BLOCKCHAIN

TECHNOLOGY-
INFORMATION
ASSURANCE
Blockchain-IoT Integration

Akshaya Lakshminarasimhan
BL.BU.P2MBA19008
Table of Contents
What is Blockchain?.................................................................................................................2
How Blockchain Works?..........................................................................................................2
Privacy and Security.................................................................................................................2
Blockchain's Practical Application..........................................................................................2
Bank Use..........................................................................................................................................3
Healthcare Uses...............................................................................................................................3
Smart Contracts..............................................................................................................................3
Supply Chain...................................................................................................................................3
What Is the Internet of Things (IoT)?.....................................................................................3
History of IoT............................................................................................................................3
How the Internet of Things Works?.........................................................................................4
Benefits of the Internet of Things............................................................................................4
Security in IoT...........................................................................................................................4
Some Security Incidents in IoT:.....................................................................................................4
Introducing Blockchain in IoT................................................................................................5
Blockchain Benefits in IoT:............................................................................................................5
Blockchain Technology for IoT:.....................................................................................................5
(Ali Dorri)........................................................................................................................................5
Reference:.................................................................................................................................6

What is Blockchain?
The words “block” and “chain” here, it is about digital information (the “block”) stored in a
public database (the “chain”).
“Blocks” on the blockchain are the digital pieces of information. Specifically, they have three
parts:
 Blocks stores information about transactions like the date, time, and amount of the
most recent purchase.
 Blocks store information about who is participating in transactions.
 Blocks store information that distinguishes them from other blocks.

How Blockchain Works?

When a block stores new data it is added to the blockchain. In order for a block to be added
to the blockchain, however, four things must happen:
 A transaction must occur.
 That transaction must be verified. 
 That transaction must be stored in a block.
 That block must be given a hash.

Privacy and Security

 Each system connected in the blockchain network has its own copy of the blockchain,
although each copy of the blockchain is identical, keeping the same information
across the network makes it more difficult to manipulate.
 With blockchain, there isn’t a single, definitive account of events that can be
manipulated. Here, a hacker would need to manipulate every copy of the blockchain
on the network. This is being a "distributed" ledger
 First, new blocks are always stored linearly and are always added to the end of the
blockchain. Usually, after this it is very difficult to go back and alter the contents of
the block because as soon as they edit the transaction, the block’s hash will
technically change. In order to change a single block, then, a hacker would need to
change every single block after it on the blockchain.

Blockchain's Practical Application

Blocks on the blockchain store any data apart from making it about monetary transactions
This Opens up a whole new world of opportunities of storing data related to property
exchanges, in a supply chain, and sensitive information of votes for a candidate.

Bank Use

Blockchain in Banks,
 Transactions processed in little time, adding a block to the blockchain, at any time this
is an opportunity to exchange funds more quickly and securely.
  Stock Market, for example, the settlement and clearing process can take up to three
days, here the money is not growing or available for liquidity. This entire process can
change.

Healthcare Uses

Blockchain in Healthcare,
 Securely store the patients’ medical records.
 A medical record is generated and signed, it can be written into the blockchain,
builds Patients confidence about privacy.

Insurance Companies

 Fast Track Processing of Claims

 Fraud management involving any legal required applications

Smart Contracts

 Rental Agreements
 Automobile
 Real Estate
 Financial Services/Derivatives
 Legal Processes
 Loans

Supply Chain

 To record the origins of materials, verifying the authenticity of their products.

What Is the Internet of Things (IoT)?

IoT is a device with a sensor, from this data is retrieved and transferred through internet to
take an executive action mostly.

History of IoT
“Internet of Things” came from Kevin Ashton of Procter & Gamble, He in 1999 in an article
had used the words to describe the RFID tags which are used in supermarkets, or mainly in
making the supply chains more efficient. So, that is how the phrase came into existence.

How the Internet of Things Works?

These devices use Internet to communicate with one another. The idea is basically that the
Internet of things is to have devices that self-report in real-time data which improves its
efficiency and recording all the important information than depending on human intervention.
Benefits of the Internet of Things
The Internet of Things has wide scope of Market, like at Home Assistance, Pure medical,
Fitness and Health Monitoring and much more promising ideas which would transform a
wide range of fields.

In Pure Medical field, the more accurate data at correct timing obtained from continuous
monitoring helps the doctors make a better diagnosis and support them in giving a premium
healthcare treatments which improves the patients outcomes.

Security in IoT
IoT security is the need of the hour, it has become an important part of any device.
Vulnerability here, attracts the hackers in getting hands on the information. Also, with IoT
devices, the access to the homes and most important areas where information could stored are
exposed to social engineering attacks.

Some Security Incidents in IoT:

Stuxnet
 It was a type of highly sophisticated type of computer worm which was designed to
identify the specific machine used in the industry and manipulate it to the
requirement.
 Here, in this case it was nuclear industry, begins to look for centrifuges i.e, the
machines that are used to isolate isotopes of uranium. Stuxnet was sent to reprogram
the centrifuges to perform any varying cycles that result in the disintegrating the
machine
 This Stuxnet which was introduced was programmed with many layers of protection
for itself from being detected. It could not be detected on machine which running
certain type of a security program, it was also programmed with self-disable and self-
erasing features.
 It was widely believed that it was created to damage the Iranian nuclear program. 

