Review
Blockchain's adoption in IoT: The challenges, and a way forward

https://doi.org/10.1016/j.jnca.2018.10.019Get rights and content

Abstract

The underlying technology of Bitcoin is blockchain, which was initially designed for financial value transfer only. Nonetheless, due to its decentralized architecture, fault tolerance and cryptographic security benefits such as pseudonymous identities, data integrity and authentication, researchers and security analysts around the world are focusing on the blockchain to resolve security and privacy issues of IoT. However, presently, not much work has been done to assess blockchain's viability for IoT and the associated challenges. Hence, to arrive at intelligible conclusions, this paper carries out a systematic study of the peculiarities of the IoT environment including its security and performance requirements and progression in blockchain technologies. We have identified the gaps by mapping the security and performance benefits inferred by the blockchain technologies and some of the blockchain-based IoT applications against the IoT requirements. We also discovered some practical issues involved in the integration of IoT devices with the blockchain. In the end, we propose a way forward to resolve some of the significant challenges to the blockchain's adoption in IoT.

Introduction

There has been an exponential growth in the Internet of Things (IoT) based services in the world, especially in telehealth, manufacturing and in urban areas to form smart cities. IoT is expected to connect 30 billion devices by 2020 (Lund et al., 2014). Use of IoT technology will not only improve the quality of life of people but also contribute to the world economy. IoT is predicted to create about USD 7.1 trillion contributions to the global economy by 2020 (Lund et al., 2014). However, at the same time, IoT devices are vulnerable to a vast number of security and privacy issues, which are known to the manufacturers but security in IoT devices is either neglected or treated as an afterthought (Wurm et al., 2016). According to IBM Institute for Business value (Brody and Pureswaran, 2014), it is critical for the future of IoT that its operational model is revived from costly, trusted and over-arched centralized architecture to a self-regulating and self-managed decentralized model. Such a transformation will provide scalability, reduced cost of infrastructure, autonomy, secure operations in a trustless environment, user-driven privacy, access control and redundancy against network attacks. In this regard, blockchain is being considered as one of the possible mechanisms to realize desired decentralization and resultant trustless networks (Christidis and Devetsikiotis, 2016).

Although blockchain was initially conceived as a financial transaction (TX) protocol in the form of Bitcoin, but due to its cryptographic security benefits such as pseudonymous identities (IDs), decentralization, fault tolerance, TX integrity and authentication, researchers and security analysts around the world are focusing on the blockchain to resolve security and privacy issues of IoT. However, default limitations of Bitcoin blockchain, such as scalability, latency in TX confirmation, large storage, intensive computation and energy requirements, and privacy leakage infer that blockchain technology has to be assessed deeply before it can be used securely and efficiently in an IoT environment.

Related Work. Till date, numerous surveys and some research on blockchain-based IoT technology (Christidis and Devetsikiotis, 2016; Yli-Huumo et al., 2016; Survey on blockchain, 2015; Pilkington, 2016; Tschorsch and Scheuermann, 2015; Dorri et al., 2016; Huh et al., 2017; Conoscenti et al., 2016; Bonneau et al., 2015) has been published but either these papers focus on general applications of the blockchain or discuss technical aspects concerning digital currencies. They do not give an insight into blockchain challenges related to IoT. For instance (Yli-Huumo et al., 2016), highlights various security, privacy and performance issues such as DDoS attacks, 51% attack, data malleability, authentication, cryptographic, energy consumption, and usability problems. However, these issues have been discussed concerning cryptocurrencies such as Bitcoin, Ripple and Bitcoin exchanges. The paper also identifies some of the research areas such as scalability, smart contracts, licensing, IoT, security, and privacy, which have been neglected in current research. For most of the part (Yli-Huumo et al., 2016), presents the methodology of its research and broadly highlights the current research topics. Moreover, if we look from IoT perspective (Yli-Huumo et al., 2016), does not focus on this issue. Similarly (Survey on blockchain, 2015), carries out a detailed survey of blockchain technologies and their impact on society and economy. It discusses the problems associated with Bitcoin blockchain. It also draws attention to the wide utilization of blockchain technologies, but IoT is just a point in the long list of potential use cases of the blockchain. Finally, it addresses the issues related to administration and policy guidelines.

