City collaboration explores internet of things security solution
A consortium of network security engineers from the UK and India drawn from academia and industry are exploiting the possibilities within blockchain architecture to provide security in Internet of Things (IoT) applications for healthcare data sharing.
Professor of Network Engineering at City, University of London, Professor Muttukrishnan Rajarajan, a UK-based member of the consortium said:
“Our consortium will be exploring the use of a privacy-preserving blockchain architecture for IoT applications in healthcare data sharing, using attribute-based (ABE) encryption to provide greater security for the devices. Due to low voltage powering many devices drawn together by the IoT, the use of these devices are frequently compromised by their lack of sophisticated security measures."
The research comes against the backdrop of the recent WannaCry ransomeware attack of May 12th 2017, which severely crippled operations of the UK’s National Health Service causing it to run some of its services on an emergency-only basis during the attack.
The IoT refers to a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human and human-to-computer interaction.
Blockchain is a distributed ledger technology (DTL), which keeps a permanent, tamper-proof listing of records. The blockchain maintains the records, or blocks of information, through a peer-to-peer network; there is no central control and everyone if the network shares control of the data.
Professor Rajarajan says the use of blockchain technology in the internet of things has three main security advantages:
- The sensor data generated by IoT devices will be rigorously verified by a number of data miners in the blockchain network for legitimacy before being accepted which will mitigate several security attacks including data manipulation;
- Once the data is accepted and appended to the blockchain the data will not be intercepted; There is no central authority or storage sever and therefore the trust of each node will be built by reputation:
- If there is a malicious node propagating false data it can be identified by data miners and the reputation of the node will be damaged.
Professor Sudip Misra of the Indian Institute of Technology Kharagpur is also a member of the collaborative research project.
Peer-to-peer (P2P) is a decentralized communications model in which each party has the same capabilities and either party can initiate a communication session. Unlike the client/server model, in which the client makes a service request and the server fulfills the request, the P2P network model allows each node to function as both a client and server.