Ransomware is malware that encrypts a user’s files and demands that the user pay a ransom to have the files decrypted for their release. Last May, a global cyberware attack spread the malware to countless computers in more than 150 countries, with victims instructed to make payments using the digital currency Bitcoin. According to the Wall Street Journal, Bitcoin is the preferred payment method of most ransomware infections because it allows users to send and receive money from anywhere in the world, often anonymously.
Although cyber-swindles have existed since about 2005, as Wired notes, they are growing more sophisticated and bolder. In sum, these schemes will continue to challenge the commercial Internet of Things (IoT) and its security solutions to create secure and private infrastructures.
One computing expert claims to have found a way to secure the IoT. Paul Fremantle, a researcher with the United Kingdom-based University of Portsmouth, says blockchain technology, which forms the basis of Bitcoin currency, can enhance the security, privacy and manageability of IoT devices and networks.
Blockchain is an open-source, distributed database often used as a digital ledger of transactions with integrity assurance, according to BCC Research. The database maintains a continuously growing list of records called blocks. Each block of data is linked to a previous block. The blocks, which are computationally difficult to create and distributed to hundreds if not thousands of computers around the world, are inherently resistant to data modification.
Fremantle and fellow scientist Philip Scott conducted a review of the current literature on IoT middleware, along with performing their own search for middleware systems that explicitly targeted IoT scenarios. The researchers say middleware, which they define as “software that acts as a bridge between an operating system or database and applications, especially on a network,” are crucial to discussions of security and the Internet of Things.
The pair reviewed a total of 54 systems, and reported that 35 of them failed to have a security model that could be analyzed.
Fremantle finds the results troublesome: “It’s a real concern that we’re buying (IoT) devices without thinking of the consequences. For example when you buy a fitness tracker it’s hard-coded to the company that sold it. If their network isn’t secure then your data isn’t secure.”
He adds, “It’s quite frightening that there is a steady growth of the number of devices connected to the internet, but the lack of security remains a big concern. The only true privacy control a user has is often just to completely disable a device.”
Fremantle’s research proposes a model that leverages the shared governance of blockchain technology. He believes the system creates for IoT networks “an environment of trust, anonymity and effective contracts between parties without any single vendor being in charge, and without requiring any party to be trusted above another.”
Fremantle admits that while blockchains can improve the security and privacy of the IoT, challenges remain: the processing, memory and code requirements of blockchains render them incompatible with cheap, constrained IoT devices.
One approach he suggests enables IoT devices to participate in a trusted blockchain. The proposal would create a new system that acts as a trusted intermediary between blockchains and the internet-connected devices.
The system, dubbed Pythia, is named after the priestess at the temple of Apollo in ancient Greece, who acted as a go-between between the gods and humans. Fremantle believes that with this system in place, IoT developers will be able to trust blockchains more easily, leading to many new approaches for a securer IoT.
"My vision of a blockchain-based IoT is in the preliminary stages, but we plan to start prototyping it shortly,” he says. “Unless we solve the security problems soon, there will only be more serious attacks coming."
A paper detailing the study results was published at the 2nd International Conference on Internet of Things, Big Data and Security.
BCC Research predicts the global market for IoT security solutions will grow at a 25.6% CAGR from 2016-2021, and total more than $11.4 billion in the end year.