Towards applying blockchain technology to IoT : Taking a couple of steps back
Due to the fact that IoT systems’ deployments form a distributed network of vulnerable and non-trusted nodes, that need to exchange data, applying blockchain technology to improve certain aspects of such installations has emerged as an interesting idea from the early years of blockchain technology. The conception that blockchain can protect data integrity and in the same time provide the basis for profitable data exchange, has triggered a lot of discussions, projects and even platforms that aim to the convergence of IoT and blockchain. In the context of GHOST project, the consortium has put in a lot of effort in order to use blockchain technology as a a means for enhancing smart home security. Our conclusions with regards to applying blockchain to IoT are as follows :
The first decision that usually needs to taken is related to the blockchain platform that will be used and is mainly dependent on whether it will be a public chain or a private federated one. Going with the first choice, enables the creation of open systems that can potentially interact with any IoT installation connected to the internet. Thus, such a decision enables systems that can operate on a global basis and take advantage of the tremendous volume of data being generated by such installations. On the other hand, the fact that such chains can be publicly accessed has a lot of privacy implications and special handling is required. Going with a private chain limits the system in terms of interoperability. Such a decision though, could serve well in cases where a single vendor of IoT systems would like to build a controlled blockchain system that would respond to the needs of its IoT network. Private systems are more flexible with respect to access control and data privacy, so those can potentially comply to more complex requirements.
The number of IoT devices is growing exponentially. When designing a product for IoT ecosystem, scalability should be one of the main targets, or otherwise the product will not be applicable to the real world. Blockchain platforms, especially the ones based on proof of work consensus mechanisms, suffer from limited transactions throughput. The number of transactions the system would require with respect to the size of the network, it should support, is a metric that should be minimized at any cost. Additionally, the hardware resources of IoT devices, but also that of IoT gateways, are limited. The design of the system should take this into account and come up with a solution that would minimize the load put on the edge nodes of the network without though sacrificing critical security parameters of the system.
While blockchain is going to guarantee data integrity after IoT data is submitted to the platform, it can not do much before that point. When it comes to data integrity, a blockchain network is practically as secure as its most insecure node. If data is falsified before being submitted to the system, the only thing that blockchain can reassure is that it will be always falsified in the same way. Blockchain hype should not make us neglect the security of the nodes of the system. Especially in the case of IoT devices, which are known for being “insecure by default” this aspect is even more critical. Any available security countermeasure (software or hardware) on the IoT node side, has to be employed, in order to build a system that along with the use of blockchain will be secure and will provide a trustful service.
Blockchain paradigm is based upon the fact that nodes that are responsible for growing the chain act according to specified rules, because they have a significant benefit out of that. In proof work or proof of stake this benefit is related to economic loss, that emerge when they act maliciously. In byzantine fault tolerance consensus the loss is related to the fact that a limited number of participating entities form a federation. This will benefit all of them in the long run and the fact that malicious partners can to be forced out of this federation, is an important incentive for partners to play by the rules. When designing a blockchain system for IoT, we have to identify which are the entities that will have the power and responsibility to grow the chain and consequently asses the obvious benefit or loss for them, according to their behavior (benign or malicious).
Finally, blockchain implementations are still relatively immature, so facts that stand during the design phase of a project are potentially either changed or not valid during its implementation. So such systems should be designed with an open minded approach, and apart from the current status of blockchain technology we should take into account features that blockchain implementations are expected to have in the coming months or years.
In general, while blockchain and IoT convergence seems like (and probably is) a good fit, a lot of thoughtful and detailed design is required at the start of each relevant project.