In another work (Pilkington, 2016), authors give an overview of blockchain technology, discuss its variants such as Ethereum (Buterin et al., 2014), Ripple (Xrp, 2013), Gridcoin (Gridcoin white paper, 2018), etc., and present a gist of some non-financial applications of the blockchain. It also does not address issues concerning blockchain's adoption in IoT. Similarly (Tschorsch and Scheuermann, 2015), presents a wholesome survey on technical aspects of digital currencies. It discusses the Bitcoin characteristics and related concepts especially the consensus protocols in much detail but with respect to digital currencies. Although the papers mentioned above have covered various aspects of digital currencies and blockchain in detail, but they are not focused on IoT. Moreover, authors in (Dorri et al., 2016) present a lightweight architecture of a smart home. However, the paper just focuses on the limitations of Bitcoin blockchain and propose a solution to avoid Bitcoin's issues of computation intensiveness, latency in TX confirmation and scalability. Correspondingly, the authors compare the security and performance efficiency of their solution with Bitcoin blockchain only.

In yet another work, authors in (Huh et al., 2017) propose one of the use cases of the blockchain for IoT, i.e., configuring and managing IoT devices using blockchain smart contracts. By doing so, authors aim to avoid the security and synchronization issues involved in a client-server model. Where, if a server gets malicious then all the connected devices will be vulnerable to security issues. Therefore, taking advantage of blockchain's trust-free distributed architecture the IoT devices are proposed to be configured and managed through Ethereum smart contracts (Buterin et al., 2014). Moreover (Conoscenti et al., 2016) carries out a literature review of blockchain applications beyond cryptocurrencies and their suitability to IoT. The review also aims at finding a solution to Bitcoin blockchain related vulnerabilities, such as integrity attacks, de-anonymization techniques, and adaptability of Bitcoin blockchain in IoT concerning high TX input in IoT. Whereas (Christidis and Devetsikiotis, 2016), gives an insight into the working of blockchain and smart contracts (Buterin et al., 2014). The authors prudently highlight the blockchain-IoT use cases such as a marketplace for sharing services and resources between IoT devices, P-2-P (Peer-to-Peer) market for renewable energy and supply chain management (SCM). The paper also highlights some issues about the use of blockchain in IoT. These issues include low TX throughput, high latency in PoW-based blockchains, the privacy of users and TX contents, legal matters associated with smart contracts and the need for changes. Similarly, authors in (Bonneau et al., 2015) have also made a valuable contribution to the Bitcoin research. They have carried out an in-depth analysis of numerous Bitcoin properties, stability issues, and Bitcoin forks. Authors also gave an overview of alternatives to Bitcoin consensus and user anonymity/privacy techniques.

Therefore, to cover the gaps in the literature concerning blockchain's adoption in IoT, there is a requirement of carrying out a comprehensive survey to find out that how does existing blockchain technologies impact IoT? Similarly, how can IoT leverage blockchain to resolve its security issues? and what are the impediments in doing so? This paper thus carries out a methodical review of the IoT threat environment, resultant IoT security and performance requirements and the impact of progression in blockchain technologies on IoT. The benefits afforded by the blockchain technologies and some of the blockchain-based IoT applications are pitched against the IoT security and performance requirements to identify the voids. We also carried out a comparison of some of the notable blockchain consensus protocols based on certain security and efficiency factors to determine a suitable technology for the IoT. It is presumed that Hyperledger-Fabric meets the most of the IoT requirements such as user authentication and authorization, identity management, data confidentiality, low latency in TX confirmation and means to achieve autonomous IoT operations using smart contracts also known as “Chaincodes”. To discover some practical issues involved in the integration of IoT devices with the blockchain, we implemented an Ethereum blockchain-based IoT supported supply chain monitoring system in an experimental setting. We discovered that there are some challenges in securely sending sensor data from the IoT devices to the blockchain. It is also noticed that currently there is no mechanism to perform a device integrity check, to ascertain the validity of IoT devices. Whereas, it is an important security requirement, since, IoT devices mostly operate in an unprotected environment and are vulnerable to physical compromise, which can result into malicious device operation. We also establish that there is a requirement for IoT-oriented TX validation rules and IoT-focused consensus protocol to meet the specific needs of IoT environment. In the end, a way forward is recommended to address some of the significant blockchain issues. Hence, there are many factors that make our work distinguished from our predecessors.

Contributions of the Paper. The primary objective of this paper is to identify unscaled challenges that hamper the total adoption of blockchain in an IoT environment. The major contributions of the paper are:

  • 1.

    Detailed analysis of progression in blockchain technology and its impact on IoT in view of security and performance requirements of IoT.

  • 2.

    Identification of some unique and practical challenges to the blockchain's adoption in IoT.

  • 3.

    Analysis of few existing blockchain applications and related voids.

  • 4.

    A way forward to address some of the critical IoT related blockchain issues.

