In this chapter of design and security architecture of Blockchain technology in internet of things environments that show the overview of Blockchain technology to secure the database of internet of things. As well as the key challenges of the internet of things (IoT) in terms of data security and privacy. This chapter is showing the cyber-attack and threats that the internet of things have faced in a way of the traditional security technology that cannot tackle those issues. The main part of the chapter is the design and architecture of Blockchian database that determine the low level design, data flow that generated from the side of smart devices, and the process flow of Blockchain technology. This chapter will identify the main components of Blockcahin technology that need to be implemented in the environments of IoTs, as well as the new modelling that created in this dissertation of Blockchain technology which are Permission PDVCL, Permission-less PDVCL, Ownership PDVCL. This chapter will evaluate the Blockchain performance that could be adopted in the environments of 50 Billion IoT devices by 2020.
2.0 Overview of Blockchain technology in the Internet of Things (IoT).
Blockchain technology enables the distribution of a consensus network beyond a trusted party or network. The concept of privacy in Blockchain technology that can improve the Internet of Things is on the side of breaking the flow of information that is sent from sensors until it is stored in the database of the IoT. Identifying the ownership and linking the data or transactions to identities is the main concern that needs to be tackled by Blockchain technology (Yli-Huumo et.al, 2016). Other resources that have been introduced Blockchain technology include a cryptographic tool that ensures the integrity of bulk of events with minimum trust assumptions in a distributed system (Enisa.europa.eu, 2017). The technical practices of Blockchain enable keeping information visible to authorised entities by using a non-repudiation solution such as digital signature (ENISA, 2014).
2.1 The context of Blockchain technology in the Internet of Things (IoT).
Blockchain technology is an unlimited application that can be used in other environments such as the IoT. The benefit of Blockchain technology in the environment is identifying possible security issues and fraud by following the flows of transactions (Yli-Huumo, 2016). Other research has found that Blockchain technology provides a kind of secure access control for IoT devices to their own data. The current traditional security methodology is centralised and so might not be suitable for the Internet of Things due to the scale difficulty, single point of failure, and trust issues (Dorri et.al, 2017).
2.2 Key challenges of the Internet of Things regarding Blockchain technology.
The common concerns of security for the IoT are availability, confidentiality, integrity of information, privacy protection, monitoring and managing. Data security and privacy include the need to secure the transmission of data from sensors that generate a bulk of data passing through a gateway of devices until the data is stored on a database in the Internet of Things. The security layers that can be provided identity and access management, which enables the secure provision of devices and sensitive data exposure by the Blockchain (Jha and Sunil, 2014). Moreover, the feature of Blockchain technology that is attractive in IoT environments in terms of addressing security and privacy are: decentralisation, which overcomes the issue of a single point of failure; anonymity, as it is necessary to identify the user or the devices that are accessing the object in the environment; security in in different layers of the environment, whether securing the network or data privacy, and identifying and accessing management (Dorri et.al, 2017).
2.3 The key challenges of Blockchain technology.
Identifying and proposing a solution to overcome the limitations and challenges of Blockchain technology is required to ensure a stable environment. The technical challenges and limitations around tackling of the issues around Blockchain technology in the near future are:
• Throughput: The network of Blockchain needs to be improved because of the frequency of transactions in Blockchain increasing, such as VISA (2,000) transactions per second that might be affected on the network of VISA services (Yli-Huumo et.al, 2016).
• Latency: To complete one transaction needs 10 minutes. The concept of Bitcoin to protect against double-spending by verifying each transaction that is being added into the block chain. This kind of verification for each transaction leads to latency. In terms of advice, this form of verification and confirming the transaction is delayed Blockchain network (Yli-Huumo et.al, 2016).
• Size and bandwidth: The size of a block is around 1MB, and a block is created every ten minutes. The limitation is in the number of transactions that can be stored in the block- on average (500) transactions in one block (Yli-Huumo et.al, P.27, 2016).
• Security: Current possible attacks, as Blockchain is being used in Bitcoins and has a 51% possibility of attacks, which needs to be overcome through more research on security (Yli-Huumo et.al, P.27, 2016).
Wasted resources: Proof-of-work is causing mining Bitcoin to waste a lot of energy (Yli-Huumo et.al, P.27, 2016).
