Karl Kohlmoos

Blockchain – Security in IoT

Blog Post created by Karl Kohlmoos on May 26, 2016

In my first blog about blockchain I mentioned that Blockchain technology could ease the creation of secure IoT devices and networks and in general the industry thinks this will be true. A large part of this has to do with the underlying architecture of the blockchain itself along with a layer on top called smart contracts. Today I will go into a bit of discussion on why this works and how Bitcoin, for example, provides a secure system over a trustless peer to peer network based on cryptographic proof instead of a requiring a trusted 3rd party to keep watch to prevent an unscrupulous participant from double spending their coin or altering good data.


The Bitcoin implementation is secure as long as honest nodes collectively control more CPU power than any cooperating group of dishonest nodes.


Bitcoin’s blockchain employs key technologies developed by the computing industry over several decades: cryptography, timestamping, & proof of work, it also facilitates something called “smart contracts” and with these, the blockchain can maintain system integrity.


The Bitcoin blockchain begins with a time-stamp server. The timestamp server takes a hash of a block of items to be time-stamped and publishes the hash across the blockchain network. The timestamp proves that the data must have existed at that moment in time. Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it.


To implement their distributed timestamp server peer-to-peer, Bitcoin used a proof-of-work system based on Hashcash. Hashcash is a proof-of-work system originally designed to limit email spam and denial-of-service attacks. The proof of work required is a proportionally adjusted cost to would be hackers and is meant to deter them by making the cost (compute and energy costs) higher than the benefit of hacking the system. Bitcoin implemented a modified version of Hashcash for their proof-of-work system; where an email recipient manually adjusted the amount of work to be done in the original Hashcash implementation, Bitcoin’s peer-to-peer network implementation automatically adjusts the amount of work.


Once the compute effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work. As later blocks are chained after it, the work to change the block would require redoing all the blocks after it. So if honest nodes maintain a majority of the available compute power, the honest chain will grow faster than any competing chains being produced by dishonest nodes. To modify a past block, an attacker would have to redo the proof-of-work of that block and all blocks after it and then catch up with and surpass the work of the honest nodes. This then is the basis of what makes the Bitcoin blockchain secure.  Now, I noted in a previous blog, there have been cases where entities such as countries (China), companies (BitFury), and mining pools (GHash, based in Russia) have generated greater that 50% of the proof-of-work compute for the Bitcoin blockchain. When an entity shows it can achieve this, it presents a legitimate threat to the security of Bitcoin’s blockchain since control can be isolated to within the entities resources.


Smart contracts are different from the current contractual agreements we may be familiar with in that they contain mechanisms that are capable of enforcing the agreements contained there-in through interactive code such as physically locking a device whose conditions for use have not been met (e.g. training, payment, or insurance prerequisites). Smart contracts are computer code that, triggered by external data, can modify other data. They can facilitate, verify, or enforce the negotiation or performance of a contract, or make a contractual clause unnecessary. Smart contracts can define the business terms and relationships of IoT devices and allow us to set conditional responses to the data being received from them. Blockchain aware IoT devices would be delivered from their manufacturer prepared for inclusion into public or private blockchains where configuration of the device and relationships between devices can be managed via smart contracts and data from the device will be recorded in the blockchain’s immutable ledger.


Finally, the application of smart contracts is broad and deep and applies to nearly anything that changes state over time. It should be noted that at this time, smart contracts are not legally binding; however change is in the wind.