Professional Documents
Culture Documents
Abstract—The growth of technology has brought upon a slew The vulnerabilities in the IoT stem mostly from the het-
of devices that have the ability to connect to the internet. This has erogeneous nature of devices that communicate. Devices on
led to much more opportunistic and easier ways to perform tasks the IoT have multiple different functions and the amount of
but it also opens the doors for new attacks. Blockchaining is a
new technology that was introduced with the creation of Bitcoin computing power that each device has varies. This makes it
in 2008. Blockchaining has mostly been implemented in the field tough to find a common security protocol that could be applied
of cryptocurrency but there are many other useful applications to all devices. Blockchaining could solve the problems with
of blockchaining. It allows for a decentralized ledger of data that securing IoT devices.
can securely keep a network honest and prevent from possible IoT is a growing industry for people all around the world.
attacks. Blockchains are based on a consensus algorithm and the
proof of stake algorithm bases consensus between nodes based The increase of smart devices and appliances has led to a
on the stake that the nodes have in the system. dramatic increase in connected devices, as shown in Fig 1. IoT
Index Terms—Internet of Things, Blockchain, Proof of Stake, has amazing potential to bring a slew of devices together and
Network Security, Consensus Algorithm, 50% Attack, Nothing allow them to communicate. All of these devices are linked in
at Stake Attack some way through the internet. The problem is that each device
could have several differences that make security protocols
I. I NTRODUCTION hard to develop for IoT and therefore there are many exploits
that exist.
Since 2012, the number of connected devices to the internet Our proposal is to use blockchains to secure the IoT
has increased from 15.41 billion to 20.35 billion in 2017. network. We call our system BID (Blockchaining for IoT
Additionally that number is expected to exponentially increase devices) and it uses a Proof of Stake (PoS) algorithm in order
to 75.44 billion by 2025 [1]. The Internet of Things (IoT) is to achieve security. The decentralized nature of a blockchain is
made up of all devices that are connected to the internet and perfect to keep attackers at bay. The immutability of the blocks
that have the ability to send data to one another. Devices on also allows for a permanent ledger to track all transactions that
the IoT can range from kitchen appliances to vehicles and the have been made. The use of Public and Private keys also allows
growing number of connected devices leaves the IoT more for a secure way to keep information private. Also using smart
vulnerable to attack than ever. appliances as stake in the system means that it can only have
one owner. This makes it tough for attackers to gain control
of the devices since transferring devices will be difficult.
The remainder of the paper is as follows: section II will
discuss our motivation, section III will discuss the key com-
ponents to the system and briefly explain what each part is,
section IV explains the methodology to the development of
the blockchain, section V will review literature related to our
research, section VI will provide an analysis and evaluation
of the efficiency of our system, and section VII will state our
conclusion and guidelines for future work.
II. M OTIVATION
The rise of the technological age has made people and their
information more vulnerable than ever. An attack on a person
or their identity could come at any time. With the increase in
the amount of connected devices, the number of attacks also
increases. In [2], the authors describe the four layers of IoT
and how each one is vulnerable with solutions to solve these
Fig. 1. Number of Connected Devices in Billions [1] vulnerabilities. Technology is also becoming more complex as
807
A. Network Structure will get less stake value than nonparticipating nodes. This way,
The main quality of a blockchain that makes it secure is every node is awarded an “age price.” Age price will prioritize
that it is decentralized. users that have been using the network for longer periods.
B. Personal System
There are three main components in a personal system
and those are the master computer, smart devices and smart
appliances. MCs are usually a rooted system such as a desktop
computer but could also be applied to a laptop. Smart devices
include devices such as an iPhone, an android phone, an
iPad or any other tablet, etc. Smart appliances (SAs) could
be any other device that is connected to the internet. These
include smart fridges, security cameras, factory equipment,
lights, locks, etc.
808
C. Blocks What the users need to be prioritized for is to be elected for
Blocks are the single most important part of the blockchain the leader node of the network. The leader node is the node
because they store all of the valuable information as transac- that forges the next block on the chain. This node is selected
tions. The transactions are stored in a list called the transaction in a semi-random process using an algorithm based on stake
list. in the network, age of the stake, and penalties that the PS
has accrued. When someone adds a device to their PS, then
they get more value on the network which makes them more
reliable because of the stake that they have in the network.
