By Goh Chee Hoh, Managing Director, Trend Micro Malaysia
Within several decades, the IoT has significantly expanded its reach and connected numerous devices and networks in homes, workplaces, transportation systems, and even entire cities. The decade-old blockchain, on the other hand, is set to revolutionize business models through its encrypted and distributed ledger designed to create tamper-proof and real-time records. With the IoT and blockchain working together, the latter is expected to provide a verifiable and secure recording method for devices and processes associated with the former.
Blockchain in the IoT is indeed gaining momentum, but not without a few roadblocks. For one thing, the key concept to blockchain is the series of transactions that have been made and how they form a chain. The chain is created by keeping a reference of previous transactions, hence the blocks. However, blocks are computationally intensive to create, taking multiple processors and significant time to generate. Since a single block is difficult to generate, tampering with it would be similarly tough.
Besides, IoT devices are relatively underpowered and underlying blockchain protocols create overhead traffic, with the generation of a block introducing potential latency. This situation doesn’t bode well especially for resource-constrained and bandwidth-limited devices and operations that need real-time updates or speedy responses.
In terms of security risks, researchers have classified threats related to accessibility, anonymity, and authentication and access control. Malicious actors may threaten accessibility by preventing users from accessing data or services through such means as denial-of-service (DoS) attacks and cloud storage compromise. Furthermore, they can attempt to identify a particular user by finding links between the user’s anonymous transactions and other publicly available information.
Additionally, in our security predictions for 2018, we forecast that blockchain will be exploited by threat actors to expand their evasion techniques. It is also not far-fetched to conjecture that IoT sensors and devices can be compromised to transmit wrong information to a blockchain. By virtue of the technology, if an entry is authenticated, it will be recorded in the chain. Adopters therefore need to ensure that sensors and devices have overrides at the ready in the event of a compromise and to grant access only to users who should be in control.
When run properly, blockchain can greatly benefit IoT systems by decreasing costs and pushing efficiency. Even so, the technology’s penetration into IoT-enabled environments is far from optimal. For example, up to only 10 percent of production blockchain ledgers are expected to incorporate IoT sensors by 2020. Moreover, there still is a long way to go before most IoT systems become computationally competent enough to handle bulky blockchain implementations.
While the elimination of the single point of failure has yet to be realized, securing the IoT still lies in the continuous deployment of security for all connected devices. Aside from timely software updates to prevent downtime, what IoT adopters, individuals and organizations alike, should look into is multilayered security with end-to-end protection, from the gateway to the endpoint, capable of preventing any potential intrusions and compromise in the network. This entails:
 IDC, IDC FutureScape: Worldwide IT Industry 2018 Predictions, October 2017