IoT Security

Blockchain in IoT
Mridul Sankar Barik

Jadavpur University

2024-25
Introduction

▶ Blockchain technology
▶ Originally developed for cryptocurrencies, e.g., Bitcoin
▶ Offers a distributed ledger that can be used to securely and openly store
data and transactions.
▶ Uses consensus mechanisms that make certain that all network nodes
agree on the legitimacy of transactions
▶ Enables the use of smart contracts
▶ Increasing trend in the use of blockchain for various applications based on
the IoT to ensure the security, privacy, trust, and traceability of the IoT
data
Blockchain Types

▶ Permissionless Blockchain:
▶ There is no entity/mechanism in to manage the identity of participating
nodes
▶ Completely open and decentralized
▶ Anyone can participate or exit the permissionless blockchain at any time
▶ Anyone can read the transactions on the blockchain or broadcast
transactions to be appended to the blockchain
▶ Always need incentive mechanisms, such as mining rewards, to keep the
system in operation
▶ Permissioned Blockchain:
▶ There is an entity or a mechanism that manages the identities and
permissions of participating nodes
▶ Only authorized nodes can append transactions to the blockchain or read
the transactions on the blockchain according to permission policy
▶ Malicious behavior can be penalized
▶ Incentives are not necessary
Blockchain Application

Tracking Vehicle Ownership without Blockchain Tracking Vehicle Ownership without Blockchain
Figure Source: [Gupta, 2018] Figure Source: [Gupta, 2018]
Blockchain Structure

Generic Chain of Blocks

Figure Source: [Yaga et al., 2018]

A block header typically contains the following:

▶ The block number, also known as block height in some blockchain networks
▶ The previous block header’s hash value
▶ A hash representation of the block data (Merkle tree root hash, or hash of all
the combined block data)
▶ A timestamp
▶ Size of the block
▶ A nonce value: For blockchain networks which utilize mining, this is a number
that is manipulated by the publishing node to solve the hash puzzle.
Blockchain Structure

Generic Chain of Blocks

Figure Source: [Yaga et al., 2018]

Block data typically contains the following:

▶ A list of transactions and ledger events included within the block
▶ Other data may be present
Hash Pointers and Merkle Tree

Hash Pointer
Figure Source:
[Arvind Narayanan, 2016]
Merkle Tree
Figure Source: [Arvind Narayanan, 2016]
▶ A hash pointer is a
pointer to where data is
stored together with a ▶ Data blocks comprise the leaves
cryptographic hash of the
value of that data at ▶ Group data blocks into pairs of two
some fixed point in time ▶ For each pair build a data structure that has two hash pointers
▶ These data structures make the next level up of the tree
▶ Continue doing this until a single block (the root) is reached
▶ Proof of membership of a datablock in O(log n) time
Types of Participants in a Blockchain Network

▶ Users (Clients)
▶ Role: Initiate transactions (e.g., sending cryptocurrency, executing smart
contracts).
▶ Characteristics:
▶ Do not maintain the blockchain.
▶ Use wallets or apps to interact with the network.
▶ Example: A person sending Bitcoin using a mobile wallet.
▶ Nodes: These are devices that connect to the blockchain and help
maintain its operation. There are various types of nodes:
▶ Full Nodes
▶ Store the complete blockchain.
▶ Validate blocks and transactions independently.

▶ Lightweight Nodes
▶ Store only block headers.
▶ Rely on full nodes for data.

▶ Validator Nodes
▶ Validate and attest to new blocks (in PoS systems).

▶ Miner Nodes
▶ Solve cryptographic puzzles to add new blocks (in PoW systems).
Consensus Protocols

▶ Blockchains are decentralized and lack a central authority

▶ Consensus protocols ensure that all nodes in the network
maintain a consistent and tamper-resistant copy of the ledger,
even in the presence of faulty or malicious participants
▶ Proof-based Consensus Protocols:
▶ Nodes provide proof of leadership to append a new block to
the blockchain
▶ Committee-based Consensus Protocols:
▶ Nodes vote to decide the next block to be appended to the
blockchain
Consensus Protocols (1)
▶ Proof of Work:

▶ A user publishes the next block by being the first to solve a computationally
intensive puzzle
▶ Solving the puzzle is difficult but checking that a solution is valid is easy
▶ Example puzzle: Hash digest of a block header is less than a target value
▶ Publishing nodes make many small changes to their block header (e.g., changing the nonce) trying
to find a hash digest that meets the requirement
▶ Publishing node send their block with a valid nonce to full nodes which after
verification add the block to their copy of the blockchain and resend the block
to their peer nodes
Consensus Protocols (2)