Organization. The rest of the paper is organized as follows: Section 2 provides a background on IoT architecture, introduces IoT threat environment and some security and performance requirements of IoT systems. In Section 3, some important blockchain concepts especially the consensus protocols are illustrated. Progression in blockchain technology and its impact on IoT is highlighted in Section 4. Whereas, Section 5 presents current challenges to the blockchain's adoption in IoT. Latest trends in blockchain-based IoT applications and related issues have been covered in Section 6. Gap analysis and a way forward to address some of the significant challenges is presented in Section 7 and Section 8 respectively. Finally, the paper is concluded with a hint of future work in Section 9.

Section snippets

IoT background

This section presents a brief background on IoT including IoT architecture, the difference between IoT and traditional networks, threat environment and some security and performance requirements of IoT systems.

Blockchain: an overview

The Bitcoin (Nakamoto, 2008) has very innovatively transformed the method of financial value transfer without any trusted third party. The underlying technology of Bitcoin is blockchain. In simple terms, blockchain comprises a series of blocks in such a way that every new block is cryptographically connected to the previous block. In the case of Bitcoin, the blocks contain a record of financial TXs between Bitcoin users. Due to its inherent benefits, such as immutability, auditability, TX

Progression of blockchain technology and its impact on IoT

Bitcoin blockchain has revolutionized the distributed ledger technology with its significant cryptographic security and immutability. IoT can leverage the key benefits of the blockchain (as shown in Fig. 4) to resolve its ever-growing security and privacy issues. E.g., The challenge of secure data sharing between heterogeneous IoT devices and guarantee of the trustworthiness of their data, can be met by the common blockchain platform that guarantees the immutability of data. Therefore, the

Challenges to Blockchain's adoption in IoT

To identify some real issues concerning blockchain's adoption in IoT, we implemented a test case scenario of an IoT-based supply chain monitoring system (Makhdoom et al., 2018). The customer orders frozen food products and also decides a temperature threshold that has to be maintained during the shipment by the seller. An alert is generated for the customer, whenever the temperature threshold policy is violated during shipment. The test scenario and the challenges discovered while integrating

Latest trends in blockchain-based IoT applications and related voids

Researchers and innovators around the world are developing and investigating ingenious ways to implement blockchain in IoT environment. These use cases aim to take advantage of the inherent benefits of the blockchain such as decentralized control, immutability, cryptographic security, fault tolerance, data integrity and authentication, and capability to run smart contracts. Table 6 shows some of these applications, the purpose of their development and respective blockchain platform. It is

Gap analysis

In spite of inherent benefits of the blockchain, i.e., TX integrity, TX authentication, non-repudiation, an auditable log of events, etc., there are numerous challenges (highlighted in Section 5), that needs due consideration for a secure adoption of blockchain in IoT. Further elaborating on these issues, firstly, the current consensus protocols such as PoW, PoS, PoET, IOTA, PoA, and Proof of Activity are designed for public blockchains (PoS and PoET also support permissioned blockchains) in

IoT-centric consensus protocol and transaction validation rules

The design and development of an ideal consensus protocol for an IoT environment demands that the requirements of a consensus protocol for a blockchain-based IoT system be distinguished from existing general purpose and cryptocurrency oriented consensus protocols. Some of these requirements are shown in Fig. 13. The points mentioned in blue color are concerning security/consistency and the points shown in the green color pertains to the performance requirements. The foremost requirement for IoT

Conclusion and future work

No doubt, IoT is the future of an autonomous digitized economy of the world by liquefying and personalizing the physical objects (Brody and Pureswaran, 2014). However, to achieve this status, it has to undergo a conceptual transformation both at the design and the development stages. That day is not far off, once machines will interact with machines without human intervention to achieve performance efficiency, durability, operational effectiveness, and financial economy. Therefore, it is

Imran Makhdoom (S′18) received the B.E. degree in telecommunications engineering and the master's degree in information security from the National University of Sciences and Technology, Pakistan, in 2004 and 2015, respectively. He is currently pursuing the Ph.D. degree with the University of Technology Sydney researching on IoT security. Before that, he worked as a Project Manager on various wireless communication and IT projects involving Satellite, OFC and CISCO networks. He has also served

References (166)

  • R. Brewer

    Ransomware attacks: detection, prevention and cure

    Netw. Secur.

    (2016)
  • S. Huckle et al.

    Internet of things, blockchain and shared economy applications

    Proced. Comput. Sci.

    (2016)
  • Minhaj Ahmad Khan et al.

    Iot security: review, blockchain solutions, and open challenges

    Future Generat. Comput. Syst.

    (2018)
  • Ferran Adelantado et al.

    Understanding the Limits of Lorawan

    IEEE Commun. Mag.