Our implementation works as follows. A user will access
a smart device in their home and that will be recorded as a
transaction and added to the local transaction list. Once the
local transaction list is full it will then be created into a block
and will be forged on the blockchain. Each block will also
have an “owner” associated with it as described in section
IV-C. According to [8], Bitcoin uses a maximum block size
of 1 MB which limits the transaction rate to between 3 and
7 seconds. If this were to be implemented in our system, that
would allow for a new chain leader to be selected roughly
every ten minutes. That would allow for a person to forge
multiple blocks in a day. The blocks would then be pushed
to the blockchain and the connected nodes would come to a
consensus that these blocks come from a trusted source.
The biggest difference between a normal PoS algorithm
and this IoT implementation of a PoS is that the coins, or
Fig. 4. Structure of a block and a transaction list
appliances in this case, are given private keys and are non
transferable. This, in a way, gives the appliances an identity
The structure of a block and a transaction list is shown in and allows the user to view each of their coins’ properties.
Fig 4. The block is made up of four separate components that This also allows the user to dictate which devices have access
are the hash, the nonce, a transaction list, and the previous to each other and what kind of modifications they can make.
hash. The block will also have an “owner” attribute but that
attribute will be hidden from contributors. The reason for the V. L ITERATURE R EVIEW
owner attribute is to allow people to view the blocks that they In this section, we discuss previous works that include using
have contributed. The hash is calculated by using the SHA256 blockchaining for IoT and the PoS algorithm.
algorithm previously explained in section III-A. This hash is Using blockchaining to secure the IoT is relatively new
unique to the block and that is how the block can be identified. but it has increased in popularity over the years. In [9], they
We also thought about the idea of having a hashing list on the discuss a blockchain structure that includes a smart home
MC in order to find the blocks that have been forged by that miner, local storage and group of devices along with overlay.
MC. This would allow the MC to view all transactions that This system adopted many similar components of their system
it has contributed to the blockchain but we found it would such as attributes of the transaction, and using local storage in
be easier to add a separate, private transaction list, that works order to store transactions. The difference between our system
similar to a blockchain. This would allow for a much quicker and theirs is that BID is more decentralized. They use service
access to the list of transactions for a PS. providers (SP) to provide an overlay to supply a copy of the
blockchain but our system does not take into account SPs at
D. Proof of Stake Implementation all.
Our system uses a modified version of the PoS algorithm. Other works, such as [10] and [11], discuss more about the
Most blockchains have cryptocurrency that they use in order PoS algorithm. In [10], they discuss an upcoming technology
to contribute blocks. In this structure, the “cryptocurrency” known as Ouroboros. Ouroboros is one of the first blockchain
that this blockchain uses is a combination of smart devices protocols that uses proof of stake. They also prove how secure
and smart appliances. A person is awarded a value for the Ouroboros is using the PoS algorithm and many aspects of it
amount of smart appliances and smart devices on their PS. can be applied to our system as well. The difference in their
Each person will start with a value of one for adding their system is that the leader is elected for a time slot to forge a
MC to their PS. As their amount of devices increase, so does block on the blockchain.
their stake in the system. The algorithm used by this structure In [11], the authors talk about the energy consumption of a
will also implement a time-based formula to add value to a couple of proof of work (PoW) systems and how PoS is much
user. This prioritizes users that have been using the system more energy efficient. They first introduce the blockchain and
longer and are deemed more trustworthy to add valid blocks. then go into detail of PoW systems and PoS systems. The work
809
TABLE I C. Availability
F EATURES
Availability is how often and how easily the user has access
Confidentiality Integrity Availability to their data. This is achieved by keeping a copy of the
BID x x x blockchain on the MC. This would allow for a user to always
Case Study of Smart Home x x x
Ouroboros x x x be able to access the transactions that have been made with
their devices. As a backup, a separate data structure, different
to a blockchain, will also be kept on the MC. This data
structure is different from a blockchain as it is essentially
also evaluates whether PoS is efficient in achieving consensus.
a normal linked list. This is because the user is the only
The article mainly discusses cryptocurrency but the logic can
contributor. This would make it easier for a user to see their
still be applied to a general PoS algorithm. The main difficulty
data without having to look through the blockchain.
that is presented is the nothing at stake attack and that will be
further discussed in section VI.
