DDOS Attack Mitigation for Internet of Thing Devices

Using Ethereum Blockchain Technology

By
Rahmeh Fawaz Ibrahim

Supervisor
Ashraf Ahmad

Thesis Proposal Submitted in Partial Fulfillment of the Requirements for

the Degree of Master of Science in Information Systems Security and
Digital Criminology

Princess Sumaya University for Technology

King Abdullah I School of Graduate Studies and Scientific Research

December 2021
 Authorization Form

I, Rahmeh Fawaz Ibrahim, authorize Princess Sumaya University for Technology to

supply copies of my M.Sc thesis to libraries, establishments or individuals on request,
according to the Regulations of Princess Sumaya University for Technology.

Signature:

Date:

i
 Committee Decision

This Thesis “DDOS Attack Mitigation for Internet of Thing Devices

using Ethereum Blockchain Technology” was Successfully Defended and
Approved on Click or tap to enter a date.

Committee Members Signature

Prof. Enter the doctor name, Supervisor
Enter the doctor’s job title ………………………
University Name

Prof. Enter the doctor name, Supervisor

Enter the doctor’s job title ………………………
University Name

Prof. Enter the doctor name, Supervisor

Enter the doctor’s job title ………………………
University Name

Prof. Enter the doctor name, Supervisor

Enter the doctor’s job title ………………………
University Name

ii
 Dedication

Type your dedication here! Hit Enter if you want to move to a new line.

I dedicate this work.

Enter Your Name

iii
 Acknowledgments

Type your acknowledgments here. Your acknowledgments section must contain multiple
short paragraphs (5-6 paragraphs), start with praises and thanks to Allah almighty, second
paragraph for your supervisor, a paragraph for your parents and family, a paragraph for a
person that you want to mention in name, a short paragraph for your friends a colleagues
and finally a short paragraph for the examiners and committee members.

Enter Your Name

iv
 List of Tables
Table 3.1: Blockchain Solutions (Advantages and Disadvantages) .............................. 15

v
 List of Figures
Figure 2.1: Block Structure.............................................................................................. 5
Figure 2.2: Ethereum Transaction Structure .................................................................... 6
Figure 2.3: IoT Layers ..................................................................................................... 7
Figure 4.1: Illustrate Example ....................................................................................... 21

vi
 List of Appendices
No table of contents entries found.

vii
 List of Abbreviations

DDOS Distributed Denial of Service Attack

DOTS DDOS Threat Signaling

ETH Ether

EVM Ethereum Virtual Machine

GHOST Greedy Heaviest Observed Subtree

IoT Internet of Thing

PPS Packet Per Second

PoW Proof of Work

PoS Proof of Stack

PoA Proof of Authority

SC Smart Contract

SDN Software Define Network

viii
 List of Contents

Authorization Form............................................................................................................ i

Committee Decision ......................................................................................................... ii

Dedication ........................................................................................................................ iii

Acknowledgments ........................................................................................................... iv

List of Tables .................................................................................................................... v

List of Figures .................................................................................................................. vi

List of Appendices .......................................................................................................... vii

List of Abbreviations ..................................................................................................... viii

List of Contents ................................................................................................................ ix

Abstract ............................................................................................................................ xi

‫ الملخص‬............................................................................................................................... xii

Chapter 1 Introduction ................................................................................................. 1

1.1 Motivation .......................................................................................................... 1

1.2 Problem Statement ............................................................................................. 1

1.3 Objectives of This Work .................................................................................... 2

1.4 Contribution ....................................................................................................... 2

1.5 Research Limitations .......................................................................................... 2

Chapter 2 Background .................................................................................................. 4

2.1 Blockchain.......................................................................................................... 4

2.2 Ethereum ............................................................................................................ 5

2.3 IoT ...................................................................................................................... 6

2.4 DDOS ................................................................................................................. 9

Chapter 3 Related Work ............................................................................................. 11

3.1 Centralized Solutions ....................................................................................... 11

ix
 3.2 Blockchain Technology Solutions ................................................................... 12

Chapter 4 Methodology ............................................................................................... 17

4.1 System Overview ............................................................................................. 17

4.2 System Design .................................................................................................. 18

4.3 System Evaluation ............................................................................................ 21

Chapter 5 Research Plan ............................................................................................. 23

Chapter 6 Conclusion .................................................................................................. 24

6.1 Conclusion ....................................................................................................... 24

6.2 Future Work ..................................................................................................... 24

References ..................................................................................................................... 25

x
 Abstract

Internet of Thing (IOT) devices have limitations such as limited computation and
energy resources because of these limitations, privacy and security are the main concerns
in IOT networks. Distributed Denial of Service (DDOS) is a kind of cyber-attack in
different IOT devices collectively flood thousands of malicious requests to a single
centralized server at once which make the server overloaded.

To solve and mitigate this attack on these devices the centralized systems such as a
cloud and DDOS Threat Signaling (DOTS) protocol is used but, it makes additional issues
because the IOT devices using the centralized server which, is solely responsible for all
computation and decision-making tasks and, if the attackers gain access to this server then
the whole infrastructure is compromised, also the centralized solution has issues related
to limited capacity and low performance. So, for this reason, the blockchain technology
that Satoshi Nakamoto has proposed for financial transactions can be used to provide a
decentralized database that relies on a Peer to Peer (P2P) network and providing a high
level of trust, availability, and reliability without the need for a third trusted parties .

