Despite the hype, blockchain IoT security represents a promising technological convergence. But there are caveats, according to an executive at Entrust Datacard.
Your security is only as good as its weakest link, according to a popular cybersecurity truism. But what if each link in your security chain is questionable?
Enterprise and industrial companies deploying IoT technology need to be able to verify that each portion of their ecosystem is trustworthy. While blockchain has been heralded for its potential to prevent data tampering and identity theft, the technology doesn’t intrinsically verify that the data within the chain has been unadulterated.
Blockchain IoT security doesn’t inherently stop a threat actor from feeding forged data into the network, potentially corrupting the entire ecosystem, according to Ranjeet Khanna, director of product management, IoT and embedded security solutions at Entrust Datacard.
An organization using blockchain to publish information about multiple registries can accommodate the distributed nature of data sources. If IoT technology was used in a sporting context for, say, hockey in Toronto and that the deployment could accept data from vehicles, the city’s transportation network, relevant local businesses and first responders. “In such an ecosystem, everybody that is delivering a particular service holds a crucial piece of data and is a custodian of that data,” Khanna said. “Either they have originated that data, or they have acquired that data legally within their business.”
Blockchain IoT security could help such disparate entities come together and conduct business transactions leveraging IoT data. Entities involved in the transactions use a democratic process to demonstrate that a given transaction has occurred. “But you still do not know whether you can trust the source of the data or not,” Khanna said.
For this reason, Khanna recommends that organizations looking to use blockchain for IoT security also deploy to public key infrastructure. “If you use PKI to establish trust of the source of the ledger and establish the identity of each and every object that is being published in that registry, you suddenly have a very strong trust environment that can serve that kind of a complex ecosystem,” he explained. “We see customers wondering whether blockchain is an answer to their security needs or whether PKI is still an answer. I am saying both can go together.”
In the end, having a high level of trust in your business partners is an important ingredient of blockchain IoT security. “Think about your relationship with your bank,” Khanna said. “The reason you trust your bank probably has more to do with regulatory controls that provides a level of risk assurance than it does with the technology they use.” If, say, Bank of America wants to use blockchain for a transaction with the Toronto-Dominion Bank, that implementation will work with a pre-established verification process between the owners of the ledger. “In this case, the customer is not trusting the ledger, they are trusting the owner of the ledger” he added.