2.3.1 Cyberattacks and threats to the Internet of Things (IoTs).
Cyber-attacks can harm the environment by exploiting vulnerabilities using next generation attacks that exploit traditional security technology (Abomhara and Kien, 2015). The method of setup and design for the technology of the Internet of Things is not following the best practices of security and the required standards. In 2020, 12 billion mobile devices will be connected over the internet, and cyber-attacks are the main type of action taken to harm the system and create threats and vulnerabilities (Abomhara and Kien, 2015).
The types of cyber-attack are:
• Denial-of-service (DoS): This attack uses a distributed concept of certain groups of devices, causing them to be out of service or unavailable (Abomhara and Kien, 2015).
• Attacks on privacy: The information in the IoT devices are easily accessible. The main concern around attacks on data privacy is data mining that enables attackers to discover information on certain databases (Abomhara and Kien, 2015).
The main types of threats are:
• Threats to accessibility: that is to prevent -authorised bodies from gaining access to the core data (Dorri et.al, 2017).
• Threats to anonymity: Identifying the user who is accessing certain data (Dorri et.al, 2017).
• Threats to authentication and access control: The device of the IoT or the user should have a multiple tier system that identifies the user or device in terms of authentication and verifying in which object that need to access (Dorri et.al, 2017).
2.3.2 Design and Architecture of the Internet of Things.
In this dissertation, a scenario of a cyber-attack that needs to be tackled by Blockchain technology will be explained. The attack can be in different areas of the IoT environment that focus on data that transfers from a sensor and passes through the IoT gateway until the data is stored on the database of the IoT. This scenario requires Blockchain technology to verify and validate whether the data being stored on the database of the IoT have been modified.
The current design includes sensors that are connected to a field gateway, and the field gateway is connected over the internet. The interconnection between the field gateway and the Internet of Things cloud is the internet. In the cloud of the IoT there is a database that sorts the data being sent by the sensor and filed gateway.
Figure [1]. The internet of things design and architecture (Source: Author).
In figure [1], The Internet of Things (IoT) architecture will show the data flow that is transferred from the sensor devices’ side until the data from sensors is stored on the database of the Internet of Things. The stages of data transfer in this scenario start with the sensor collecting the data that is input, and sending it to the gateway of sensors to maintain the bulk of data. Finally, the gateway of sensors will send the bulk of data to the database of the application on the cloud side. In this scenario there are two sides to managing the database: the gateway of sensors and the database of the IoT application. This scenario will include identifying the data and timestamping it in the gateway’s sensor to make sure the data is not modified, based on the original data that is stored on the database.
A) Internet of Things Architecture:
This scenario is divided into zones that have their own data. There are four zones, which are devices, field gateway, cloud gateway and services.
B) Device zone:
The device zone includes physical access to the devices (sensors) and the local network that is communicated over the gateway. All of the data of sensors are stored temporarily in the field gateway zone of the sensors.
C) Field gateway zone:
The concept of the field gateway zone is as a communications enabler that processes the device/sensor’s data. The role of the gateway is to manage access and data flow, and the direction of the data that is going out of the local network. The field gateway zone has two types of function, which are managing the sensors that are connected to the local network, and controlling all the parties of the external network. In the filed gateway has other function for storing the transactions or data in database that hosted in this zone or tier.
D) Cloud gateway zone:
The cloud gateway zone is a system and communication handler that receives the traffic from and to devices or field gateways that comes from several different sites across the public network. These work towards a cloud based control and data analysis system such as a federation. For instance, the cloud gateway is able to process and manage device data and act as a storage facility. Moreover, the PKI (Public Key Infrastructure) and access control policy are hosted in the cloud gateway for controlling and ensuring the smart devices are belong to the IoT service environment not an smart device is unknown.
E) Service zone:
This zone provides the service that interfaces with devices through a field or cloud gateway for data collation and analysis.