This proposed system is used Ethereum blockchain and smart contract to

implement a decentralized platform instead of existing centralized system solutions to
mitigate the DDOS attack on IOT devices on the application layer by authenticate and
verify these devices, Also this proposal provides a review on the blockchain, how the
Ethereum blockchain and smart contract works, review on the IOT technology and it's
layers, brief description about the types of DDOS attack and it shows some of the
centralized and decentralized using blockchain solutions that used to mitigate the DDOS
attack on IOT devices.

Keywords: DDOS, Blockchain, Ethereum, Smart Contract, Authorization.

xi
 ‫الملخص‬

‫الطدقة‬ ‫تواجه تقنية انترنت االشيي ي يييد الالعل ئق الاوامن الته ئق دي ي ي ييمنرد ئ ل ة الموا‬
‫ذه الاوامن تاتبر ئكيةلة الخصيو يية االئد ئق اذم المكدالم االئنية الته تواجررد ذه‬ ‫‪ ،‬بسيب‬
‫الخ ييلئ يية نوع ئق الرتم ييدا اتلوتر ني يية الته تقو جهر ييد جر‬ ‫التقني ييةت اتبر طر ذتم ييدا ختي ي‬
‫إنترنت األشيييد المختل ة بد سييد اآلالف ئق الطلبدا الضييد إلا د ئر ا اخل جه قت اخل‬
‫ئمييد عي ا إلا ادييد ال مييم علا الخييد ت اسي ي ي ي ي ي ييتخييل ل ييم تخفيف ذييها الرتو علا ذييه األجر‬
‫ال وس ي ي ي ييبة السي ي ي ي ي د ية األنظمة المر دة ئثم ر تو و إش ي ي ي ييد اا الترلعلاا السي ي ي ي ي د ية لونرد تثهر‬
‫الوخهل عق جميع‬ ‫جر إنترنت األشي يييد تسي ييتخل الخد المر ا المسي ييي‬ ‫ئكي ييةضا إدي ييدجية أل‬
‫إذا تمةق المردجمو ئق الو ي ي ييو إلا ذها الخد ‪ ،‬جس ي ي ييهتم ا ت ار البنية‬ ‫المرد اتخدذ الق ار ‪،‬‬
‫األ ا المنخ ضت‬ ‫ال م المر ا لل ه ئكةضا تتالن بدلقل الم ل‬ ‫الت تية بأالملرد ‪ ،‬مد‬

‫لرها السي ييب تم اسي ييتخلا تقنية سي ييلسي ييلة الوتم الته اقترخرد سي ييدتوشي ييه ندالدئوتو للمادئضا‬
‫المدلية لتوجهر قدعل يدندا الئر دة تاتمل علا شبةة نظهر إلا نظهر توجر ئستوى عد ٍ ئق الثقة‬
‫ال دجة إلا طرف ثدلثت‬ ‫الموثوقية‬

‫الاقل اله ه لتوجهر ئنص ي يية الئر دة‬ ‫سي ييتخل ذها االقت ار تقنية سي ييلسي ييلة الوتم)االعثهردو‬
‫الخلئة علا اجر انترنت االشيد‬ ‫لالً ئق خلو النظد المر ا ال دلية للتخفيف ئق ذتو خت‬
‫جه طبقة التطبيقدا عق طردن المصد قة الت قن ئق ئوثوقية ذه االجر ت‬

‫قل ذها االقت ار توديح للنظد المقتر لره الل اسة‪ ،‬ئوج عق تقنية سلسلة الوتم ‪،‬اليف‬
‫يف تامم‬ ‫الاقل اله ه ‪،‬توديح ئد ذه تقنية انترنت االشيد‬ ‫تامم تقنية سلسلة الوتم)االعثهردو‬
‫الخلئة‬ ‫عق طردن تود ي ي ي ي يييح ئد ذه الطبقدا الته توو ذه التقنية‪،‬ئوج عق طر ذتو خت‬
‫باض الل اسيدا السيدبقه ال لو المر دة الضئر دة بدستخلا تقنية سلسلة‬ ‫انواعه‪ ،‬ا ضيد عر‬
‫الخلئة علا اجر انترنت االشيد ت‬ ‫الوتم لتخفيف ئكةله ذتو خت‬

‫الخلئة‪ ،‬سلسلة الوتم‪ ،‬االعثهردو ‪ ،‬الاقل اله ه‪ ،‬التوثهنت‬ ‫الكلمات المفتاحية‪ :‬ذتو خت‬

‫‪xii‬‬
 Chapter 1
Introduction
The blockchain was first proposed in 2008 by Satoshi Nakamoto (Nakamoto, 2008),
which is a public and distributed ledger that is replicated among several nodes in P2P
network, blockchain contains a list of immutable and verified records called "blocks”.
Each block contains a previous hash to link the previous block because the nature of
blockchain is linked to the backlist, also it contains a nonce, transaction root, and network
timestamp to indicate the time that a block is added to the chain.

The characteristics of the blockchain are immutability and anonymity. Blockchain

use in many fields such as cryptocurrency, healthcare, energy, digital documents, and IOT
technology. The proposed system will use blockchain technology to mitigate a DDOS
attack on IOT technology in a decentralized manner without the need for third trusted
parties.

1.1 Motivation
The main motivation for conducting this study is to implement blockchain
technology to mitigate the DDOS attack on IOT devices since blockchain technology has
become new trending technology because of its properties such as publicity, anonymity,
and immutability. Another motivation is to provide decentralized solutions for IOT
DDOS attacks because all the existing solutions are centralized in nature.