TABLE II
There have been many concerns with protecting users data F EATURES
in a smart home environment, as shown in [12]. Their proposed
model uses a data collector and receiver. The collector collects 51% Nothing-at-Stake Grinding
BID x x x
the data from all of the sensors in a smart home while Case Study of the Smart Home x
the receiver receives the data and then sorts it based on an Ouroboros x
predetermined attribute. Our system works in a similar way but
it uses cryptographic keys in order to keep track of transactions
and devices. D. 51% Attack
VI. E VALUATION AND A NALYSIS The 51% attack [12] is a theoretical attack that is described
The system evaluation is based on the confidentiality, in- as controlling over 50% of a system. For example, in our
tegrity, and availability (CIA) model that is used for the basis system that would mean owning 51% of the stake in the
of computer security. Confidentiality refers to the ability of the system. In the example of Bitcoin, it would refer to owning at
system to only share data with authorized users, integrity is least 51% of the computing power. This is one of the major
only allowing authorized user to change data, and availability vulnerabilities of blockchains, but it is difficult to achieve. It
is when authorized users can access their data at all times is tougher to achieve in a PoS system compared to a PoW
[13]. Another analysis of our model is how well it prevents system. This is because of the difficulty to achieve more than
common attacks on PoS systems, such as the ones mentioned half of the stake in a system. A PoS system is more vulnerable
in section III-D. The following sub-sections will go in depth when it is first created but as more stake is created, then it
of our analysis. As shown in Table I, BID, the case study of becomes harder to achieve this attack.
the smart home, and Ouroboros all demonstrate confidentiality, In [12], the authors go into detail of an example of a 51%
integrity and availability. As shown in Table II, the case study attack on a proof of work system. They propose it is viable if
of the smart home and ouroboros lack some of the protections there are two blockchains with a common ancestor. This would
from attacks that BID offers. create a separate blockchain that could potentially be valid if
it becomes long enough. This would require a tremendous
A. Confidentiality amount of computing power because a user would have to
Confidentiality refers to only authorized users being able have enough power to mine blocks faster than the rest of the
to access data. Our system satisfies confidentiality by using network.
the devices as stake in the system. This allows for a device Our system is protected from a 51% attack by assigning new
to only be owned by one person; through the use of private block leaders in order to forge the next block in the chain.
keys, those devices can only be accessed by the users MC or After a leader forges a block, a part of their stake will be
by and smart device that has access to it. Private keys will be decreased in order to increase the chances of choosing a new
stored in a wallet system and can only be accessed by the user chain leader. Our system also protects from the 51% attack
that owns the wallet. The signature of the user is also a way by making it difficult for stake to be transferred from system
to gain confidentiality in a system. to system. This is because IoT devices are rarely transferred
between people. If this is the case, the user must delete that
B. Integrity device from their PS and then the new owner will have to add
Integrity is only allowing authorized users to change their the device to their system.
data. This is achieved in our system through the sue of
signatures. Like cryptocurrency transactions, all transactions E. Grinding Attack
will have a signature of the user’s private key. This allows the A grinding attack is an added vulnerability from using a
system to authorize that the transaction is valid. This signature PoS system rather than a PoW system. A grinding attack is
is a key part in validating transactions and making sure that when an attacker will try to create multiple iterations to find
unauthorized users cannot gain access to certain devices. a scenario in which they are awarded to be the leader. This
810
attack would allow a user to continue adding blocks while Currently, there are three separate objects that make up BID
others would not be able to push their blocks. The incentive and those are the personal systems, smart devices, and smart
behind this attack is so to gain more currency [15]. appliances. Another feature that would be added is creating
Our system prevents grinding attacks in two ways. One is by objects for certain types of IoT devices that extend the smart
giving no incentive to a user to use this attack. The whole point appliances object. This would allow for unique attributes to
of the grinding attack is to gain more coin which will give a be added for each device.
user more stake in the system. Our system does not reward
R EFERENCES
users for becoming the block leader so it is a waste of time to
use this attack. The other way our system prevents grinding [1] www.statista.com
[2] Farooq, Muhammad Umar, Muhammad Waseem, Anjum Khairi, and
attacks is actually by taking stake away from the leader. This Sadia Mazhar. ”A critical analysis on the security concerns of internet
would mean that if someone was chosen to be block leader of things (IoT).” International Journal of Computer Applications 111,
multiple times, then they would lose most of their stake in the no. 7 (2015).
[3] Roesner, Franziska, Tadayoshi Kohno, Alexander Moshchuk, Bryan
system. For example, if our system took 20% stake to be a Parno, Helen J. Wang, and Crispin Cowan. ”User-driven access control:
leader of the blockchain then a person who was leader three Rethinking permission granting in modern operating systems.” In Secu-
times in a row would lose 100(.8)3 = 51.2 of their original rity and privacy (SP), 2012 IEEE Symposium on, pp. 224-238. IEEE,
2012.
stake. They would be losing almost half of their stake with [4] Module, Mobile Armor Cryptographic. ”Security Policy FIPS 140-2
just three blocks. Level.”