Mirai

 This is a Specialized malware that is specifically created to exploit the IoT devices
security vulnerability. This malware works on the basis of using the common
usernames and passwords to gain access to IoT devices.
 Like For example, Internet cameras, monitors, which runs on the Linux platform may
have some default credentials such as a standard operating procedure “admin” and
“password,” . This allows the malware to get into easily accessing the system,
comfortably install itself, and triggers turning the device in a bot.
 This attack by Mirai botnet had occurred on October 21st, 2016, this attacked a
company “Dyn”, they provide domain name services to notably major companies that
core rely on this secured information as their including Netflix, GitHub, Twitter, and
Reddit.
 Major Lessons learnt from the Mirai botnet attack was How all the IoT devices with
security vulnerability can be integrated and abused for serious attacks.
Introducing Blockchain in IoT
IoT is bringing a lot of new opportunities and these provide an edge for most businesses in
current markets and in creation of new markets. It is a wholesome of data, the how the data is
processes, when an executive action is taken, and why is it basically collected in the first
place. These devices are deployed process data into a useful information without any human
intervention at many levels.

With so much data collected, stored and processed, the primary concern here is the security
for the data from the beginning through end of its processing. This involves in handling them
across many boundaries, policies and fundamentally their intent.

Blockchain Benefits in IoT:

 Building Trust between users and devices

 Reducing any vulnerability in the device with risk of tampering and misuse of the data
 Reducing costs by handling everything centrally without any intermediaries to handle
it.
 Fast tracking the data processing, Re-engineering the Business process building
productivity leading to customer satisfaction.

Blockchain Technology for IoT:

[ CITATION Ali \l 1033 ]

A Private immutable Ledger is created, that performs exactly like a blockchain. However it is
centrally managed to deal with optimization of energy consumption. This architecture will
use the trust that is distributed, primarily to significantly reduce the validation processing
time of each block entered.

Reference:
1. https://101blockchains.com/centralized-vs-decentralized-internet-networks/
2. https://www2.deloitte.com/us/en/insights/topics/understanding-blockchain-
potential/global-blockchain-survey-2019.html
3. https://www2.deloitte.com/us/en/insights/topics/understanding-blockchain-
potential/global-blockchain-survey.html?
id=us:2ps:3gl:consem21:eng:cons:061620:nonem:na:rDgvbReU:1192554124:442262
763111:b:Blockchain:Blockchain_Survey_2020_BMM:nb
4. https://hackernoon.com/centralization-vs-decentralization-the-best-and-worst-of-both-
worlds-7bfdd628ad09
5. https://consoltech.com/blog/blockchain-cybersecurity/
6. https://www.forbes.com/sites/andrewarnold/2019/01/30/4-promising-use-cases-of-
blockchain-in-cybersecurity/#48f466913ac3
 7. https://www.i-scoop.eu/internet-of-things-guide/blockchain-iot/#:~:text=IBM
%20Blockchain%2C%20for%20instance%2C%20already,in%20myriad%20possible
%20IoT%20applications.
8. https://datafloq.com/read/securing-internet-of-things-iot-with-blockchain/2228
9. https://www.investopedia.com/terms/i/internet-things.asp
10. https://www.investopedia.com/terms/b/blockchain.asp
11. Towards an optimized blockchain for IoT, Ali Dorri, Salil S. Kanhere, Raja Jurdak

 Develop three detailed scenarios (5 points each) for the future of the cyber security/ privacy
industry. Remember that you are in 2019. Please use your experience with any homeworks OR
lectures for at least one detailed scenario (more than one is allowed) (please specify).  

Importance of Privacy Industry:

Home Entertainment

 Usage of Home Assistance devices to build smart home, for example bringing in IoT
devices where it helps run the home handsfree.
 However, this Like For example, Internet cameras, monitors, IoT devices which runs
on the Linux platform may have some default credentials such as a standard operating
procedure “admin” and “password,” this is exposed to huge risk. Bringing in
Blockchain can help with the scenario.

Bank Use

Blockchain in Banks,
 Transactions processed in little time, adding a block to the blockchain, at any time this
is an opportunity to exchange funds more quickly and securely.
 Stock Market, for example, the settlement and clearing process can take up to three
days, here the money is not growing or available for liquidity. This entire process can
change.

Healthcare Uses

Blockchain in Healthcare,
 Securely store the patients’ medical records.
 A medical record is generated and signed, it can be written into the blockchain,
builds Patients confidence about privacy.
 In Pure Medical field, the more accurate data at correct timing obtained from
continuous monitoring helps the doctors make a better diagnosis and support them in
giving a premium healthcare treatments which improves the patients outcomes.