1.2 Problem Statement

According to a study proposed by Gartner, around 50 billion IOT devices are
estimated to be connected to the internet by 2030 (Ahmed et al., 2019).IOT devices have
limitations such as limited computation and energy resources. Because of these
limitations, privacy and security are the main concerns in IOT networks. DDoS is a kind
of cyber-attack in different IOT devices collectively flood thousands of malicious
requests to a single centralized server at once which makes the server overloaded. "Mirai
botnet " attack which happen in 2016 is exploited poor security configuration of many
IOT devices such as IP enabled security cameras, wireless printers, baby monitors, and
others. To solve this attack on these devices the centralized systems are used but it makes
1
additional issues because the IOT devices using the centralized server which is solely
responsible for all computation and decision-making tasks, and if the attackers gain access
to this server then the whole infrastructure is compromised, also the centralized solution
has issues related to limited capacity and low performance. So, for this reason, blockchain
technology is used to provide a distributed database that relies on a P2P network and
providing the highest level of trust, availability, and reliability without needing third
trusted parties.

1.3 Objectives of This Work

The main objective for this study is to provide a decentralized solution to mitigate
the DDOS attack on IOT devices in the application layer and to authenticate the IOT
devices on the network using Ethereum blockchain technology.The reason for using this
type of decentralized system is because the access to this data is decentralized and once
the data stored in the chain it cannot be tampered or deleted and this is useful to detect
and record the malicious devices to prevent in future to connect and communicate with
IOT network.

1.4 Contribution
The main contributions of this study are:first, to implement a decentralized platform
instead of existing centralized system solutions to mitigate the DDOS attack on IOT
devices on the application layer by authenticating and verify these devices using
Ethereum blockchain technology which provides an authentic and tamper-proof platform,
and second , to trace and record the IP address of malicious devices inside blockchain to
prevent in future to connect and communicate with IoT network.

1.5 Research Limitations

Working with blockchain on the existing live and real network is so expensive
process because it needs more resources, more powerful devices, and computational
power. So, the reason for this study, is that we get a clone and copy from Ethereum
blockchain in a public environment and work on it in a local environment. In addition,

2
the smart contract works well for a small number of attacks only, and this issue will be
addressed in future work to refer to a larger list of IP addresses.

3
 Chapter 2
Background
This chapter provide review about the blockchain, how etheruem work, also it
provides the DDOS attack taxonomy and what is the IoT and it’s layers.

2.1 Blockchain
Blockchain is a digital, decentralized, and public database used to store all digital
transactions. Blockchain creates and shares all transactions between all computers in the
P2P network. Also, it allows all nodes in this network to verify the transactions inserted
in the block before being added to the chain by using a consensus algorithm called Proof
of Work (POW) or Proof of Stake (POS) or Proof of Authority (POA) based on the type
of the blockchain they used. Blockchain has several characteristics that make it useful to
use in several applications like energy, healthcare area, and IOT technology, the most
important property is a decentralized character which eliminates the need for a third
trusted party. Blockchain consists of set blocks each block has a header and a body as
shown in figure 1. The block header contains set components:

1- Merkle Tree Root: this is a binary tree used to increase the efficiency of the
validation data process.

2- Timestamp: this value is indicated when this block is created.

3- Previous hash block: each block in the chain is linked to the previous block
using a hash value generated from a hash function, this value protects the chain
from mutability.

4- Nonce number: this is an integer number between 32 or 64 bits.

The block body contains the set of all transactions, the maximum number of
the transactions in each block depends on the size of the block and the size of each
transaction. The first applications that use a blockchain as a platform are
cryptocurrency applications like Bitcoin. When someone needs to transfer money

4
 from his account to another using Bitcoin the request transaction steps illustrate in
the following:

1- The transaction which is protected by a digital signature is broadcast to all

nodes or computers in the P2P network.

2- After the nodes receive the transaction then they validate the transaction
using a consensus algorithm (POW).

3- If the transaction is valid then the new block is added to the chain.

4- The transaction is complete.

Figure 2.1: Block Structure

2.2 Ethereum
Ethereum is a public blockchain that uses a cryptocurrency called Ether (ETH) for
paying financial transactions and processing applications using smart contracts (SC). SC
is a piece of code that will be put on the blockchain and executed by the operating system
called Ethereum Virtual Machine (EVM) used to regulate the chain's transactions. The
SC written for the system will control the communication process inside the network and
5
it will be responsible for checking the credentials for the IOT devices before the
communication process starts. In comparison with Bitcoin blockchain, the block size in
Ethereum is shorter and the validation time takes only 14 seconds instead of 10 minutes,
also for mining and rewards processes the Ethereum blockchain uses a protocol called
Greedy Heaviest Observed Subtree (GHOST) protocol, in GHOST if the miners validate
the block and successfully added to the chain then they receive 5 ETH as a reward as
shown in figure 2.

Figure 2.2: Ethereum Transaction Structure

2.3 IoT
Internet of Things (IOT) is the network of physical devices or objects (things) that
have sensors used to connect and exchange data with other devices over the internet with
minimum human intervention. The embedded sensors continuously emit data about the
working state of the devices. IOT provides a common platform for all these devices to
dump their data and a common language for all the devices to communicate with each
other. Data is emitted from various sensors and send to IOT platform security, IOT
platform integrates the collected data from various sources further analytics is performed
on the data and the valuable information is extracted as per requirement, in final the result

6
is shared with other devices like smartphones for better user experience automation and
improving efficiency. These devices may be simple like household objects or complex
like industrial tools. IOT becomes the most important technology of the 21st century;
nowadays we can connect everyday objects like cars, thermostats, baby monitors tools,
and kitchen appliances to the internet by embedded devices to provide easy, efficient
communication between things, processes, and people. IOT has several applications in
many areas like smart cities, smart homes, smart cars, and smart appliances, which
transform the way we interact with technology.