3.0 Technical components of Blockchain technology.
The database of Blockchain technology has some components that need to be identified. The components of a Blockchain database are the data as transactions transferred from the sensor to the database of Blockchain technology. The miner or the verifier of the transaction that is being stored on the database of the Blockchain needs to verify the transaction every ten minutes. The information in the transaction contains the hash of the sensor data- not the actual data that the sensor has generated. The digital signature will add a level of security to the data that ensures the actual data of the sensor is not being modified by validating the value of the hash function. Moreover, the scenario for Blockchain is that smart devices send the current temperature as data to a field gateway, which is the gateway for all smart devices’ IoT controller. The field gateway will format the data from the sensor as a transaction that contains: a digital signature, device key, and the sequence number of the current data that has been generated by the same sensor. This transaction will be sent to the IoT and the Blockchain database in parallel. The miner of the Blockchain database needs to verify the transaction called PoW (Proof of work) to make sure the transaction is valid manually. The nodes, or peer-to-peer network member, can receive a copy of the Blockchain database, which is how the concept of Blockchain technology can be managed in decentralised manner. The Blockchain database will be distributed across a peer-to-peer network that enables part of the network to access the Blockchain database, not the actual data of sensor, adding the value of the Blockchain, and the database will be independent in each peer or node of the network. The Blockchain technology will create a new chain of blocks that support additional data layers to distribute sensitive data over the nodes of the network. When the sensor is sending the data over the internet, the field gateway of sensors will create the hash function for a data sensor by using the private key of the sensor, and creating the digital signature. The field gateway will send the transaction of the sensor, which includes: the signature of the data, the actual data, the sequence number for creating the data, and a timestamp. This transaction will be sent parallel to the IoT cloud and Blockchain database; however, the content of the transaction that is sent from the field gateway to the IoT cloud is different to the transaction content of Blockchain technology as it includes the signature for the data, a device key, and a sequence number for creating the data. The various components of Blockchain technology are explained below:
– Data
The smart sensor of the IoT is needed for the field gateway. In this stage, the data will be formatted as a transaction.
– Transactions
The transaction is formatted with a digital signature, device key and sequence number of the sensor that will be sent to the IoT cloud and Blockchain database in parallel. The miner or verifier will need to validate the transaction based on the form of proof of work that need to apply mathematical calculation to ensure the transaction is valid, or there are options will be determine to be auto-validation for the transaction that sent to Blockchain database to reduce the effort of processing and delay . After the validation of the transaction, the miner or verifier will add the transaction to the Block to create a chain of blocks; the size of the blocks depend on the size of the transaction.
– Block
The block contains mainly a header, transaction count and block content. In the section of the block header, that is hashed twice; the first hash is in the previous block hash, and the second hash is the whole block header content.
The first part of the block content is the block header:
• Technical data: that shows the size of the current block.
• Previous block hash: This field is for linking the blocks together in terms of chaining the block. The type of hash is (SHA256) that hashed the previous block.
• Timestamp: It is time for the block that being created.
For the second part of the block content, the transaction count section shows how many transactions are in the block.
The third part of the block content is the block content section, which shows the transactions of the sensors separately.
The transaction of the sensors in Block content section requires the following:
• Signature: This includes for the data of the sensor that is signed by the private key of the sensor, that is the signature or finger print of the original data of smart device.
• Device Key sensor: the unique key of the sensor that is identifiable.
• Sequence Number: to show how much data the sensor has created.
• Access Policy: In this field of sensor transaction, it is how the sensor can be permitted or denied access to write or read in the cloud of IoT and Blockchain database based on the access list policy (Bits on blocks, 2017).
– Chain of Block
To chain the block that is linked together based on the previous hash to add into the field. The bulk of the transaction for the miner, verifier or validator of Blockchain database. The blocks are referred to or referenced using their hash, and the next block is chained or linked to the previous block. The previous block is hashed and added into the next block in the field of the previous hash. This means each block refers to the previous block. The benefit of this is that it is possible to check the original data compared with the hash value to verify whether the original data has been modified (Bits on blocks, 2017).
– PKI (Public Key infrastructure) (Digital signature)
The public key infrastructure provides a level of security, such as non-repudiation and integrity. The data from the sensor that is sent to the field gateway, is formatted as a transaction by using a digital signature to sign the data from the sensor using a private key (Weise, 2001). This kind of security solution for data security and privacy ensures integrity, identification and authentication, confidentiality, and non-repudiation of the transaction of the sensor. Each sensor or smart device has its own digital signature that created by the device key to ensure the device is belong to the environment of IoT. In this dissertation the PKI used in capsulation the transaction the need to be stored in the databases of IoT and Blockchain by using private and public key of smart devices that issued by IoT cloud where the PKI is hosted. To ensure the transaction is belong to the smart device and the only can access that transaction by the access policy linked with user digital signature (Source: Author). In figure [2], illustrate the original data has been signed by the private key of smart derive to create the signature or finger print of the original data of smart device.
Figure [2]. PKI is used in generate the finger print of original data of sensor (Source: Author).