[5] Mendel, Florian, Norbert Pramstaller, Christian Rechberger, and Vincent
F. Nothing at Stake Attack Rijmen. ”Analysis of step-reduced SHA-256.” In International workshop
on fast software encryption, pp. 126-143. Springer, Berlin, Heidelberg,
A nothing at stake attack is when there is a “fork” in 2006.
the blockchain and there are two valid blocks that have [6] Syverson, Paul. ”A taxonomy of replay attacks [cryptographic proto-
cols].” In Computer Security Foundations Workshop VII, 1994. CSFW
been created. Then you are allowed to create two separate 7. Proceedings, pp. 187-191. IEEE, 1994.
blocks and add transactions to each block with no penalty. [7] Siim, Janno. ”Proof-of-Stake.”
This would allow for a person to gain currency through two [8] Hari, Adiseshu, and T. V. Lakshman. ”The internet blockchain: A
distributed, tamper-resistant transaction framework for the internet.” In
separate blocks or to prioritize a block depending on how Proceedings of the 15th ACM Workshop on Hot Topics in Networks,
much currency they would receive [16]. Our system prevents pp. 204-210. ACM, 2016.
this in a few ways. The first protection from this attack is [9] Dorri, Ali, Salil S. Kanhere, Raja Jurdak, and Praveen Gauravaram.
”Blockchain for IoT security and privacy: The case study of a smart
through the use of a leader to create the next block on the home.” In Pervasive Computing and Communications Workshops (Per-
blockchain. This allows for only one user to push a block Com Workshops), 2017 IEEE International Conference on, pp. 618-623.
of transactions at a time. The second method to stopping this IEEE, 2017.
[10] Kiayias, Aggelos, Alexander Russell, Bernardo David, and Roman
attack is through taking a part of their stake in the system when Oliynykov. ”Ouroboros: A provably secure proof-of-stake blockchain
they push a block. This would cost a person multiple stakes if protocol.” In Annual International Cryptology Conference, pp. 357-388.
they were to push two separate blocks onto the blockchain to Springer, Cham, 2017.
[11] Saleh, Fahad. ”Blockchain without waste: Proof-of-stake.” (2018).
create a fork. The final way that we protect from the attack is [12] Chakravorty, Antorweep, Tomasz Wlodarczyk, and Chunming Rong.
by offering nothing as reward to create a block. This gives no ”Privacy preserving data analytics for smart homes.” In Security and
incentive to a person to create a fork on purpose and therefore Privacy Workshops (SPW), 2013 IEEE, pp. 23-27. IEEE, 2013.
[13] Cherdantseva, Yulia, and Jeremy Hilton. “A reference model of in-
dwindle the amount of nothing at stake attacks. formation assurance & security.” In 2013 International Conference on
Availability, Reliability and Security, pp. 546-555. IEEE, 2013.
VII. C ONCLUSION AND F UTURE W ORK [14] Bastiaan, Martijn. ”Preventing the 51%-attack a stochastic analysis of
two phase proof of work in bitcoin.”
In this paper we have proposed a scheme called BID that [15] Chepurnoy, Alexander. ”Interactive proof-of-stake.” arXiv preprint
uses blockchaining to secure IoT devices. We use a novel Proof arXiv:1601.00275 (2016).
of Stake algorithm in order to come to a consensus between [16] Li, Wenting, Sébastien Andreina, Jens-Matthias Bohli, and Ghassan
Karame. ”Securing proof-of-stake blockchain protocols.” In Data Privacy
users and keep the blockchain accurate. BID is secure because Management, Cryptocurrencies and Blockchain Technology, pp. 297-
of the decentralized nature; this means that there is not a 315. Springer, Cham, 2017.
single person in control of the system. Blockchain’s use of [17] ethereumenergyconsumption.com
cryptographic keys allows for the privacy of the user to be
secured.
In the future, the system would continue to use a PoS
algorithm but it would be an adapting algorithm. This would
allow for the system to prevent future possible attacks that
arise. The system would also use a checkpointing system if
anybody were to decide to leave the blockchain. This prevents
from history attacks as described in [15]. History attacks are
when an attacker will use retired private keys of old users in
order to gain more stake in the system. This would sway the
system and make them more likely to become the chain leader.
811