Although IOT technology existed a long time ago several reasons were used to
improve the idea of IOT and make it practical. For example, access the low cost and
power sensors technology making IOT technology possible for many industrial, also the
easy for connecting sensors to the cloud and other things to create an efficient way to
transfer the data. IOT researchers have narrowed down the IOT layers to Perception,
Network, Middleware, and Application layers as shown in figure 3, which are influenced
by the OSI layers.

Figure 2.3: IoT Layers

7
1- Perception layer: In an IOT environment, the perception layer is responsible for
sensing and forwarding data. Data is extracted and stored using several devices
such as sensor nodes, smart cards, and RFID tags. The data obtained here must
be in a consistent format such that it can be used in various network protocols,
this layer is also called the data obtained here must be in a consistent format
such that it can be used in various network protocols, this layer is also called
edge device layer.

2- Network layer: IOT networks are made up of nodes that are either wired or
wirelessly connected like Bluetooth, WIFI, and Zigbee, or have both
capabilities. For data communication, such nodes need an underlying protocol
layer. Gateways can be found in such a network, and they are responsible for
collecting data and transferring it between nodes. In IOT, the network layer is
further divided into access-sublayer and internet-sublayer. The access sublayer
is responsible for collecting data from sensor nodes and sending it to the
middleware layer. When such data is needed for the end-user over the internet,
it is sent via internet-sublayer.

3- Middleware layer: The middleware layer is responsible for processing the data
obtained by the sensor nodes. This layer necessarily requires a lot of
computational and processing energy. Data protection and authentication in this
layer, which is widely referred to as the cloud, are issues that must be addressed.
This layer has been developed to provide IOT users with new capabilities.

4- Application layer: The application layer is the layer that interprets data and
makes it useful to the end-user. Unauthorized access is typically targeted at the
application being used, which is usually accessible via the Internet. Via various
intrusion strategies, vulnerabilities, bugs in the applications, low-quality level
code, and causing a buffer overflow, this User Interface gives attackers access
to sensitive data of the user.

8
2.4 DDOS
Distributed denial of service which is the cyber-attack on a specific server or
network, the purpose of DDOS is disrupting the normal operation by flooding the targeted
network resources such as IOT devices or server with a constant flood of traffic such as
fraudulent requests which overwhelms the system causing a disruption or denial of service
to legitimate traffic. IOT technology the attacker can send the malicious code for
connected devices to the internet at home like a webcam or your home controls.

Attackers hacked these devices using their default login and password lists and
trial/ wrong method to attempt of compromising vulnerable devices. Since the firmware
many IOT devices are poorly maintained, they are vulnerable to hacking compared with
computers, smartphones, and the nature that they are always "online" makes it perfect for
hackers to control remotely. Once these devices are infected then they are joined to the
botnets and started to overwhelm the targeted server or service.

In 2016, the Mirai botnet shut down a large portion of the internet including
Twitter, Netflix, and other major sites. Also, it affected the major Russian banks and the
entire country of Liberia (Vishwakarma & Jain, 2020).Mirai took advantage of unsecured
IOT devices such as security cameras installing malware then attacked the DYN servers
that route internet traffic.

2.4.1 Taxonomy of DDOS Attack

There isn't much of a difference between IOT-specific DDoS attacks and traditional
DDoS attacks. They use similar approaches to manipulate bugs in traditional applications
as well as in IOT devices. IOT-specific DDoS attacks, on the other side, are more varied
and sophisticated due to the heterogeneity of IOT systems. Based on their attacking
tactics, all these attacks can be grouped into three categories.

DDoS attacks classification is based on the impact of the server site on the IOT
network, IOT-specific DDoS attack types are like the traditional DDoS attack types
except considering the corresponding network architecture as a reference model. so, as a
result, attacks can be divided into two categories: application-layer attacks and
infrastructure layer attacks (Roohi et al., 2019) (V et al., 2018).

9
 Application Layer Attacks are those attacks that attempt to breach the application
layer of IOT network infrastructure, where packets are lost at a rate of request per second
(thus calculated in RPS) due to HTTP(Get/Post) requests flooding the application or web
server, and other requests that target device applications such as Windows, Apache,
OpenBSD, and others. These attacks are more difficult to detect and overcome because
they produce traffic at a slower rate and the requests generate seem to be valid, but they
start a back-end mechanism that disables services. HTTP floods and DNS service-based
attacks are examples of these types of attacks.

1- HTTP flood attack: The cybercriminal in this attack uses legitimate HTTP GET
or POST requests to launch a DDOS attack. These attacks do not use spoofing or
reflection tactics, so they need less bandwidth to reach the targeted server than
other attacks.

2- DNS service attack: DNS flood is a form of distributed denial-of-service (DDOS)

attack in which an attacker floods a domain's DNS servers with requests to
interrupt DNS resolution for that domain. A DNS flood attack can make it
impossible for a server, API, or web application to respond to legitimate traffic
because DNS resolution will be interrupted. Since the huge amount of traffic also
arrives from a variety of specific sites, querying for actual records on the domain,
and mimicking legal traffic, DNS flood attacks can be difficult to differentiate
from regular heavy traffic.

Infrastructure layer attacks attempt to make the target device unavailable by

leveraging vulnerabilities in the IOT architecture's transport or network layers. To fire the
attack, they normally use reflection or amplification techniques. Reflecting the submitted
request as an unrequested reply to the user, the attacker uses IP address spoofing to create
congestion on the victim's network. Amplification is often a result of making bigger
responses with smaller queries, which consumes bandwidth unnecessarily.