▶ Proof of Stake: the more stake a user has invested into the system, the
more likely they will want the system to succeed, and the less likely they
will want to subvert it
▶ Random Selection of Staked Users: Looks at all users with stake and
choose amongst them based on the ratio of their stake to the overall stake
▶ Multi-round Voting: Selects several staked users who casts vote in several
rounds for a proposed block
▶ Coin Aging Systems: After a certain period of time, the owner of a
staked cryptocurrency is selected to publish the next block. The age of
the staked cryptocurrency is reset and cannot be used again until after
the required time has passed.
▶ Delegate Systems: Users vote for nodes to become publishing nodes.
The larger the stake, the more weight the user’s vote has.
▶ Round Robin:
▶ Nodes take turns in creating blocks
▶ Used by permissioned blockchain networks
▶ In permissionless networks malicious nodes could continuously add
additional nodes to increase their chances of publishing new blocks
Other Consensus Protocols (3)

▶ Proof of Authority/Proof of Identity:

▶ Relies on the partial trust of publishing nodes through their known link to
real world identities.
▶ Only applies to permissioned blockchain networks.
▶ Proof of Elapsed Time:
▶ Each publishing node requests a wait time from a secure hardware time
source and become idle for that duration
▶ Once a publishing node wakes up from the idle state, it creates and
publishes a block to the blockchain network, alerting the other nodes of
the new block.
▶ Any publishing node that is still idle will stop waiting.
Consensus Protocols for IoT

▶ It is critical to select an appropriate consensus protocol for the

resource-constrained IoT devices as they significantly impact power consumption
and network throughput
▶ Parameters for validation of consensus protocols
▶ Throughput: The number of transactions that a blockchain network can validate in a specific time
interval is the “Throughput” for the protocol. It is measured in Transactions/second.
▶ Storage overhead: The additional space (disk/data) required to maintain the blockchain ledger
incurs storage overhead.
▶ Transaction latency: The time taken to confirm a transaction is the protocol latency measured in
seconds.
▶ Energy consumption: Normally measured in Joules/transaction, the energy consumption is
calculated by measuring the amount of electric power required to perform mining and to operate
the blockchain network.
▶ Robustness to attacks: The blockchain system can be prone to attacks such as 51% attacks, Sybil
attacks, double-spending attacks. The presence of faulty and malicious nodes (that can cause
system failures) can also make the network vulnerable to cyber attacks. The choice of blockchain
used (permissionless/permissioned) and the ability of the protocol to handle the malicious nodes
determine the reliability and robustness of the consensus mechanism in use.

▶ The term “lightweight consensus” refers to optimized communication and

processing overhead incurred in arriving at a consensus
▶ PoS, DPoS have been found to be lightweight
Smart Contracts

▶ Defined by Nick Szabo in 1994 as “a computerized transaction protocol

that executes the terms of a contract”.
▶ In blockchain, a smart contract is a collection of code and data
(sometimes referred to as functions and states) that is implemented using
cryptographically signed transactions on the blockchain network
▶ Example: Ethereum smart contracts, Hyperledger Fabric chaincode
▶ The code, being on the blockchain, is also tamper resistant and therefore
can be used (among other purposes) as a trusted third party.
▶ Smart contracts must be deterministic, in that given an input they will
always produce the same output
▶ Publishing nodes execute the smart contract code simultaneously when
publishing new blocks
Security Threats to Blockchain Technology

▶ 51% attack: This attack can be launched if a single entity or some small
group of network miners control the bulk of hashing or processing power.
The current state of the blockchain can then be altered by maliciously
adding or removing transactions. 51% attacks are typically linked with
public blockchains such as Bitcoin or Ethereum. Private blockchains with
their centralized governance, permissioned access, and different
incentives, making it one of their advantages over public blockchains.
▶ Sybil Attack: An attacker generates numerous false identities in the
network to take over the consensus mechanism.
▶ Smart Contract Vulnerabilities: Smart contracts execute transactions
on a blockchain network. If there are some vulnerabilities in a smart
contract, then intruders can use them to maliciously change the state of a
blockchain network.
▶ Private key management: Entities use private keys to initiate
transactions and get access to the blockchain network. If an entity’s
private key is stolen by an intruder, it can be used to execute a malicious
transaction on a blockchain network.
Application of Blockchain in IoT: Smart Home

▶ For safe and secure communication and sharing of data between smart
home devices
▶ Decentralized Energy Trading: Nowadays many smart homes generate
electricity using solar panels. Blockchain and IoT can be used to
automate the trading of surplus energy without human intervention.
▶ Smart Locks: Blockchain based decentralized authentication mechanisms
can be used to control access to smart homes. For instance, homeowners
can remotely control access to their homes by using smart locks
configured with blockchain based digital identities.
▶ Smart Appliances: Blockchain reduces human intervention by making
smart home appliances like washing machines and refrigerators self-order
their maintenance and even make the payment for it.
▶ Home Insurance: Blockchain can further be used in automating home
insurance policies and risk assessment by using data from smart home
devices.
▶ Automated Billing and Payments: Blockchain can further automate
smart home energy consumption and maintenance bill payments through
an automated execution of smart contracts.
Application of Blockchain in IoT: Supply Chain
Management