– Hash function
The hash function is a kind of mathematical function that converts the data into a fingerprint that is called hash. The hash function is based on an algorithm, which represents it as a fingerprint of data of fixed length. The data of the sensor and the whole of block use the hash function so that it is hard to back-calculate the original data either from the sensor or the block. The hash value is the only way it is possible to identify whether the original data has been modified during the process of validation and verification of the data or transformed to IoT cloud (Bits on blocks, 2017).
– IoT cloud
The Internet of Things includes smart devices that need to store data in cloud storage. The data from the sensor can be validated by the user or service provider that compares between the hash value of the sensor transaction and the original data that is stored in the IoT cloud. The orginal data, PKI, access control policy are hosted in IoT cloud which are parts of IoT environment and network.
– Blockchain Database
The concept of securing the database includes securing the traditional database by involving the database of Blockchain in the environment of IoT, which involves running over several nodes, validating, verifying and rejecting changes to data. This can be explained as the Blockchain database reducing the risk of changing historical data. The system of the Blockchain database is more secure than the traditional database because of data segregation across borders. Moreover, the data privacy of the sensor is ensured as it can be accessed without a third party (Bits on blocks, 2017). Moreover, the aim of this dissertation to manipulate the Blockchain technology to be as part of IoT enviroments and network to ensure the original data that stored in IoT cloud has not been modified in cyber-attack manner.
Based on the scenario and model of the Blockchain database, this dissertation will be structured and identifying the concept of Blockchain technology as follows:
• The Blockchain technology model:
• Permission Public Distributed Verifiable cryptographic Leger (Permission PDVCL):
This kind of module or type of Blockchain technology enables participants in the Blockchain network to gain access and be granted authority to read and write. A copy of the Blockchain database is distributed over the network as peer-to-peer communication that supports being fully decentralised and permitted a group of nodes that enable access to the database of the Blockchain. The cryptographic leger plays an important role, as the transaction uses a kind of digital signature for the public key infrastructure (PKI) to enable a verifiable transactional database. This type of Blockchain database enables access to the database based on authorisation to provide a kind of trust and identify the participant.
• Permission-less Public Distributed Verifiable Cryptographic Leger (Permission-less PDVCL):
The second module of the Blockchain database that enables anyone without permission granted by the authority to write or read publicly. The database of the Blockchain is distributed over the internet in the form of peer-to-peer data communication that supports a fully decentralised system. The cryptographic leger will be used for transactions as a kind of digital signature for the public key infrastructure (PKI) to enable a verifiable transactional database. This kind of Blockchain database may be publicly accessible, based on the terms of the Blockchain used.
• Ownership of Public Distributed Verifiable Cryptographic Ledger (Ownership PDVCL):
This kind of module type provides a database for the Blockchain that is owned by the company which has the right to control the Blockchain database. In terms of gaining access to the database, this is based on the owner’s authorisation of whether to read or write. The only difference between the other modules is the data that is stored on the database of the Blockchain is owned by the person that has the right to control the authorisation side of the database.
– Public user
The public user is the one who is permitted or authorised to access the database of the Blockchain. The public user is part of the peer-to-peer network that can receive a copy of the database that is distributed over the internet. The public user can be identified using the digital signature. The public user is able to verify if it has the authorization to compare the hash value of transaction that stored in Blockchain database and the original data that stored in IoT cloud to ensure the original data has not been modified.
– Consensus
In this part of Blockchain technology, consensus is part of the Permission-less PDVCL module, which has a dedicated group of miners or verifiers that create blocks at roughly the same time, and also must agree on the validity of a given transaction for it to be considered valid. This kind of feature is the difference between the traditional database and the database of Blockchain, which provides a valid state for the database. The protocols of consensus are used to define the state of the database that is considered to be valid. The point of consensus is that all the parties agree to a single true database version. The following provides an overview of the main consensus protocol for use in a Blockchain database:
– Smart contracts: The main elements of Blockchain technology is smart contract system that enable all transactions transacted without third parties that can trust the transactions. Smart Contracts is providing the pseudonymous in publicly visible manner. The agreement between parties in Blockchain technology in any form of peer-to-peer (P2P), person-to-organization (P2O), and person-to-machine (P2M) can be in smart contracts to identify the asset that need to be exchanged between parties with no intermediately (Kosba et.al, 2016). In the aim of this dissertation will need the Blockcahin technology in form of validation and verification the data that stored in IoT database with hash value of original data in Blockchain database. The smart contracts can be enable in form of ensuring the transaction is sending from trusted device that well know source.