Edge Computing to Secure IoT Data Ownership and Trade with the Ethereum Blockchain

With an increasing penetration of ubiquitous connectivity, the amount of data describing the actions of end-users has been increasing dramatically, both within the domain of the Internet of Things (IoT) and other smart devices. This has led to more awareness of users in terms of protecting personal data. Within the IoT, there is a growing number of peer-to-peer (P2P) transactions, increasing the exposure to security vulnerabilities, and the risk of cyberattacks. Blockchain technology has been explored as middleware in P2P transactions, but existing solutions have mainly focused on providing a safe environment for data trade without considering potential changes in interaction topologies. we present EdgeBoT, a proof-of-concept smart contracts based platform for the IoT built on top of the ethereum blockchain. With the Blockchain of Things (BoT) at the edge of the network, EdgeBoT enables a wider variety of interaction topologies between nodes in the network and external services while guaranteeing ownership of data and end users’ privacy. in EdgeBoT, edge devices trade their data directly with third parties and without the need of intermediaries. This opens the door to new interaction modalities, in which data producers at the edge grant access to batches of their data to different third parties. Leveraging the immutability properties of blockchains, together with the distributed nature of smart contracts, data owners can audit and are aware of all transactions that have occurred with their data. we report initial results demonstrating the potential of EdgeBoT within the IoT. we show that integrating our solutions on top of existing IoT systems has a relatively small footprint in terms of computational resource usage, but a significant impact on the protection of data ownership and management of data trade.

Download Full-text

A Machine Learning-Based Exploration of Relationship Between Security Vulnerabilities of IoT Devices and Manufacturers

International Journal of Data Analytics ◽

10.4018/ijda.2020070101 ◽

2020 ◽

Vol 1 (2) ◽

pp. 1-12

Author(s):

Ritu Chauhan ◽

Gatha Tanwar

Keyword(s):

Cyber Security ◽

Automated System ◽

Smart Devices ◽

Protocol Stack ◽

Security Vulnerabilities ◽

Local Networks ◽

Daily Lives ◽

Security Issues ◽

Iot Devices ◽

The Internet Of Things

The internet of things has brought in innovations in the daily lives of users. The enthusiasm and openness of consumers have fuelled the manufacturers to dish out new devices with more features and better aesthetics. In an attempt to keep up with the competition, the manufacturers are not paying enough attention to cyber security of these smart devices. The gravity of security vulnerabilities is further aggravated due to their connected nature. As a result, a compromised device would not only stop providing the intended service but could also act as a host for malware introduced by an attacker. This study has focused on 10 manufacturers, namely Fitbit, D-Link, Edimax, Ednet, Homematic, Smarter, Osram, Belkin Wemo, Philips Hue, and Withings. The authors studied the security issues which have been raised in the past and the communication protocols used by devices made by these brands. It was found that while security vulnerabilities could be introduced due to lack of attention to details while designing an IoT device, they could also get introduced by the protocol stack and inadequate system configuration. Researchers have iterated that protocols like TCP, UDP, and mDNS have inherent security shortcomings and manufacturers need to be mindful of the fact. Furthermore, if protocols like EAPOL or Zigbee have been used, then the device developers need to be aware of safeguarding the keys and other authentication mechanisms. The authors also analysed the packets captured during setup of 23 devices by the above-mentioned manufacturers. The analysis gave insight into the underlying protocol stack preferred by the manufacturers. In addition, they also used count vectorizer to tokenize the protocols used during device setup and use them to model a multinomial classifier to identify the manufacturers. The intent of this experiment was to determine if a manufacturer could be identified based on the tokenized protocols. The modelled classifier could then be used to drive an algorithm to checklist against possible security vulnerabilities, which are characteristic of the protocols and the manufacturer history. Such an automated system will be instrumental in regular diagnostics of a smart system. The authors then wrapped up this report by suggesting some measures a user can take to protect their local networks and connected devices.

Download Full-text

Intrusion Detection in IoT based Smart Networks using Fuzzy Brain Storm Optimization Technique

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f8651.088619 ◽

2019 ◽

Vol 8 (6) ◽

pp. 3066-3071

Keyword(s):

