Distributed IoT Attestation via Blockchain (Extended Version)

The growing number and nature of Internet of Things (IoT) devices makes these resource-constrained appliances particularly vulnerable and increasingly impactful in their exploitation. Current estimates for the number of connected things commonly reach the tens of billions. The low-cost and limited computational strength of these devices can preclude security features. Additionally, economic forces and a lack of industry expertise in security often contribute to a rush to market with minimal consideration for security implications. It is essential that users of these emerging technologies, from consumers to IT professionals, be able to establish and retain trust in the multitude of diverse and pervasive compute devices that are ever more responsible for our critical infrastructure and personal information. Remote attestation is a well-known technique for building such trust between devices. In standard implementations, a potentially untrustworthy prover attests, using public key infrastructure, to a verifier about its configuration or properties of its current state. Attestation is often performed on an ad hoc basis with little concern for historicity. However, controls and sensors manufactured for the Industrial IoT (IIoT) may be expected to operate for decades. Even in the consumer market, so-called smart things can be expected to outlive their manufacturers. This longevity combined with limited software or firmware patching creates an ideal environment for long-lived zero-day vulnerabilities. Knowing both if a device is vulnerable and if so when it became vulnerable is a management nightmare as IoT deployments scale. For network connected machines, with access to sensitive information and real-world physical controls, maintaining some sense of a device\u27s lifecycle would be insightful. In this paper, we propose a novel attestation architecture, DAN: a distributed attestation network, utilizing blockchain to store and share device information. We present the design of this new attestation architecture, and describe a virtualized simulation, as well as a prototype system chosen to emulate an IoT deployment with a network of Raspberry Pi, Infineon TPMs, and a Hyperledger Fabric blockchain. We discuss the implications and potential challenges of such a network for various applications such as identity management, intrusion detection, forensic audits, and regulatory certification

Blockchain for secured IoT and D2D applications over 5G cellular networks : a thesis by publications presented in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer and Electronics Engineering, Massey University, Albany, New Zealand

Author's Declaration: "In accordance with Sensors, SpringerOpen, and IEEE’s copyright policy, this thesis contains the accepted and published version of each manuscript as the final version. Consequently, the content is identical to the published versions."The Internet of things (IoT) is in continuous development with ever-growing popularity. It brings significant benefits through enabling humans and the physical world to interact using various technologies from small sensors to cloud computing. IoT devices and networks are appealing targets of various cyber attacks and can be hampered by malicious intervening attackers if the IoT is not appropriately protected. However, IoT security and privacy remain a major challenge due to characteristics of the IoT, such as heterogeneity, scalability, nature of the data, and operation in open environments. Moreover, many existing cloud-based solutions for IoT security rely on central remote servers over vulnerable Internet connections. The decentralized and distributed nature of blockchain technology has attracted significant attention as a suitable solution to tackle the security and privacy concerns of the IoT and device-to-device (D2D) communication. This thesis explores the possible adoption of blockchain technology to address the security and privacy challenges of the IoT under the 5G cellular system. This thesis makes four novel contributions. First, a Multi-layer Blockchain Security (MBS) model is proposed to protect IoT networks while simplifying the implementation of blockchain technology. The concept of clustering is utilized to facilitate multi-layer architecture deployment and increase scalability. The K-unknown clusters are formed within the IoT network by applying a hybrid Evolutionary Computation Algorithm using Simulated Annealing (SA) and Genetic Algorithms (GA) to structure the overlay nodes. The open-source Hyperledger Fabric (HLF) Blockchain platform is deployed for the proposed model development. Base stations adopt a global blockchain approach to communicate with each other securely. The quantitative arguments demonstrate that the proposed clustering algorithm performs well when compared to the earlier reported methods. The proposed lightweight blockchain model is also better suited to balance network latency and throughput compared to a traditional global blockchain. Next, a model is proposed to integrate IoT systems and blockchain by implementing the permissioned blockchain Hyperledger Fabric. The security of the edge computing devices is provided by employing a local authentication process. A lightweight mutual authentication and authorization solution is proposed to ensure the security of tiny IoT devices within the ecosystem. In addition, the proposed model provides traceability for the data generated by the IoT devices. The performance of the proposed model is validated with practical implementation by measuring performance metrics such as transaction throughput and latency, resource consumption, and network use. The results indicate that the proposed platform with the HLF implementation is promising for the security of resource-constrained IoT devices and is scalable for deployment in various IoT scenarios. Despite the increasing development of blockchain platforms, there is still no comprehensive method for adopting blockchain technology on IoT systems due to the blockchain's limited capability to process substantial transaction requests from a massive number of IoT devices. The Fabric comprises various components such as smart contracts, peers, endorsers, validators, committers, and Orderers. A comprehensive empirical model is proposed that measures HLF's performance and identifies potential performance bottlenecks to better meet blockchain-based IoT applications' requirements. The implementation of HLF on distributed large-scale IoT systems is proposed. The performance of the HLF is evaluated in terms of throughput, latency, network sizes, scalability, and the number of peers serviceable by the platform. The experimental results demonstrate that the proposed framework can provide a detailed and real-time performance evaluation of blockchain systems for large-scale IoT applications. The diversity and the sheer increase in the number of connected IoT devices have brought significant concerns about storing and protecting the large IoT data volume. Dependencies of the centralized server solution impose significant trust issues and make it vulnerable to security risks. A layer-based distributed data storage design and implementation of a blockchain-enabled large-scale IoT system is proposed to mitigate these challenges by using the HLF platform for distributed ledger solutions. The need for a centralized server and third-party auditor is eliminated by leveraging HLF peers who perform transaction verification and records audits in a big data system with the help of blockchain technology. The HLF blockchain facilitates storing the lightweight verification tags on the blockchain ledger. In contrast, the actual metadata is stored in the off-chain big data system to reduce the communication overheads and enhance data integrity. Finally, experiments are conducted to evaluate the performance of the proposed scheme in terms of throughput, latency, communication, and computation costs. The results indicate the feasibility of the proposed solution to retrieve and store the provenance of large-scale IoT data within the big data ecosystem using the HLF blockchain