This study is focused on mitigating DDOS attacks on the application layer because
if this layer is hacked then the whole application is stopped and prevent to deliver the
service to users.

10
 Chapter 3
Related Work
This chapter provides the different studies that need to mitigate the DDOS attack on
IOT devices using both centralized and decentralized solutions using blockchain
technology.

3.1 Centralized Solutions

Different centralized solutions are proposed to solve the DDOS attack on IOT
technology such as papers (Cloudflare inc, 2018) (Jonker et al., 2016)

(A,2016) ,the authors proposed to mitigate the DDOS attack based on the cloud by
increasing the capacity and taking the detection burden away from the attacked device by
exporting flow records from edge routers and switches, those solutions have
disadvantages because they need a tshird party DDOS Protection Service (DPS) provider
which implies to decrease the performance and needs additional costs to deploy on the
existing network because of its centralized nature. Another centralized solution
mentioned in (Anirudh et al., 2017) which used Honeypots and a central database to
mitigate the DDOS attack. Honeypots are employed as a trap for intruders attempting to
compromise the system's security in this proposed technique. As the name implies, a
honeypot is used to attract attackers to observe and analyze their method of initiating an
attack by capturing information about the attacking agent, such as malware. The model
depicts the detection of anomalies in incoming requests to the server using an intrusion
detection system, and if any such requests are discovered, they are directed to the
honeypot rather than the main server. With the use of a honeypot, information about the
suspect (which could be an attacker) is kept as logs in the database, including its IP
address, MAC address, and other details. Following the collection of logs in the database,
when an IDS detects a similar request, the information of the client request is compared
to the stored log files. Based on the results, the main server sends a verification request
to the client to verify its authenticity. If it is determined to be spam, the client is
immediately stopped by the main server at the request stage. If the client is passed, the
request moves on to the next stage, which is to be processed by the main server.

11
 Honeypots are employed as a trap for intruders attempting to compromise the
system's security in this proposed technique. As the name implies, a honeypot is used to
attract attackers to observe and analyze their method of initiating an attack by capturing
information about the attacking agent, such as malware. The model depicts the detection
of anomalies in incoming requests to the server using an intrusion detection system, and
if any such requests are discovered, they are directed to the honeypot rather than the main
server.

3.2 Blockchain Technology Solutions

Public key using cryptography and digital signatures in the blockchain is an
innovative and creative notion. It's frequently utilized as a tool in a variety of fields,
including cryptocurrency, health care areas, IOT technology satisfies the most critical
security needs, such as transaction integrity, non-forgery, effective authentication,
immutability, and reliability. It also provides a decentralized processing infrastructure
that eliminates the possibility of a single point of failure. Related to blockchain solutions
on IOT technology many proposed solutions need to mitigate the DDOS attack on
different layers on IOT devices.

(Ahmed Natsheh, 2019)used Ethereum Blockchain to mitigate the DDOS attack

come from the IOT devices, each IOT device has a unique IP address need to connect and
communicate with the target network or server, the proposed solution has used Ethereum
private Blockchain and smart contract to check the IP address of this device if it is
legitimate or not. If legitimate, then this IP address is authorized and allowed to enter the
network and communicate with the server if not then the Blockchain denied it to enter the
network and communicate to the server. This paper doesn't mention how the trusted
process has done on the blockchain, also the proposed solution is used a private
blockchain which has a centralized nature science only one node is responsible for a
verification process. In addition to that, the authors did not mention what is the type of
DDOS and IOT layer they focus on.

12
 While (Javaid et al., 2018) proposed an IOT-integrated blockchain architecture for
preventing DDoS attacks from IOT devices. The Ethereum blockchain is used in
combination with smart contracts in the architecture. To send and receive messages
to/from other IOT devices, First IOT devices must register with the servers. IOT devices
can only work up to the set gas limit; after that, it stops working. Any IOT device that
fails in the network or whose gas limit has expired may be unregistered or removed at any
time by a server. The server is also responsible for generating and registering smart
contracts. The server sends the registered contract's address to all IOT devices in the
network. An IOT device that has been registered with the server is added to the trusted
list of the contract. The gas limit for individual transactions in the contract is defined
during smart contract initialization to protect against DDoS attacks. The smart contract is
the key regulator that wants to focus on all the IOT devices that are participating. It not
only allows but also restricts the use of IOT devices up to the gas limit. An IOT device
contacts a smart contract to transmit a message; if the IOT node's address is found in the
trusted node list, the message is recorded on the blockchain; otherwise, the message is
dropped. This architecture has the idea of keeping a trusted list on the smart contract that
is checked every time a new message is sent by a device or a device interacts with another
device, and the authentication process is completed after the IOT devices address is stored
in the trusted list on the smart contract. As a result, scalability difficulties will always
exist in such a system. During registration, the process of trusting the IOT device at the
server has not been discussed in depth.

(Jamader et al., 2019) used BCIOT framework, this framework is used a

decentralized solution to solve the security issues that exist on the centralized solution, so
they proposed to use end to end security based on the blockchain and smart contract to
provide a secured communicative environment by using a hash-based secret key to
encryption and decryption processes. In this decentralized solution, all controlled and the
core data is stored on the blockchain. As a result of this study, the availability is increased.
The main disadvantage of this framework, all data are stored in blockchain whether it
comes from a malicious device or not generate the scalability issue.

