Each element of the Internet of Things chain - software, systems, infrastructure, and data – must have a third party-verifiable trust anchor. Traditional security solutions can't provide this. But a blockchain is a tamper-proof distributed database that can validate the data generated by IoT devices. Learn how the Ericsson Blockchain Data Integrity service provides detection of digital asset and data compromise.
Is data the new oil? Yes! And more!
The IoT is considered one of the key use cases of the digital economy, and data has emerged as the new currency. People call data the new oil, but the analogy falls short. Data is everywhere and can be integrated across virtual and physical worlds. It is continually renewable. Not just in an additive manner but exponentially. Data spawns data. It makes Individual entities, fleets, value chains, all more intelligent, and therefore self-optimizing. The distribution of data is the very essence of economic life.
This can serve as the definition of IoT, as either digital supply chains or “industrial mashups”. The premise is that greater the data velocity and the more you connect and collaborate through shared, actionable intelligence, the more value you create. Self-driving cars, public utilities, transportation, healthcare, aviation, home – all depend on real time, reliable data for profitable decisions.
All data is of course, not of equal quality. The value of data is based on its integrity. Never before has this been more true than today, as the scale and gravity of compromised data - due to the convergence of IT and OT, the physical and virtual worlds, industries, supply chains and clouds - has created a critical need for guaranteed trust in data.
Traditional security solutions do not provide data integrity for IoT
Traditional security solutions are designed to protect organizations from outside threats and have focused on providing privacy and confidentiality. These solutions protect assets inside the enterprise network using:
- Known threat categories and Common Vulnerabilities and Exposures (CVE) for threat detection. CVE is a publicly known information security vulnerability for publicly released software.
- Privacy and authorization protection to ensure confidentiality of data and prevent unauthorized access to data
- Availability to ensure that the application infrastructure and services delivered on it are able to mitigate threats that impact service availability and quality.
Threats, however, are becoming increasingly sophisticated and can be launched from anywhere. In addition, data integrity breaches are an order of magnitude more serious than confidentiality breaches. The impact of compromised data can range from widespread outages of utilities to potential deaths caused by corrupt data in airplane instrumentation or healthcare systems.
The IoT is particularly prone to these types of exploits because it entails diverse, remote end-points, often with limited security in the devices. This can result in the IoT being exposed. Not only is there a broader attack surface but also multiple attack vectors.
The four basic elements of the IoT
The IoT is about collection, aggregation, and analysis of data to enable real time decisions. It can be deconstructed into four basic elements:
- Sensors on devices for streaming data
- Networks for data flow
- Distributed cloud for data ingestion
- Analytics to convert data into insights
Each element of the IoT chain - software, systems, infrastructure, and data – must have verifiable integrity. This is particularly critical for heavily regulated industries with stringent compliance requirements requiring data integrity.
The IoT is deployed with distributed end devices. And its data footprint encompasses information from mobile phones, industrial machines, motor vehicles, geolocation devices - all at global scale.
Multinational organizations must deal with multiple jurisdictions due to shifting data locations. This presents a global challenge. It is therefore imperative for the IoT to have a highly distributed security architecture and scalable governance framework. The alternative, less effective approach would be a centralized model to identify and authenticate end points and screen multiple terabytes of data flows. This of course, would not allow for real-time trustworthy data that meets regulatory compliance.
Blockchains are consensus-based, scalable and resilient
A blockchain is a tamper-proof distributed database (ledger) that can track and verify data that is generated by IoT devices. It maintains a historical record of all IoT data and is not dependent on a central authority. Blockchains enable multiple IoT use cases that would be difficult to deploy on centralized systems. Since the ledger is distributed, a blockchain is not vulnerable to the exploits seen in centralized architectures. This makes blockchains inherently resilient with no single point of failure.
Blockchain architecture is decentralized and is based on consensus algorithms. This makes hacking more difficult. One compromised node should not affect the blockchain since a majority of the core nodes must agree to the action. Once created, Blockchains are immutable and incorruptible. Mathematically provable algorithms enable continuous verification and calibration of the validity of a blockchain. Attempted modifications are immediately flagged. All IoT data can be signed and timestamped and an image of the data is recorded in the blockchain.
Ericsson Blockchain Service guarantees data integrity for the IoT
Ericsson offers one of the first commercial implementations of Blockchain for IoT data integrity. The Ericsson Blockchain Data Integrity service is data-centric and provides customers with the ability to detect tampering of digital assets and find compromised data. Every data asset can be signed and verified when data is being ported. This is consistent with most regulatory compliance requirements that require data integrity.
Ericsson Blockchain Data Integrity service provides a chronological record of the time the data was signed, the identity of who signed the data and assurance that the data has not been changed after being signed. This can provide an auditable trail of the chain of custody.
Independent verification of the integrity of data is possible using the media published publication code and the signature to prove the integrity of the data. The lifecycle integrity of data can be monitored by continuously verifying the data in near real time and generating alerts in the event of a failure.
The service can be implemented in many different ways from full stack (Ericsson builds a private Blockchain for customers) to a micro-service (Ericsson provides a RESTful API to access service).
Ericsson Blockchain IoT use cases
The IoT provides connectivity and data sharing for industrial applications including transportation, public utilities, manufacturing, oil and gas, energy, healthcare, and others. By providing data integrity, blockchains enable these highly regulated industries to perform trust-based operations for their industrial assets. The operations include:
- distributed operations
- configuration management
- software lifecycle management
- remote asset management
- field services for updating and adjusting configurations of these industrial assets.
Below is an example of an Ericsson Blockchain use case for IoT applications on the GE Predix platform: