Enhancing IoT security by Blockchain

By santoshchoudhary ·
Tags: Security
Enhancing IoT security by Blockchain

In the current IoT ecosystems all the devices are identified, authenticated and connected through cloud servers that sport huge processing and storage capacities. IoT solutions are expensive because of the high infrastructure and maintenance cost associated with centralized clouds. The sheer amount of communications that will have to be handled when IoT devices grow to the tens of billions will increase those costs substantially. Per IBM the number of connected devices is expecting to rise as high as 30 billion in the next three years
Many IoT platforms also include APIs that enterprise applications can use to extract data from the platform for their own purposes. Machine to machine (M2M) authentication works for newer IoT devices but does not include legacy devices, creating trust gaps between devices and gateways. New security concerns introduced by the exchange of data from ‘things’ include, data integrity, data authenticity and data confidentiality in IoT devices.
As the IoT creeps towards mass adoption, IT giants experiment and innovate with the technology to explore new opportunities and create new revenue streams. Over 95% of vulnerabilities residing in mobile application code are not easily exploitable. The most popular flaw in mobile applications within IoT is insecure data storage, authentication data on device, APIs and Web Services that allow to intercept sensitive data or to conduct MITM attacks. These vulnerabilities usually require another malicious application already installed on a device, and/or an attacker in the same network segment as the victim, and thus are hardly exploitable in the wild.
98% of web /mobile interfaces and administrative panels of various IoT devices has fundamental security problems. Among them, hardcoded and unmodifiable admin credentials, outdated software (e.g. certificates) without any means to update it ‘from the box’, lack of HTTP traffic encryption, various critical vulnerabilities in the interface, including RCE (Remote Command Execution) in the login interface directly. Manufacturers who build IoT objects still do not understand that cybersecurity of their products becomes even more vital than manufacturing quality standards, and puts their customers at enormous risk.

Existing security technologies will play a role in mitigating IoT risks but they are not enough. The goal is to get data securely to the right place, at the right time, in the right format. Here is a list

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Internet of things

by harryjosh84 In reply to Enhancing IoT security by ...

Whether you are just starting to evaluate an IoT strategy or you are looking to expand the ways you can use IoT data, download our Enhancing the Customer.

Can you explain why we have IoT security problems?

Collapse -


by J2B2 In reply to Internet of things

"Can you explain why we have IoT security problems?"

In a nutshell: IoT presents a huge attack surface. It's bad enough currently having millions of PCs running outdated software that can be exploited for things like DDoS attacks. Having billions of devices online in the same way represents an even greater threat if exploits are found and (for example) users fail to keep them up to date, manufacturers no longer support them, etc.

Here's some further reading:

Personally, I seriously doubt that IoT as it's currently envisaged will actually happen. The security issues are so profound, and blockchain ideas notwithstanding, nobody has come up with much of a solution.

Related Discussions

Related Forums