Many research papers are introduced to mitigate and prevent the Mirai attack such
as (Ahmed et al., 2019) needs to protect the IOT devices against the Mirai botnet attacks,
13
they proposed to use blockchain technology. the proposed network contains different
Autonomous Systems (AS) in which the host is established. The blockchain here is used
to store and share with other nodes the list of internet protocol (IP) addresses for each
host or device connected to AS to indicate hosts that have malicious software.

To determine if this host or device has malware then every AS monitors the
communication process in this network by comparing the number of packets generated
by each host with the threshold value. the authors claim that the proposed solution works
effectively by blocking the malicious packet from the infected host, so they do not affect
the response time on the victim target by using their simulation to determine the specific
value for the malicious threshold. They develop their simulation using Java language. The
result of their detection is a 95% true detection rate when the malicious detection
threshold value is 8, which is a success there work to mitigate the Mirai botnet attack. In
this paper, the type of blockchain is private which has a centralized nature science only
one node is responsible for a verification process.

Different works are integrated with blockchain technology to provide more security
and availability such as(Badruddoja et al., 2020),In this paper, the authors proposed to
integrate DDOS Threat Signaling with blockchain technology using Ethereum and smart
contract to mitigate the IOT devices against multi cyber security attacks such as DDOS.
For testing the resulting process, the authors used datasets contain data from four sensors
over two months, these values make testing using threshold calculation against the
variation of humidity, pressure, temperature, and wind direction on that day to find out
whether an IOT sensor is under a DDoS attack. These results show that the DOTS can
help to detect the attack when mapped on IOT edge computing. The main disadvantage
of this paper, the authentication, and implementation processes are not discussed. While
(Abou et al., 2019) and (Rodrigues et al., 2017)are made integration between blockchain
and Software-defined Network (SDN), in(Abou et al., 2019), The authors proposed Co-
IOT framework, which is the blockchain framework, using Ethereum smart contract and
collaboration with Software-defined networks (SDN) to mitigate the DDOS attack on the
IOT technology, they evaluate the performance of this framework in terms of (flexibility,
efficiency, security, and (cost-effectiveness)the authors claim that this framework
provides decentralization, secure collaboration among multiple SDN based domain,
14
efficiency, flexibility and cost-effectiveness which make it a good scheme to mitigate
DDOS attack on the large scale.in (Rodrigues et al., 2017)the authors proposed a new
efficient flexible model to mitigate DDOS attacks. They need to use blockchain
technology with smart contracts as a complementary solution for existing DDOS
mitigation mechanisms, which provide public and distribution infrastructure to define the
white and blacklists for the IP addresses across multiple domains. Also, they need to use
this technology with the existing DDOS defense system without build or create new
specialized distributed systems.in this proposed solution the authors used Software-
defined Network (SDN), which provides an effective solution to enable customized rules
and services dynamically.

The literature review of decentralized solutions using blockchain technology can be

summarized in table 1 by illustrating the advantages and disadvantages of each work.

Table 3.1: Blockchain Solutions (Advantages and Disadvantages)

Study Reference Advantage Disadvantage

(Ahmed Natsheh, 2019)
The Etherum blockchain is
used and the legitimate list used a private blockchain
is created using smart
contract to check if the IP
address of the device is
legitimate or not to
communicate with the
server.
-The proposed solution is
which has a centralized
nature science only one
node is responsible to a
verification process.
-The authors not mention
what the type of DDOS
and what IoT layer they
focus on.

(Javaid et al., 2018) An IoT-integrated - Scalability difficulties

blockchain and specified will always exist in such a
value called “gas_limit” system.
are used, if the device -During registration, the
exceeded this value then it process for trusting an IoT

15
 prevent to communicate device at the server is not
with the server. discussed in depth.

(Jamader et al., 2019) The framework (BcIoT) is -The main disadvantage

used end to end security for this framework, all data
based on the blockchain are stored in blockchain
and smart contract to whether it come from
provide secured malicious device or not
communicative which generate the
environment and increase scalability issue.
the availability.
(Ahmed et al., 2019) The Mirai attack is - The type of blockchain is
mitigated using blockchain private which has a
technology which used to centralized nature science
store and share with other only one node is
nodes the list of IP responsible to a
addresses for each device verification process.
by comparing the number
of packets generated by
each device with the
threshold value.
(Badruddoja et al., 2020) Blockchain technology is The main disadvantage of
integrated with DOTS to this paper, the
help to detect the DDOS authentication and
attack when mapped on implementation processes
IoT edge computing. are not discussed in depth.

16
 Chapter 4
Methodology
Our methodology used a decentralized solution to mitigate the DDOS attack on the
application layer on IOT technology. This solution is implemented using Ethereum
blockchain and smart contracts to provide availability, integrity, and security. The choice
is to use Ethereum based on the following factors: First, it has the world's second-largest
ledger, after Bitcoin, as a result, it is very resistant to cyberattacks and data falsifications;
second, it provides secure transactions using Elliptic Curves Cryptography, which is a
robust and lightweight signature method for limited devices; in addition to that, it uses
the smart contracts, which makes the methodology easier to implement.

4.1 System Overview

This system proposed a solution to provide the availability and mitigate the DDOS
attack on the application layer without needing a third trusted party using public Ethereum
blockchain and smart contract which is implemented using the solidity programming
language.

Our proposed system has main functionalities:

1- The ability to create different groups with unique IDs because it is a public
blockchain so anyone can create the group if the type is a manager.

2- The ability to store each IOT device only on the existing group.

3- Check the validity and authenticate the IOT device which is called the follower
device before joining to the blockchain by checking the validity of the follower
identity card assigned by the manager node.