BLOCKGRID: A BLOCKCHAIN-MEDIATED CYBER-PHYSICAL INSTRUCTIONAL PLATFORM

Includes supplementary material, which may be found at https://calhoun.nps.edu/handle/10945/66767Blockchain technology has garnered significant attention for its disruptive potential in several domains of national security interest. For the United States government to meet the challenge of incorporating blockchain technology into its IT infrastructure and cyber warfare strategy, personnel must be educated about blockchain technology and its applications. This thesis presents both the design and prototype implementation for a blockchain-mediated cyber-physical system called a BlockGrid. The system consists of a cluster of microcomputers that form a simple smart grid controlled by smart contracts on a private blockchain. The microcomputers act as private blockchain nodes and are programmed to activate microcomputer-attached circuits in response to smart-contract transactions. LEDs are used as visible circuit elements that serve as indicators of the blockchain’s activity and allow demonstration of the technology to observers. Innovations in networking configuration and physical layout allow the prototype to be highly portable and pre-configured for use upon assembly. Implementation options allow the use of BlockGrid in a variety of instructional settings, thus increasing its potential benefit to educators.Civilian, CyberCorps: Scholarship for ServiceApproved for public release. distribution is unlimite

Performance analysis of blockchain-based smart grid with Ethereum and Hyperledger implementations

Abstract. Smart grids lay the foundation for future communities. Smart homes, smart buildings, smart streets, and smart offices are built when intelligent devices piles on intelligent devices. To reach the maximum capacity, they all must be supported by an intelligent power supply. For optimal and real-time electricity consumption, monitoring and trading, blockchain possess number of potential benefits in its application to electricity infrastructure. A comprehensive system architecture of blockchain-based smart grid is proposed and peer-to-peer (P2P) energy trading is implemented between Distribution System Operators (DSO), Local energy providers and Consumers. This thesis presents a virtual smart grid equipped with smart contracts capable of virtual activities like market payment function and the comparison and the performance of the blockchain-based smart grid by using Ethereum and Hyperledger Fabric-based implementations. The challenges faced during the implementation of blockchain protocols are discussed and evaluation in the light of finding sustainable solutions to develop secure and reliable smart grid operations, is the major objective of the thesis

Defense in Depth of Resource-Constrained Devices

The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime

Blockchain for economically sustainable wireless mesh networks

This is the peer reviewed version of the following article: Kabbinale, AR, Dimogerontakis, E, Selimi, M, et al. Blockchain for economically sustainable wireless mesh networks. Concurrency Computat Pract Exper. 2020; 32:e5349, which has been published in final form at https://doi.org/10.1002/cpe.5349. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Self-Archiving.Decentralization, in the form of mesh networking and blockchain, two promising technologies, is coming to the telecommunications industry. Mesh networking allows wider low-cost Internet access with infrastructures built from routers contributed by diverse owners, whereas blockchain enables transparency and accountability for investments, revenue, or other forms of economic compensations from sharing of network traffic, content, and services. Crowdsourcing network coverage, combined with crowdfunding costs, can create economically sustainable yet decentralized Internet access. This means that every participant can invest in resources and pay or be paid for usage to recover the costs of network devices and maintenance. While mesh networks and mesh routing protocols enable self-organized networks that expand organically, cryptocurrencies and smart contracts enable the economic coordination among network providers and consumers. We explore and evaluate two existing blockchain software stacks, Hyperledger Fabric (HLF) and Ethereum geth with Proof of Authority (PoA) intended as a local lightweight distributed ledger, deployed in a real city-wide production mesh network and in laboratory network. We quantify the performance and bottlenecks and identify the current limitations and opportunities for improvement to serve locally the needs of wireless mesh networks, without the privacy and economic cost of relying on public blockchains.This paper has been supported by the AmmbrTech Group, the Spanish Government TIN2016‐77836‐C2‐2‐R and the European Community H2020 Programme netCommons (H2020‐688768). The authors would like to thank the people from the Guifi.net (Guifi‐Sants) community network for hosting the servers and supporting the experiments.Peer ReviewedPostprint (author's final draft