlay
Fig. 2. The proposed BC-based architecture to securely interconnect all involved parties. The cloud storage is essential for our architecture as it serves as a repository for
storing new SW images sent by the SW provider or the OEM, and furthermore handles the data download to the VIs. In our architecture, the cloud storage pro-vides a sophisticated authentication mechanism to ensure that only authorized en-tities can write, adapt and download a specific SW image.
All aforementioned entities are interconnected using the overlay network. This clustered network allows unicast as well as broadcast data streams and is able to provide suitable message flows for all different data exchanges involved in the SW distribution process. As described in Section 2.2, the overlay network basical-ly interconnects different (e.g., geographical) clusters encompassing one CH and numerous CMs. Thereby, a CH acts as gateway for messages sent from a CM of a specific cluster (e.g., CM1 in cluster A) to CM or CH of another cluster (e.g., CM2 in cluster B). In our architecture, a CM and a CH can occupy specific roles such as acting as OEM, CS, or VI. However, as a CH besides its dedicated role al-so has to maintain its local BC, it is very unlikely that a vehicle would act as a CH due to its resource constraints and the fact that a vehicle is mobile and therefore not able to be connected to the overlay at all times. Our architecture uses two types of messages: i) transactions and ii) blocks for implementing OTA updates.
Transactions are used to initialize the BC system (genesis transaction) and to handle the SW distribution process (update transaction). The latter is required to inform the OEM (i.e., when sent by the SWP) as well as the concerned VIs (i.e., when sent by the OEM) about newly available SW. Update transactions thus play a vital role in our architecture as they contain required information for both the OEMs and the VIs: it contains the identities of the SW provider as well as of the OEM (i.e., their PKs and signatures), the transaction ID (i.e., hash representation of the transaction), the ID of the previously created transaction (the genesis trans-action for the very first update transaction), and the metadata field. The metadata
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
M. Steger, A. Dorri, S. Kanhere, K. Romer, R. Jurdak, and M. Karner, “BlockChains securing Wireless Automotive Software Updates – A proof of concept,” To appear in Proceedings of the 21st International Forum on Advanced Microsystems for Automotive Applications (AMAA 2017), Berlin Germany, September 2017.
• BlockchainarchitectureforIoTsecurityandprivacy• Maintainsblockchainbenefitswithlightweightdesign• Usesdistributedtrusttoreduceblockvalidationload• BroadlyapplicabletootherIoTapplications
• Futurework• Implementandevaluatearchitectureempirically• Methodsforfurtherscalabilityacrossnetworksizeandduration
Summary
19 | BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
www.data61.csiro.au
RajaJurdak,PhDSeniorPrincipalResearchScientist&ResearchGroupLeader,DistributedSensingSystemsCyberphysicalSystemsProgramt +61733274355e [email protected] http://research.csiro.au/dss
Thankyou
References
21 |
[1]: Nakamoto, Satoshi. "Bitcoin: A peer-to-peer electronic cash system." (2008): 28.[2]: Wood, Gavin. "Ethereum: A secure decentralised generalised transaction ledger." Ethereum Project
Yellow Paper 151 (2014).[3]: Brambilla, Giacomo, Michele Amoretti, and Francesco Zanichelli. "Using Block Chain for Peer-to-
Peer Proof-of-Location." arXiv preprint arXiv:1607.00174 (2016).[4]: Hashemi, Sayed Hadi, et al. "World of Empowered IoT Users." 2016 IEEE First International
Conference on Internet-of-Things Design and Implementation (IoTDI). IEEE, 2016.Our other publications
[1]: Ali Dorri, Salil S. Kanhere, and Raja Jurdak. “Towards an Optimized BlockChain for IoT”, Second IEEE/ACMInternational Conference on Internet-of-Things Design and Implementation (IoTDI) 2017 (to be presented inApril 2017)
[2]: Ali Dorri, Salil S. Kanhere, Raja Jurdak, and Praveen Gauravaram. “Blockchain for IoT Security and Privacy: The Case Study of a Smart Home”, The 2nd IEEE Percom workshop on security privacy and trust in the Internet of things, 2017.
[3] Ali Dorri, Marco Steger, Salil S. Kanhere, and Raja Jurdak (2017). BlockChain: A distributed solution to automotive security and privacy. arXiv preprint arXiv:1704.00073.
BlockchainforInternetofThingsSecurityandPrivacy|RajaJurdak
Top Related