▶ Delivery, tracking and management of goods and services from the

manufacturer to the final customer
▶ Stakeholders involved: manufacturers, suppliers, distributors, retailers,
and customers
▶ Blockchain provides increased trust by offering an immutable and
tamper-proof ledger that tracks the flow of goods at each stage of the
SCM with the help of IoT sensors
Application of Blockchain in IoT: Smart Agriculture
▶ Smart Contracts for Automation:
▶ To automate payments, insurance claims, or subsidies based on IoT data
triggers
▶ Example:
▶ If soil moisture drops below a threshold, a smart contract can automatically trigger
irrigation or notify farmers.
▶ If a harvest meets quality standards, automatic payments can be released to the supplier.

▶ Supply Chain Transparency and Traceability:

▶ IoT devices (like GPS trackers, RFID, and sensors) collect data at every
stage—planting, harvesting, storage, transport.
▶ Blockchain stores this data immutably, creating a tamper-proof history of
the food product.
▶ Benefits:
▶ Consumers can verify product origin and journey.
▶ Reduces food fraud and counterfeit products.
▶ Enables quicker recalls in case of contamination.

▶ Preventing Food Waste:

▶ Track perishable goods in real-time.
▶ Identify bottlenecks or delays in transportation.
▶ Enable dynamic pricing based on shelf life or condition data.
▶ Peer-to-Peer Marketplaces:
▶ Farmers can connect directly with buyers using decentralized marketplaces
powered by blockchain.
▶ IoT verifies product quality and availability in real-time.
▶ Smart contracts manage trustless transactions and reduce middlemen.
IoT and Blockchain Integration: Benefits (1)

▶ Decentralization and Scalability:

▶ Shift from a centralized architecture to a P2P distributed one will remove
central points of failures and bottlenecks
▶ Prevent scenarios where a few powerful companies control the processing
and storage of the information of a huge number of people
▶ Improves fault tolerance and system scalability
▶ Identity:
▶ System participants are able to identify every single device
▶ Data provided and fed into the system is immutable and uniquely
identifies actual data that was provided by a device
▶ Blockchain can provide trusted distributed authentication and
authorization of devices for IoT applications
▶ Autonomy:
▶ With blockchain, devices are capable of interacting with each other
without the involvement of any servers.
▶ IoT applications could benefit from this functionality to provide
device-agnostic and decoupled-applications.
IoT and Blockchain Integration: Benefits (2)

▶ Reliability:
▶ Participants of the system are capable of verifying the authenticity of the
data and have the certainty that they have not been tampered with.
▶ Enables sensor data traceability and accountability.
▶ Security:
▶ Blockchain can treat device message exchanges as transactions, validated
by smart contracts, in this way securing communications between devices
▶ Market of Services:
▶ Blockchain can accelerate the creation of an IoT ecosystem of services
and data marketplaces, where transactions between peers are possible
without authorities.
▶ Secure Code-Deployment:
▶ Using blockchain secure-immutable storage, code can be safely and
securely pushed into devices.
IoT and Blockchain Integration: Challenges

▶ Scalability:
▶ Huge amount of data generated in real time by IoT devices and sensors
▶ To process and commit a large number of transactions to the ledger in a
given time
▶ Computation and network overhead of blockchain consensus mechanisms
▶ Energy Consumption:
▶ IoT devices have limited energy and processing capabilities
▶ Consensus algorithms like Proof-of-Work are energy inefficient
▶ Regulatory Compliance:
▶ HIPPA for health, PCI DSS for finance, GDPR for data privacy
▶ Data Security:
▶ Integration of blockchain and IoT needs to be carefully managed against
existing and new emerging security risks and vulnerabilities
▶ Cost
▶ Requirements for hardware, software, and maintenance in blockchain
technology can be costly
Source: [Khan et al., 2024]
References I
Arvind Narayanan, Joseph Bonneau, E. F. A. M. S. G. (2016).
Bitcoin and Cryptocurrency Technologies.
Princeton University Press.
Gupta, M. (2018).
Blockchain For Dummies, 2nd IBM Limited Edition.
John Wiley & Sons, Inc., 111 River St., Hoboken, NJ 07030-5774.
Khan, I., Majib, Y., Ullah, R., and Rana, O. (2024).
Blockchain applications for internet of things — a survey.
Internet of Things, 27:101254.
Yaga, D., Mell, P., Roby, N., and Scarfone, K. (2018).
Blockchain technology overview.
Technical report, National Institute of Standards and Technology, Gaithersburg,
MD.