4- Prevent IOT device for communicating with target server if the object's ID does
not exist on the white trusted list, or if it exists on the white trusted list but it is
exceeded the defined factor value called (gas limit).

5- The ability to remove the untrusted IOT device from the system and flag this
device as a malicious node.
17
4.2 System Design
As mentioned before, we built our system using Ethereum blockchain and smart
contract, which is an executable program written by a verifier and anyone can access it
because it is a public blockchain.

Our system has main components:

1- Verifier who implements the smart contract.

2- IOT device.

3- Gateway.

4- Smart Contract.

5- Manager device how create the group and assigned the lightweight certificate of
the follower using manager private key.

6- Follower Device how send request transaction to join to the blockchain, and then
send another transaction to communicate with the server.

Our system has two phases:

Phase 1: initialization process

After the verifier creates a smart contract the IOT device is defined itself as a
manager device or follower device based on what is selected, if it is selected as a manager
which has the public and private key, then it can create the group with a unique group ID.
But if it is selected as a follower device then it generates Elliptic Curve (EC) public and
private keys and it provided the identity card, which is the lightweight certificate contain
follower public address, group ID, follower object ID, and the signature of the manager
private key using Elliptic Curve Digital Signature Algorithm (ECDSA).When the group
create successfully after checking the uniqueness of group ID and manager ID then any
follower device who has the valid identity card can join the specific and only one group
after the follower send a registration request to the verifier and then the verifier using
smart contract verifies the uniqueness of follower object ID and it's ticket using the public
18
key of the manager. If this process is done successfully then the follower IOT device can
join to the blockchain, and the smart contract stores the object id of this device inside the
white trusted list and give this device factor value called gas limit.

Phase 2: Communication Process

This process is done after the follower device is added to a specific group
successfully. The purpose of the group ID for each follower is to prevent any IOT devices
do not have this group ID to join and communicate with the target server, which is the
first step to mitigate any malicious device to connect to the IOT network.

The follower IOT device can communicate with the target server after checking two
conditions; first, check its object ID if stored on a white trusted list, and second it is not
exceeded the gas limit value specified in a smart contract. But if the device object ID is
not inserted on the trusted whitelist or if it is inserted in trust whitelist but it is exceeded
its defined gas limit then we proposed this device need to generate more transaction to
target server which leads to overflow the server and make it down, so we remove the
object ID from trusted whitelist and flag this device as a malicious node.

Illustrate the proposed solution:

The below steps summarize the proposed methodology in this study:

1- The first follower transaction represents an association request. The sent

transaction is signed with the Follower's private key and contains the Follower's
ticket.

2- When the blockchain receives the transaction, it verifies its integrity by verifying
the signature with the follower's public key. Then, the Follower's ticket is verified
using the manager public key.

3- If the ticket is valid, then, the blockchain stores using smart contract THE follower
id in the trusted whitelist and give this device gas limit value.

4- After that the device needs to communicate with the server then it needs to send
the transaction which contain (data, follower id, if the follower id is inserted on
19
 white trusted list and it is not exceeded the gas limit value, then it can
communicate with server successfully, else the device is flag as malicious and its
id is removed from the white trusted list.

The following figure 4 illustrates an example to the proposed solution, first in (A)
there are IOT devices related to two areas; smart farms and medical areas. In (B) it shows
the initialization phase where the group ID is chosen by the manager device and the
follower devices with its identity cards signature by the manager, once the manager
creates the group then it sends it's the identifier and group id to the blockchain as a
transaction to create the group at blockchain level after verifying the uniqueness of both
manager id and group id. In (C) it shows how the blockchain works. Finally, in (D) it
shows the communication process that happens inside the group itself.

(A)

(B)

20
 (C)

(D)

Figure 4.1: Illustrate Example

The proposed platform derives the properties of the blockchain, which include that
it is immutable and irreversible, also, the system decentralization aspect improves security
and ensures non-repudiation because of the usage of public and private keys.

4.3 System Evaluation

The system can be evaluated based on the different parameters as shown in below:

21
4.3.1 Based on the different matrices that is used in related works
Because Ethereum is public blockchain so the evaluation is concern on the devices
itself which include:

1- Time and energy consumption

2- The time needed to association request.
3- The CPU power consumption to create association request.
4- The NIC power consumption to send the association request (request +
response).
5- The time needed to prepare data message.
6- The CPU power consumption to prepare data message.
7- The NIC power consumption to send a data message (request + response).

4.3.2 Security requirement evaluation

1- Authentication: based on the proposed system , if the numbers of IoT devices
are 10 and we detect there are 2 devices that try to generate DDOS attack , so the
number of attack devices can be known by storing the IP address on the
blockchain.
2- Message integrity.
3- Identification
4- Non repudiation
5- Scalability
6- Immutability
7- Sybil attack protection
8- Spoofing attack protection
9- Message substitution protection
10- Message reply protection –to return from study trust
11- DOS/DDOS protection

4.3.3 Based on the smart contract parameters

This related to compare the time taken to go to communication server before check
the gas limit value and the time taken to communicate with communication server after
check the gas limit.

22
 Chapter 5
Research Plan
It was intended to carry out this research within 7 months, with the following tasks:

Task Duration Comments

Problem Formulation 1.5 months Completed

Investigate Literature 1.5 months Completed

Review

Writing Proposal 1 months Completed

Implement the Proposed 1 months

Solution

Experiments and 2 weeks

Evaluation

Thesis writing 1.5 months

23
 Chapter 6
Conclusion
6.1 Conclusion
This research study is proposed a system to mitigate the main security problem
existing in IOT technology called DDOS attack. The main contribution of this study is to
implement a decentralized system instead of existing centralized system solutions to
mitigate this attack on IOT devices on the application layer by authenticating and verify
these devices using public blockchain technology which provides an authentic and
tamper-proof platform. Also, this study shows how the IOT devices at the blockchain
level verify and authenticate by using a trusted whitelist implemented in the smart
contract.in addition, this decentralized solution has no hardware upgrade for IOT devices
because the design can be built as an overlay network on top of an existing conventional
network.