Insurance Companies

Block Chain in Insurance field,

 Fast Track Processing of Claims

  Prevents Identity Theft
 Fraud management involving any legal required applications

a) What impact is the Internet having on the way firms conduct business? Give details(choose
one case) b) What are the future implications with regard to risk? Answer these questions with
respect to your most favorite topic (touched upon in your readings/ lectures / etc.) (done in IA
class) Please be sure to choose different perspectives when deciding on your cases/topics (Cite
everything you are discussing.)

E-Commerce:

E-Commerce is bringing everything home delivered, connecting people all throughout the
world.

Security Risk:

 The Misuse of Technology in hacking the Customer Identity details, Payment details,
Majorly Involving in Social Engineering Attacks.
 Storage, distribution, portability and destruction of the customer data.
 Clean Desk Policy to avoid any data be vulnerable to expose it to the hackers.

Reputation Risk:

 Availability of Social Media, where the communication is seamless. Once such

mistake can cause the reputation of the company to stoop to a very low level.
 Exposes company to adhere to strict data privacy laws.
 Exposes company to huge legal liabilities, where any small incident can cost the
company money and its Reputation.
Corporate Governance:
 With running the entire operations through, the company’s governance structure
changes where the information flow
 Here, the governance of information security is a strategic planning responsibility
whose importance has grown in recent years.
 To bring in secure environment in handling information assets, management must
integrate information security practices in the built of the organization.
 Bring in the awareness of what can happen in case of data loss or any threat incident
occurring.

Discuss issues in cyber-security from the context of the government and/or some specific
industry. Focus on three important issues (e.g. – legal, law enforcement, policy, etc). At least
One of them MUST cover the Telecommunications and Network Security domain (Lecture 8)
(Be happy )  

Each of you has been exposed to some emergency management scenario. (Recall your
Homework.) Briefly describe (a)how you would handle the specific emergency management
situation if you were the Chief Security Officer of your firm in the year 2020. (b)possible future
directions (include your wish list) for handling the scenario in 2023.
 Emergency Situation such as any disaster hitting or situations like COVID-19 where the
operations are disrupt on and off without any foreseeable future of resuming the services.

 First of all, breakdown all the work structures and bring in the project initiation phase.
 Here, take the top down approach in project planning and staffing details.
 Build Infrastructure that is centralized and accessible from anywhere.
 Constantly Test, Troubleshooting and Maintain the system ensuring a smooth flow.
 Put up a Strategic Plan in place to assure the continuous availability of systems ready
to use in event of an attack
 Identify critical business functions
 Have a Business continuity plan by setting up shop for the critical business functions
to operate without any disruptions
Future Directions:

 Build a Business Model that with a foreseeable fail proof system that doesn’t stop in
case of any disaster.
 Operate a Business Continuity plan in normal days to refine the process and re-
engineer it continuously.
 Don’t put all the eggs in one basket, have decentralized systems to bring in line
whenever something fails.
 Introduce Blockchain technology for the security of data.
 Continuously motivate the staff to work virtually.
 Have a Continuous monitoring system in place for both systems and staff, with
improvements happening in parallel.

2.1 How did Advo mitigate or overcome security issues with respect to 3rd party vendors?

2.2  What are the advantages of having an integrated security management system that combines
physical + IT security?

5.1 What are the critical infrastructures? List the

U.S. critical infrastructure sections and provide
examples of each.  Which do you think is most
critical and why?
5.2 What kind of remedial action will ASSERT
provide to the federal clients where a federal
agency gets a lower grade in the evaluation?
What other products/ services does SRA have
that are targeted at federal agencies?

6.1. What are the challenges a forensic investigator faces in obtaining information from mobile
devices? 
6.2. What is FBI’s scope of investigation and how would it handle situations where the perpetrators
are not in the US?

7.1 How did a small group of 5 people in ISPP

accomplish the design, development and
implementation of the InfoSec exam for more than
27,000 Aetna employees? Give details.
7.2. Why (and how) do you think Aetna’s
information security policies are unique?

7.2:

 The security awareness program that AETNA implemented is cost effective and is
focused on realistic goals.
 AETNA set up the Information Security Policy and Practices (ISPP) group.
 ISPP - implement security awareness program.
 The reason for the success of AETNA was them understanding the importance of
security system awareness.

7.1
 One of the main contributing factors to the success of company’s employee security
awareness program is high placement of ISPP group within the organisation.
 Information System of Awareness Program is managed by ISPP, which is headed by 5
employees.
 Infosec Exam provides security training and testing to all users annually.
 A systematic approach towards designing exams is one of the key elements of Aetna’s
security awareness program.
 Exams were divided into independent and interactive modules.
 In addition to exam redesigning, Role based exams were introduced.
 It takes approximately 6 months to design and develop the exam.
 As per the Council of state planning agencies Defines infrastructure as constitute of
public buildings wide set of public facilities as well as equipment that are required in
order to provide various social services as well as support to the many economic
activities that take place in the private sector of the economy
 Facilities includes ( Roads , Bridges, water and sewer system, Ports, Airports,
Buildings, School, Jails, Health facilities, Electric Power System, waste disposal,
Communication Equipment,