By Goh Chee Hoh, Managing Director, Trend Micro Malaysia

Within several decades, the IoT has significantly expanded its reach and connected numerous devices and networks in homes, workplaces, transportation systems, and even entire cities. The decade-old blockchain, on the other hand, is set to revolutionize business models through its encrypted and distributed ledger designed to create tamper-proof and real-time records. With the IoT and blockchain working together, the latter is expected to provide a verifiable and secure recording method for devices and processes associated with the former.
 
Blockchain in the IoT is indeed gaining momentum, but not without a few roadblocks. For one thing, the key concept to blockchain is the series of transactions that have been made and how they form a chain. The chain is created by keeping a reference of previous transactions, hence the blocks. However, blocks are computationally intensive to create, taking multiple processors and significant time to generate. Since a single block is difficult to generate, tampering with it would be similarly tough.
 
Besides, IoT devices are relatively underpowered and underlying blockchain protocols create overhead traffic, with the generation of a block introducing potential latency. This situation doesn’t bode well especially for resource-constrained and bandwidth-limited devices and operations that need real-time updates or speedy responses.
 
In terms of security risks, researchers have classified threats related to accessibility, anonymity, and authentication and access control. Malicious actors may threaten accessibility by preventing users from accessing data or services through such means as denial-of-service (DoS) attacks and cloud storage compromise. Furthermore, they can attempt to identify a particular user by finding links between the user’s anonymous transactions and other publicly available information.
 
Additionally, in our security predictions for 2018, we forecast that blockchain will be exploited by threat actors to expand their evasion techniques. It is also not far-fetched to conjecture that IoT sensors and devices can be compromised to transmit wrong information to a blockchain. By virtue of the technology, if an entry is authenticated, it will be recorded in the chain. Adopters therefore need to ensure that sensors and devices have overrides at the ready in the event of a compromise and to grant access only to users who should be in control.
 
Security recommendations
When run properly, blockchain can greatly benefit IoT systems by decreasing costs and pushing efficiency. Even so, the technology’s penetration into IoT-enabled environments is far from optimal. For example, up to only 10 percent of production blockchain ledgers are expected to incorporate IoT sensors by 2020[1]. Moreover, there still is a long way to go before most IoT systems become computationally competent enough to handle bulky blockchain implementations.
 
While the elimination of the single point of failure has yet to be realized, securing the IoT still lies in the continuous deployment of security for all connected devices. Aside from timely software updates to prevent downtime, what IoT adopters, individuals and organizations alike, should look into is multilayered security with end-to-end protection, from the gateway to the endpoint, capable of preventing any potential intrusions and compromise in the network. This entails:

• Changing default credentials. Factory default credentials have notoriously enabled IoT botnets in compromising connected devices. Users are therefore advised to enable password protection and to use unique and complex passwords to reduce the risk of device hacking. 

• Strengthening router security. A vulnerable router makes a vulnerable network. Securing routers through comprehensive security solutions allows users to take stock of all connected devices while maintaining privacy and productivity. 

• Setting up devices for security. Devices’ default settings should be checked and modified according to users’ needs. Customizing features and disabling unnecessary ones are recommended for increasing security. 

• Monitoring traffic in the network. Actively scanning for anomalous behaviors in the network can help users deter any malicious attempts. Automatic and efficient malware detection can be also employed through real-time scanning provided by security solutions.

• Implementing added security measures. Users are advised to enable firewalls and use the Wi-Fi Protected Access II (WPA2) security protocol for added protection. Solutions that employ web reputation and application control also allow for better visibility across the network.

[1] IDC, IDC FutureScape: Worldwide IT Industry 2018 Predictions, October 2017