Embedded Systems ◽

Optimization Technique ◽

Security And Privacy ◽

Smart Devices ◽

Software Systems ◽

Security Risks ◽

Security Vulnerabilities ◽

Brain Storm Optimization ◽

Fuzzy C Means Clustering ◽

The Internet Of Things

The Internet of Things (IoT) is characterized as an approach where objects are outfitted with sensors, processors, and actuators which include design of hardware board and development, protocols, web APIs, and software systems, which combined to make an associated architecture of embedded systems. This connected environment enables technologies to get associated with different networks, platforms, and devices, making a web of communication which is reforming the manner in which we communicate with the world digitally. These connected embedded systems are changing behaviour and interactions with our environment, networks, and homes, and also with our own bodies in terms of smart devices. Security and privacy are the most significant consideration in the field of real-world communication and mainly on IoTs. With the evolution of IoT the network layer security in the IoT has drawn greater focus. The security vulnerabilities in the IoT system could make security risks based on any application. Therefore there is an essential requirement for IDS for the IoT based systems for avoiding security attacks based on security vulnerabilities. This paper proposed a fuzzy c-means clustering with brain storm optimization algorithm (FBSO) for IDS based on IoT system. The NSL-KDD dataset is utilized to evaluate and simulate the proposed algorithm. The results demonstrate that the proposed technique efficiently recognize intrusion attacks and decrease the network difficulties

Download Full-text

Concept of Blockchain Technology and Its Emergence

Blockchain Applications in IoT Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2414-5.ch001 ◽

2021 ◽

pp. 1-20

Author(s):

Padmavathi U. ◽

Narendran Rajagopalan

Keyword(s):

Internet Of Things ◽

Educational Institutions ◽

The Internet ◽

Disruptive Technology ◽

Smart Contracts ◽

Security Issues ◽

Blockchain Technology ◽

Distributed Ledger ◽

Authentication And Authorization ◽

The Internet Of Things

Blockchain refers to a distributed ledger technology that helps people to regulate and manage their information without any intermediaries. This technology emerges as a promising panacea for authentication and authorization with potential for use in every possible domain including financial, manufacturing, educational institutions, etc. Blockchain has its birth through the concept of Bitcoin, a digital cryptocurrency by Satoshi Nakamoto, called as Blockchain 1.0. Blockchain 2.0 came into existence in 2014 with Ethereum and smart contracts. The challenges such as scalability, interoperability, sustainability, and governance led to the next generation of Blockchain also called as IOTA, a blockchainless cryptocurrency for the internet of things runs on the top of their own ledger called Tangle, which is immune towards quantum computers. This disruptive technology evolved to provide cross chain support and more security through Blockchain 4.0. Finally, the chapter concludes by discussing the various applications of this technology and its advantages and security issues.

Download Full-text

Blockchain Technologies for Private Data Management in AmI Environments

Proceedings ◽

10.3390/proceedings2191230 ◽

2018 ◽

Vol 2 (19) ◽

pp. 1230 ◽

Cited By ~ 1

Author(s):

Tomás Robles ◽

Borja Bordel ◽

Ramón Alcarria ◽

Diego Sánchez-de-Rivera

Keyword(s):

Data Management ◽

End Users ◽

Third Parties ◽

Management Model ◽

Use Case ◽

Smart Contracts ◽

User Empowerment ◽

Private Data ◽

The Creation ◽

Private Data Management

Blockchain enables the creation of distributed ledgers as a type of database that is shared, replicated, and synchronized among the members of a network. In this paper we analyze how distributed ledgers can be used for empowering end-users to self-manage their own data, enabling third parties to access those data under a cryptographic management model. We propose a use case where both blockchain and smart contracts are employed by using cryptographic technology to enable user empowerment of data management in AmI. Finally, we analyze strengths and weaknesses of the proposed scenario.

Download Full-text

A Decentralized Personal Data Store based on Ethereum: Towards GDPR Compliance

Journal of Communications Software and Systems ◽

10.24138/jcomss.v15i2.696 ◽

2019 ◽

Vol 15 (2) ◽

Cited By ~ 3

Author(s):

Marco Alessi ◽

Alessio Camillò ◽

Enza Giangreco ◽

Marco Matera ◽

Stefano Pino ◽

...

Keyword(s):