6.2 Future Work

This study is mainly focused on mitigating the DDOS attack only on the application
layer on IOT technology, in future work, the proposed system will develop to be able to
mitigate and prevent this attack on the network layer to provide more security in IOT
technology. Also, this system is implemented using public blockchain which has a
scalability limitation problem, in the future our system will solve this issue by proposed
multiple solutions and compare between them to provide a suitable solution.

24
 References
Ahmed, Z., Danish, S. M., Qureshi, H. K., & Lestas, M. (2019). Protecting IoTs from
mirai botnet attacks using blockchains. IEEE International Workshop on Computer
Aided Modeling and Design of Communication Links and Networks, CAMAD,
2019-September, 1–6. https://doi.org/10.1109/CAMAD.2019.8858484

Vishwakarma, R., & Jain, A. K. (2020). A survey of DDoS attacking techniques and
defence mechanisms in the IoT network. Telecommunication Systems, 73(1), 3–25.
https://doi.org/10.1007/s11235-019-00599-z

Roohi, A., Adeel, M., & Shah, M. A. (2019). DDoS in IoT: A roadmap towards security
countermeasures. ICAC 2019 - 2019 25th IEEE International Conference on
Automation and Computing, September, 1–6.
https://doi.org/10.23919/IConAC.2019.8895034

V. K. B., Joshi, S. L., & Barshikar, S. H. (2018). A Survey on Internet of Things.

International Journal of Computer Sciences and Engineering, 6(12), 492–496.
https://doi.org/10.26438/ijcse/v6i12.492496

Cloudflare inc. (2018). Cloudflare Advanced DDoS Protection. Cloudflare.Com, 1, 1–7.

https://www.cloudflare.com/media/pdf/cloudflare-whitepaper-ddos.pdf

Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System., (p. 9).

Jonker, M., Sperotto, A., Van Rijswijk-Deij, R., Sadre, R., & Pras, A. (2016).
Measuring the adoption of DDoS protection services. Proceedings of the ACM
SIGCOMM Internet Measurement Conference, IMC, 14-16-November-2016, 279–
285. https://doi.org/10.1145/2987443.2987487

Anirudh, M., Arul Thileeban, S., & Nallathambi, D. J. (2017). Use of honeypots for
mitigating DoS attacks targeted on IoT networks. International Conference on
Computer, Communication, and Signal Processing: Special Focus on IoT, ICCCSP
2017, 8–11. https://doi.org/10.1109/ICCCSP.2017.7944057

A. (2016). How to Protect Against DDoS Attacks - Stop Denial of Service. Mlytics.
https://www.mlytics.com/features/ddos-
protection/?utm_source=bing&utm_medium=cpc&utm_campaign=ddos&utm_fee
25
 ditemid=&utm_device=c&utm_term=ddos%20mitigation&utm_source=bing&utm
_medium=cpc&utm_campaign=United+States+/+Canada&hsa_cam=1710495334
&hsa_grp=1334807768093524&hsa_mt=p&hsa_src=o&hsa_ad=&hsa_acc=82800
23674&hsa_net=adwords&hsa_kw=ddos%20mitigation&hsa_tgt=kwd-
83425907188801:loc-
211&hsa_ver=3&msclkid=e653d46bc6671a724557b52b782d12fb

Javaid, U., Siang, A. K., Aman, M. N., & Sikdar, B. (2018). Mitigating IoT device
based DDoS attacks using blockchain. CRYBLOCK 2018 - Proceedings of the 1st
Workshop on Cryptocurrencies and Blockchains for Distributed Systems, Part of
MobiSys 2018, 71–76. https://doi.org/10.1145/3211933.3211946

Jamader, A. R., Das, P., & Acharya, B. R. (2019). BcIoT: Blockchain based ddos
prevention architecture for IoT. 2019 International Conference on Intelligent
Computing and Control Systems, ICCS 2019, Iciccs, 377–382.
https://doi.org/10.1109/ICCS45141.2019.9065692

Ahmed Natsheh, B. A.-S. (2019). DDoS Attack Mitigation using Ethereum Blockchain.
Princess Sumaya University for Technology.

Badruddoja, S., Dantu, R., Widick, L., Zaccagni, Z., & Upadhyay, K. (2020).
Integrating DOTS with blockchain can secure massive IoT sensors. Proceedings -
2020 IEEE 34th International Parallel and Distributed Processing Symposium
Workshops, IPDPSW 2020, 937–946.
https://doi.org/10.1109/IPDPSW50202.2020.00156

Abou, Z., Houda, E., Hafid, A., & Khoukhi, L. (2019). IoT environment based on
blockchain using SDN. 2019 IEEE Global Communications Conference
(GLOBECOM), 1–6.

Rodrigues, B., Bocek, T., Lareida, A., Hausheer, D., Rafati, S., & Stiller, B. (2017). A
blockchain-based architecture for collaborative DDoS mitigation with smart
contracts. Lecture Notes in Computer Science (Including Subseries Lecture Notes
in Artificial Intelligence and Lecture Notes in Bioinformatics), 10356 LNCS, 16–
29. https://doi.org/10.1007/978-3-319-60774-0_2

26