A blockchain future for internet of things security: a position paper
Mandrita Banerjee
a
, Junghee Lee
a
, Kim-Kwang Raymond Choo
b
,
a
,
*
a
Department of Electrical and Computer Engineering, University of Texas at San Antonio, San Antonio, TX 78249, USA
b
Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, TX 78249, USA
ARTICLE INFO
Keywords:
Blockchain
Blockchain security
Collaborative security
Internet-of-military things
IoT dataset
IoT self-healing
IoT security
Intrusion-prevention system
Predictive IoT security
Predictive security
ABSTRACT
Internet of Things (IoT) devices are increasingly being found in civilian and military contexts, ranging from smart
cities and smart grids to Internet-of-Medical-Things, Internet-of-Vehicles, Internet-of-Military-Things, Internet-of-
Battlefield-Things, etc. In this paper, we survey articles presenting IoT security solutions published in English
since January 2016. We make a number of observations, including the lack of publicly available IoT datasets that
can be used by the research and practitioner communities. Given the potentially sensitive nature of IoT datasets,
there is a need to develop a standard for sharing IoT datasets among the research and practitioner communities
and other relevant stakeholders. Thus, we posit the potential for blockchain technology in facilitating secure
sharing of IoT datasets (e.g., using blockchain to ensure the integrity of shared datasets) and securing IoT systems,
before presenting two conceptual blockchain-based approaches. We then conclude this paper with nine potential
research questions.
1. Introduction
Technologies have changed the way we live, particularly in our data-
driven society. This is partly due to advances in semiconductor and
communication technologies, which allow a multitude of devices to be
connected over a network, providing us with ways to connect and
communicate between machines and people (e.g., machine-to-machine).
Such a trend is also commonly referred to as the Internet-of-Everything,
comprising the Internet-of-Things (IoT), Internet-of-Medical-Things
(IoMT), Internet-of-Battlefield-Things (IoBT), Internet-of-Vehicles
(IoV), and so on. Given the pervasiveness of such devices in our soci-
ety (e.g., in smart cities, smart grids and smart healthcare systems),
security and privacy are two of several key concerns. For instance, it
was reported in 2014 that more than 750,000 consumer devices were
compromised to distribute phishing and spam emails [40].In
data-sensitive applications such as IoMT and IoBT, ensuring the security
of the data, systems and the devices, as well as the privacy of the data
and data computations, is crucial. However, a threat to a system can be
the result of a security measure that is not well thought out. For
example, in a typical civilian or military hospital setting, the Informa-
tion Technology (IT) team generally has the control of the entire
network, including endpoint devices and IoMT devices (basically, any
devices with an IP address). It is not realistic to expect the IT team to be
familiar with every individual connected device, although they have the
system administrator capability to install patches, and access the device
and their data remotely, and so on.
What happens if in the middle of a surgical operation, one of the IoMT
devices administering drugs shuts down and reboots itself after a patch is
applied remotely by the IT system administrator? This is likely to result in
chaos in operating theaters, as the surgical team will not have any idea
what happened not to mention, the trauma and potential consequences to
the patient (e.g., depriving the patient of oxygen could result in brain
damage and fatality). In other words, things can go wrong very quickly
during seemingly routine operations, such as applying patches and the
devices rebooting themselves.
In this paper, we survey articles on security techniques that are either
designed for, or are applicable to IoT, published in English since January
2016. We defer a survey of IoT privacy techniques as future work. The
located articles are then sorted into reactive and proactive approaches,
we further categorize the reactive approaches into (1) Intrusion Detec-
tion Systems (IDS) only and Intrusion Prevention Systems (IPS), and (2)
collaborative security approaches.
2. Survey of existing IoT and related security approaches
2.1. Intrusion detection and prevention techniques
Modern-day malware designers and cyber attackers are innovative
* Corresponding author.
E-mail addresses: mandrita82@gmail.com (M. Banerjee), Junghee.Lee@utsa.edu (J. Lee), raymond.choo@fulbrightmail.org (K.-K.R. Choo).
Contents lists available at ScienceDirect
Digital Communications and Networks
journal homepage: www.keaipublishing.com/en/journals/digital-communications-and-networks/
https://doi.org/10.1016/j.dcan.2017.10.006
Received 11 September 2017; Received in revised form 10 October 2017; Accepted 30 October 2017
Available online 31 October 2017
2352-8648/© 2018 Chongqing University of Posts and Telecommunications. Production and hosting by Elsevier B.V. on behalf of KeAi. This is an open access article
under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
Digital Communications and Networks 4 (2018) 149–160