Data Sharing ◽

Data Protection ◽

Service Providers ◽

Personal Data ◽

End Users ◽

Third Party ◽

Smart Devices ◽

Sensitive Data ◽

Data Store ◽

Mandatory Requirement

Sharing personal data with service providers is a fundamental resource for the times we live in. But data sharing represents an unavoidable issue, due to improper data treatment, lack of users' awareness to whom they are sharing with, wrong or excessive data sharing from end users who ignore they are exposing personal information. The problem becomes even more complicate if we try to consider the devices around us: how to share devices we own, so that we can receive pervasive services, based on our contexts and device functionalities. The European Authority has provided the General Data Protection Regulation (GDPR), in order to implement protection of sensitive data in each EU member, throughout certification mechanisms (according to Art. 42 GDPR). The certification assures compliance to the regulation, which represent a mandatory requirement for any service which may come in contact with sensitive data. Still the certification is an open process and not constrained by strict rule. In this paper we describe our decentralized approach in sharing personal data in the era of smart devices, being those considered sensitive data as well. Having in mind the centrality of users in the ownership of the data, we have proposed a decentralized Personal Data Store prototype, which stands as a unique data sharing endpoint for third party services. Even if blockchain technologies may seem fit to solve the issue of data protection, because of the absence of a central authority, they lay to additional concerns especially relating such technologies with specifications described in the regulation. The current work offers a contribution in the advancements of personal data sharing management systems in a distributed environment by presenting a real prototype and an architectural blueprint, which advances the state of the art in order to meet the GDPR regulation. Address those arisen issues, from a technological perspective, stands as an important challenge, in order to empower end users in owning their personal data for real.

Download Full-text

An Attribute-Based Access Control for IoT Using Blockchain and Smart Contracts

Sustainability ◽

10.3390/su131910556 ◽

2021 ◽

Vol 13 (19) ◽

pp. 10556

Author(s):

Syed Yawar Abbas Zaidi ◽

Munam Ali Shah ◽

Hasan Ali Khattak ◽

Carsten Maple ◽

Hafiz Tayyab Rauf ◽

...

Keyword(s):

Access Control ◽

Single Point ◽

File Systems ◽

Personal Data ◽

Trace Function ◽

Smart Contracts ◽

Distributed File Systems ◽

Volume Data ◽

Blockchain Technology ◽

Attribute Based Access Control

With opportunities brought by the Internet of Things (IoT), it is quite a challenge to maintain concurrency and privacy when a huge number of resource-constrained distributed devices are involved. Blockchain have become popular for its benefits, including decentralization, persistence, immutability, auditability, and consensus. Great attention has been received by the IoT based on the construction of distributed file systems worldwide. A new generation of IoT-based distributed file systems has been proposed with the integration of Blockchain technology, such as the Swarm and Interplanetary File System. By using IoT, new technical challenges, such as Credibility, Harmonization, large-volume data, heterogeneity, and constrained resources are arising. To ensure data security in IoT, centralized access control technologies do not provide credibility. In this work, we propose an attribute-based access control model for the IoT. The access control lists are not required for each device by the system. It enhances access management in terms of effectiveness. Moreover, we use blockchain technology for recording the attribute, avoiding data tempering, and eliminating a single point of failure at edge computing devices. IoT devices control the user’s environment as well as his or her private data collection; therefore, the exposure of the user’s personal data to non-trusted private and public servers may result in privacy leakage. To automate the system, smart contracts are used for data accessing, whereas Proof of Authority is used for enhancing the system’s performance and optimizing gas consumption. Through smart contracts, ciphertext can be stored on a blockchain by the data owner. Data can only be decrypted in a valid access period, whereas in blockchains, the trace function is achieved by the storage of invocation and the creation of smart contracts. Scalability issues can also be resolved by using the multichain blockchain. Eventually, it is concluded from the simulation results that the proposed system is efficient for IoT.

Download Full-text

A Formal Verification Framework for Security Issues of Blockchain Smart Contracts

Electronics ◽

10.3390/electronics9020255 ◽

2020 ◽

Vol 9 (2) ◽

pp. 255 ◽

Cited By ~ 1

Author(s):

Tianyu Sun ◽

Wensheng Yu

Keyword(s):

Formal Verification ◽

Program Verification ◽

Formal Method ◽

Smart Contracts ◽

Security Vulnerabilities ◽

Security Issues ◽

Computing Platform ◽

Blockchain Technology ◽

Verification Methods ◽

Distributed Computing Platform

Blockchain technology has attracted more and more attention from academia and industry recently. Ethereum, which uses blockchain technology, is a distributed computing platform and operating system. Smart contracts are small programs deployed to the Ethereum blockchain for execution. Errors in smart contracts will lead to huge losses. Formal verification can provide a reliable guarantee for the security of blockchain smart contracts. In this paper, the formal method is applied to inspect the security issues of smart contracts. We summarize five kinds of security issues in smart contracts and present formal verification methods for these issues, thus establishing a formal verification framework that can effectively verify the security vulnerabilities of smart contracts. Furthermore, we present a complete formal verification of the Binance Coin (BNB) contract. It shows how to formally verify the above security issues based on the formal verification framework in a specific smart contract. All the proofs are checked formally using the Coq proof assistant in which contract model and specification are formalized. The formal work of this paper has a variety of essential applications, such as the verification of blockchain smart contracts, program verification, and the formal establishment of mathematical and computer theoretical foundations.

Download Full-text

The goose that laid the golden eggs: personal data and the Internet of Things

Journal of Business Strategy ◽

10.1108/jbs-10-2018-0176 ◽

2019 ◽

Vol 40 (1) ◽

pp. 48-52 ◽

Cited By ~ 3

Author(s):

Peter Buell Hirsch

Keyword(s):

Internet Of Things ◽

Data Privacy ◽

Social Issues ◽

Personal Data ◽

The Internet ◽

Privacy And Security ◽

Content Type ◽

Secondary Sources ◽

Blockchain Technology ◽

The Internet Of Things

Purpose This viewpoint is intended to examine the issue of the monetization of personal data and the risks to companies that fail to understand this trend. Design/methodology/approach This paper reviews the recent literature on the use and abuse of personal data to identify relevant trends and issues. Findings It is likely, whether through blockchain technology or some other means, that individual consumers will be able to monetize their data. Research limitations/implications As a review of secondary sources rather than original sources, the findings are anecdotal and not comprehensive. Practical implications In the rapidly changing environment of data privacy and security, one should anticipate that the findings may become outdated by sudden events such as a new global data privacy breach. Social implications Ownership of personal data and its use or abuse is one of the single most important social issues in today’s world, with profound implications for civil society. Originality/value While there have been numerous studies cataloguing attempts to create monetization platforms for consumer data, there are not many studies on the reputational risks for companies in handling data from the Internet of Things.

Download Full-text

A Scalable IoT Protocol via an Efficient DAG-Based Distributed Ledger Consensus

Sustainability ◽

10.3390/su12041529 ◽

2020 ◽

Vol 12 (4) ◽

pp. 1529 ◽

Cited By ~ 2

Author(s):

Bumho Son ◽

Jaewook Lee ◽

Huisu Jang

Keyword(s):

Computation Time ◽

Economic Incentive ◽

Mcmc Algorithm ◽

Security Vulnerabilities ◽

Blockchain Technology ◽

Distributed Ledger ◽

Transaction Fees ◽

The Internet Of Things ◽

Tangle Model ◽

The Coordinator

The Internet of Things (IoT) suffers from various security vulnerabilities. The use of blockchain technology can help resolve these vulnerabilities, but some practical problems in terms of scalability continue to hinder the adaption of blockchain for application in the IoT. The directed acyclic graph (DAG)-based Tangle model proposed by the IOTA Foundation aims to avoid transaction fees by employing a different protocol from that used in the blockchain. This model uses the Markov chain Monte Carlo (MCMC) algorithm to update a distributed ledger. However, concerns about centralization by the coordinator nodes remain. Additionally, the economic incentive to choose the algorithm is insufficient. The present study proposes a light and efficient distributed ledger update algorithm that regards only the subtangle of each step by considering the Bayesian inference. Experimental results have confirmed that the performance of the proposed methodology is similar to that of the existing methodology, and the proposed methodology enables a faster computation time. It also provides the same resistance to possible attacks, and for the same reasons, as does the MCMC algorithm.

Download Full-text

Attitudes of Young Consumers on the Security of their Data Collected By Smart Devices in the Age of the Internet of Things

Marketing of Scientific and Research Organizations ◽

10.2478/minib-2021-0013 ◽

2021 ◽

Vol 41 (3) ◽

pp. 21-38

Author(s):

Beata Kolny

Keyword(s):

Internet Of Things ◽

Online Survey ◽

Personal Data ◽

Primary Sources ◽

Smart Devices ◽

The Internet ◽

Sources Of Information ◽

Secondary Sources ◽

Young Consumers ◽

The Internet Of Things

Abstract The popularity of smart devices that collect and share data on user behaviour grows every year, and the number of such devices in households is forecast to rise steadily. Therefore, the purpose of this paper is to present the attitudes of young consumers regarding the security of their data collected by smart devices, interconnected via the existing Internet infrastructure or other network technologies within the Internet of Things (IoT) systems. The paper was written based on both secondary and primary sources of information. Secondary sources were used to define the discussed issues related to the Internet of Things and the security of data collected by smart devices. Primary sources, on the other hand, offered direct evidence of the attitudes of young consumers on the security of such data. Direct research was carried out using an online survey carried out in 2021 on a sample of 588 consumers aged 18–34 living in Poland. The results show that more than half of the respondents pay great attention to where the data collected by the devices used in their households is kept and whether such data is safe. In spite of such declarations, more than half of those surveyed have no knowledge about the level of the security of such data. The respondents agreed with the statement that consumers accepted the uncertainty related to the loss of control over their personal data collected by smart devices more quickly than the risk involved in becoming disconnected from them.

Download Full-text