A Blockchain Definition to Clarify its Role for the Internet of Things

The term blockchain is used for disparate projects, ranging from cryptocurrencies to applications for the Internet of Things (IoT). The concept of blockchain appears therefore blurred, as the same technology cannot empower applications with extremely different requirements, levels of security and performance. This position paper elaborates on the theory of distributed systems to advance a clear definition of blockchain allowing us to clarify its possible role in the IoT. The definition binds together three elements that, as a whole, delineate those unique features that distinguish the blockchain from other distributed ledger technologies: immutability, transparency and anonymity. We note that immutability - which is imperative for securing blockchains - imposes remarkable resource consumption. Moreover, while transparency demands no confidentiality, anonymity enhances privacy but prevents user identification. As such, we raise the concern that these blockchain features clash with the requirements of most IoT applications where devices are power-constrained, data needs to be kept confidential, and users to be clearly identifiable. We consequently downplay the role of the blockchain for the IoT: this can act as a ledger external to the IoT architecture, invoked as seldom as possible and only to record the aggregate results of myriads of local (IoT) transactions that are most of the time performed off-chain to meet performance and scalability requirements

The Applications of Blockchain To Cybersecurity

A blockchain is a decentralized public ledger facilitating secure transactions between untrusted network nodes. It has garnered significant recognition for its pivotal role in cryptocurrency systems, where it ensures secure and decentralized transaction records. Over the past decade, blockchain has attracted considerable attention from various industries, as it holds the potential to revolutionize multiple sectors, including cybersecurity. However, this field of study is relatively new, and numerous questions remain unanswered regarding the effectiveness of blockchain in cybersecurity. This research adopted a qualitative research design to investigate the current implementations of blockchain-based security and their applicability in the current cybersecurity context. Additionally, this work explored the mechanisms employed by blockchain to uphold the security triad. Findings indicate that blockchain exhibits substantial potential in addressing existing challenges in cybersecurity, particularly those related to the Internet of Things, data integrity and ownership, and network security. Nonetheless, widespread adoption faces limitations due to technological immaturity, high-cost complexity, and regulatory hurdles. Therefore, utilizing blockchain-based solutions in cybersecurity necessitates a thorough analysis of their applicability to an organization\u27s specific needs, a clear definition of implementation goals, and careful navigation of challenges

Detecting Blockchain Security Threats

In many organizations, permissioned blockchain networks are currently transitioning from a proof-of-concept stage to production use. A crucial part of this transition is ensuring awareness of potential threats to network operations. Due to the plethora of software components involved in distributed ledgers, threats may be difficult or impossible to detect without a structured monitoring approach. To this end, we conduct a survey of attacks on permissioned blockchains and develop a set of threat indicators. To gather these indicators, a data processing pipeline is proposed to aggregate log information from relevant blockchain components, enriched with data from external sources. To evaluate the feasibility of monitoring current blockchain frameworks, we determine relevant data sources in Hyperledger Fabric. Our results show that the required data is mostly available, but also highlight significant improvement potential with regard to threat intelligence, chaincode scanners and built-in metrics

Architecting a Blockchain-Based Framework for the Internet of Things

Traditionally, Internet-of-Things (IoT) solutions are based on centralized infrastructures, which necessitate high-end servers for handling and transferring data. Centralized solutions incur high costs associated to maintaining centralized servers, and do not provide built-in guarantees against security threats and trust issues. Therefore, it is an essential research problem to mitigate the aforementioned problems by developing new methods for IoT decentralisation. In recent years, blockchain technology, the underlying technology of Bitcoin, has attracted research interest as the potential missing link towards building a truly decentralized, trustless and secure environment for the IoT. Nevertheless, employing blockchain in the IoT has significant issues and challenges, related to scalability since all transactions logged in a blockchain undergo a decentralized consensus process. This thesis presents the design and implementation of a blockchain-based decentralized IoT framework that can leverage the inherent security characteristics of blockchains, while addressing the challenges associated with developing such a framework. This decentralized IoT framework aims to employ blockchains in combination with other peer-to-peer mechanisms to provide: access control; secure IoT data transfer; peer-to-peer data-sharing business models; and secure end-to-end IoT communications, without depending upon a centralized intermediary for authentication or data handling. This framework uses a multi-tiered blockchain architecture with a control-plane/data-plane split, in that the bulk data is transferred through peer-to-peer data transfer mechanisms, and blockchains are used to enforce terms and conditions and store relevant timestamped metadata. Implementations of the blockchain-based framework have been presented in a multitude of use-cases, to observe the framework's viability and adaptability in real-world scenarios. These scenarios involved traceability in supply chains, IoT data monetization and security in end-to-end communications.With all the potential applications of the blockchain-based framework within the IoT, this thesis takes a step towards the goal of a truly decentralized IoT

A decision-making model to guide securing blockchain deployments

Satoshi Nakamoto, the pseudo-identity accredit with the paper that sparked the implementation of Bitcoin, is famously quoted as remarking, electronically of course, that “If you don’t believe it or don’t get it, I don’t have time to try and convince you, sorry” (Tsapis, 2019, p. 1). What is noticeable, 12 years after the famed Satoshi paper that initiated Bitcoin (Nakamoto, 2008), is that blockchain at the very least has staying power and potentially wide application. A lesser known figure Marc Kenisberg, founder of Bitcoin Chaser which is one of the many companies formed around the Bitcoin ecosystem, summarised it well saying “…Blockchain is the tech - Bitcoin is merely the first mainstream manifestation of its potential” (Tsapis, 2019, p. 1). With blockchain still trying to reach its potential and still maturing on its way towards a mainstream technology the main question that arises for security professionals is how do I ensure we do it securely? This research seeks to address that question by proposing a decision-making model that can be used by a security professional to guide them through ensuring appropriate security for blockchain deployments. This research is certainly not the first attempt at discussing the security of the blockchain and will not be the last, as the technology around blockchain and distributed ledger technology is still rapidly evolving. What this research does try to achieve is not to delve into extremely specific areas of blockchain security, or get bogged down in technical details, but to provide a reference framework that aims to cover all the major areas to be considered. The approach followed was to review the literature regarding blockchain and to identify the main security areas to be addressed. It then proposes a decision-making model and tests the model against a fictitious but relevant real-world example. It concludes with learnings from this research. The reader can be the judge, but the model aims to be a practical valuable resource to be used by any security professional, to navigate the security aspects logically and understandably when being involved in a blockchain deployment. In contrast to the Satoshi quote, this research tries to convince the reader and assist him/her in understanding the security choices related to every blockchain deployment.Thesis (MSc) -- Faculty of Science, Computer Science, 202