KuppingerCole Report
Advisory Note
By Ivan Niccolai

The Disruptive Potential of Blockchains in IoT Security

Blockchains have the ability offer many solutions regarding the security concerns currently limiting the growth of the Internet of Things (IoT). Blockchains, combined with other decentralised, peer-to-peer technologies can improve IoT security by enabling authenticity and integrity assurance of connected things, scalable management of connected devices, and secure information transmission.
By Ivan Niccolai
in@kuppingercole.com

1 Management Summary

The core IoT security challenges today are largely due to the complexities of managing and securing potentially billions of devices while ensuring the ...

Login Free 30-day Select Access Get full Access

2 Highlights

  • IoT Security Challenges: protecting and managing potentially billions of connected devices, identification and integrity assurance of low-power and ...
Login Free 30-day Select Access Get full Access

3 Introduction

The Internet of Things (IoT) is just around the corner, and its economic, social and technological aspects will leave little of the world unchanged pr ...

Login Free 30-day Select Access Get full Access

4 Current IoT Challenges

In the coming IoT world, security incidents have the potential to directly cause life-threatening damage. This is not an exaggerated possibility when ...

Login Free 30-day Select Access Get full Access

4.1 Limitations of Centralised Control Systems: Availability and Scalability

The number of connected devices with the upcoming IoT revolution will be, even by the most conservative estimates, orders of magnitude greater than to ...

Login Free 30-day Select Access Get full Access

4.2 Authenticity, Integrity and Identification

Protecting against intellectual property theft and ensuring the integrity of low-cost sensors and devices is essential from both a commercial and a se ...

Login Free 30-day Select Access Get full Access

4.3 Communication Infrastructure Challenges

Additionally, transmitted sensor data could contain very sensitive information. Secure data transmission across networks in remote areas or extreme en ...

Login Free 30-day Select Access Get full Access

4.4 Additional IoT Challenges

As is typically the case in new or emerging technology market sectors, IoT is plagued by a lack of standards for ensuring security and interoperabilit ...

Login Free 30-day Select Access Get full Access

5 Overview of Blockchains

Blockchains, a distributed append-only, linear data structure, which uses consensus algorithms to enable a degree of control decentralisation, was bro ...

Bitcoin’s blockchain is known as a public, unauthenticated and “permissionless” blockchain. It is both decentralised and distributed, as any par ...

In order to best understand the use case suitability of various blockchain projects, KuppingerCole has developed a blockchain taxonomy (shown in Figur ...

Login Free 30-day Select Access Get full Access

6 The Blockchain and IoT

As we have seen, the main challenges in IoT security are due to the high scale of connected devices, the limited compute resources of minuscule sensor ...

While it will not be possible in the near future to completely replace human judgement with consensus algorithms and centralised systems still remain ...

Login Free 30-day Select Access Get full Access

6.1 Device Identity Management (IDoT) Benefits

Where the contextual complexities surrounding user identification remains a challenge in IAM, embedded device and sensor identification is much more u ...

Login Free 30-day Select Access Get full Access

6.1.1 Identification

Existing tamper-resistant hardware identification technologies are already very mature. While trusted computing platforms (TPM) exist today, tradition ...

Login Free 30-day Select Access Get full Access

6.1.2 Proof-of-Provenance and Proof-of-Ownership

Even if blockchains were used with the limited capacities that popular blockchains such as Bitcoin or Ripple have today, that is as a decentralised, t ...

Login Free 30-day Select Access Get full Access

6.2 Configuration Management & Integrity Assurance

IDoT, or identification, authentication and authorisation for devices is the foundational requirement for IoT security. Once the identity is establish ...

Login Free 30-day Select Access Get full Access

6.3 IoT Management, Secure Information Storage and Communication Benefits

Unlike the information systems and devices within traditional organisations, the device internet of everything, everywhere would result in billions of ...

Login Free 30-day Select Access Get full Access

6.3.1 Scalable, Decentralised Control Architectures

Decentralised management of devices using blockchains is made possible by outsourcing and automating many management functions using algorithmic conse ...

Login Free 30-day Select Access Get full Access

6.3.2 Secure Information Sharing

Blockchains, using mature cryptographic standards such as hashing algorithms and public key cryptography, enable the ability to allow certain informat ...

Login Free 30-day Select Access Get full Access

6.4 Distributed Secure Computing

The peer-to-peer sharing of compute resources is still some ways off, yet given the limited resources of devices and sensors, blockchain-enabled secur ...

Login Free 30-day Select Access Get full Access

7 Challenges

The number one impediment to wider adoption of blockchains in IoT security remains a lack of standardisation and resultant interoperability issues. Th ...

Login Free 30-day Select Access Get full Access

8 Summary and Recommendations

The blockchain’s tamper-evident transaction store for storing the proof of provenance and allowing real-time traceability of sensors and devices alo ...

Login Free 30-day Select Access Get full Access

9 Acronyms

Acronym Term
APT Advanced Persistent Threat
B2B Business to Business
B2C Business to Customer
C2C Customer ...
Login Free 30-day Select Access Get full Access

Copyright

©2020 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded back in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top