Dinis’s slide are over here, but I have summarised his talk below.
In essence, the IOT is expanding very rapidly, a financial CAGR of c 32% from 2016 to 2022 (c $150m t0 c 850m total market size), and a jump from c 10 to 24 billion IoT devices by 2020, of a total of c 34 billion devices. The problem, as we saw last week, is the IoT system is fundamentally insecure. And the problem is a lot of the devices are just too dumb to have any ability to ensure their own security. In a recent Tripwire survey of 220 IT professionals, only 30% said they were happy with how their companies could handle IoT security.
Dinis sees 3 tyoes of security issue, where an attacker can do one or more of the following:
- Take control
- Steal Information
- Disrupt Services
So, the question is – can blockchain help?
Blockchain technology is essentially a digital record keeping ledger, set up in such a way that it can ensure that each transaction in a long “chain” of transactions is genuine. It puts groups of these records into “blocks” whuch are then bound together cryptographically and chronologically into a “chain” using complex mathematical algorithms. The signing off of each block is ( known as “hashing”) is carried out by lots of different computers in a distributed network. If they all agree on the answer, each block receives a unique digital signature. In theory it can keep records to a very high level of security (but itself can be hacked) . In theory, al the blockchain system has to do is record every transaction in an IoT application using this hihly secure operation, and all will be well with IoT.
That is theory, there are a number of complications however – to implement blockchain is non trivial and requires a number of new considerations:
- Interpretation advanced HUB The IoT environment will need an ‘interpretation HUB’ (server-type) that can function as a knowledge base for connecting all diverse options.
- Advanced Encryption – The idea of an encryption security feature might frighten some in the IoT space, but a built in encryption system will help to keep the device’s data more secure and away from third parties
- Super Authentication Associated with encryption, authentication will play a vital role in the IoT space ensuring that only the right people access the device and that device’s data
- Backbone Firewall Since the late 1980s, when they were invented, firewalls have been the security backbone of devices like computers. Firewalls help to screen out hackers, viruses and worms that target the devices.
- Booting time One of the critical points during the lifetime of a secure system is at boot time. Many attackers attempt to break the software while the device is powered down, according to ARM. IOT – Security 6 areas to look
- IP, Legal set up, Education and training Most of the security issues in cyber security start in house therefore education, training and wise use of data and tech access are critical.
This all comes at a massively increased processing overhead, potentially worse performance, and definitely extra cost (and as Bruce Schneier pointed out, most IoT systems are etremely cost sensitive, which is precisely why security today is so minimal). Getting there, therefore, will not be simple and will rqeuire a number of tradeoffs:
- Peer to peer IoT blockchain driven organisations are going to be more powerful than ever, but there will probably be concern about global regulation, IP and government controls
- Retail Vs. Institutional IoT blockchain media / infrastructure driven communities;
- Open versus close IoT blockchain infrastructures – who will control all the data (see 1 above);
- The advent of IoT blockchain digital identity ledgers – digital currencies and global decentralised organisation will need co-ordination ;
- Big data / Social Media / Blockchain tech hacking will happen, the iOt driven disruption, platforms and social – creating social identity / financial disruption:
Dinis believes therefore that blockchain in the IoT will not be implemented without significant platform development by companies with deep pockets – major IT companies, Telecoms companies, and potentially rich “Tech” giants with large networks like Google; and maybe a few startups that are raised to “Unicorn” status to get scale.
However, they are unlikely to implement the distributed, open model that blockchain uses today, and are more likely to adopt a centralised model where they own all the servers. Dinis therefore believes there will be a “race” in each industry segment (and maybe across them) as major players vie to be the Industry champion in their segment, and let network effects drive them to dominance. This will of course give these players major control, information asymmetry, and the ability to price as they see fit.
Thus the “secure” aspects will be traded for control – be careful what you wish for.