    (2017)
  • M. Ahlmeyer et al.

    Securing the internet of things: a review

    Iss. Inf. Syst.

    (2016)
  • A. Al-Fuqaha et al.

    Internet of things: a survey on enabling technologies, protocols, and applications

    IEEE Commun. Surv. Tutor.

    (2015)
  • Alastria

    National Blockchain Ecosystem

    (2017)
  • An Introduction to Iota

    (2017)
  • E. Androulaki et al.

    Hyperledger fabric: a distributed operating system for permissioned blockchains

  • L. Aniello et al.

    A prototype evaluation of a tamper-resistant high performance blockchain-based transaction log for a distributed database

  • O. Arias et al.

    Privacy and security in internet of things and wearable devices

    IEEE Trans. Multi-Scale Comput. Syst.

    (2015)
  • F. Armknecht et al.

    Ripple: overview and outlook

  • B. Balamurugan et al.

    Security in network layer of iot: possible measures to preclude

  • A. Baliga

    Understanding Blockchain Consensus Models

    (2017)
  • A. Banafa, IoT Standardization and Implementation Challenges, IEEE Internet of Things....
  • I. Bentov et al.

    Proof of activity: extending bitcoin's proof of work via proof of stake [extended abstract] y

    ACM SIGMETRICS Perform. Eval. Rev.

    (2014)
  • A. Bessani et al.

    State machine replication for the masses with bft-smart

  • Bigchaindb: The Blockchain Database

    (2018)
  • K. Biswas et al.

    Securing smart cities using blockchain technology

  • Bitcoin developer guide

    (2017)
  • Bitcoin-Developer-Guide, Transactions, Developer Guide

    (2018)
  • Bitcoin-Forum

    Difference between Miners and Nodes

    (2016)
  • Bitcoin.org

    Warning: Better Security Has Costs

    (2017)
  • Bitcoinwiki

    Scalability

    (2017)
  • Blockchain Size

    (2017)
  • J. Bonneau et al.

    Sok: research perspectives and challenges for bitcoin and cryptocurrencies

  • T. Borgohain et al.

    Survey of Security and Privacy Issues of Internet of Things

    (2015)
  • E.A. Brewer

    Towards robust distributed systems

  • P. Brody et al.

    Device Democracy: Saving the Future of the Internet of Things

    (2014)
  • V. Buterin

    A Next-generation Smart Contract and Decentralized Application Platform

    (2014)
  • Vitalik Buterin

    The Value of Blockchain Technology

    (2015)
  • Vitalik Buterin

    On Public and Private Blockchains

    (2015)
  • Vitalik Buterin

    On Settlement Finality

    (2016)
  • C. Cachin

    Architecture of the hyperledger blockchain fabric

  • C. Cachin et al.

    Blockchains Consensus Protocols in the Wild

    (2017)
  • S. Carpov et al.

    Practical privacy-preserving medical diagnosis using homomorphic encryption

  • M. Castro et al.

    Practical byzantine fault tolerance and proactive recovery

    ACM Trans. Comput. Syst.

    (2002)
  • M. Castro et al.

    Practical byzantine fault tolerance

  • S. Chen et al.

    Machine-to-machine communications in ultra-dense networks—a survey

    IEEE Commun. Surv. Tutor.

    (2017)
  • L. Chen et al.

    On security analysis of proof-of-elapsed-time (poet)

  • K. Christidis et al.

    Blockchains and smart contracts for the internet of things

    IEEE Access

    (2016)
  • J. Christoph

    Slock.it 3 Minutes Demo

    (2015)
  • M. Conoscenti et al.

    Blockchain for the internet of things: a systematic literature review

  • C. Decker et al.

    Information propagation in the bitcoin network

  • T.T.A. Dinh et al.

    Blockbench: a framework for analyzing private blockchains

  • DKMS (Decentralized Key Management System) Design and Architecture V3 (2018. Last accessed 14 September 2018). URL...
  • A. Dorri et al.

    Blockchain in Internet of Things: Challenges and Solutions

  • A. Dorri et al.

    Blockchain for iot security and privacy: the case study of a smart home

  • P. Ducklin

    Mirai “internet of Things” Malware from Krebs Ddos Attack Goes Open Source

    (2016)
  • EconoTimes

    Blockchain Project Antshares Explains Reasons for Choosing Dbft over Pow and Pos

    (2017)
  • Cited by (0)

    Imran Makhdoom (S′18) received the B.E. degree in telecommunications engineering and the master's degree in information security from the National University of Sciences and Technology, Pakistan, in 2004 and 2015, respectively. He is currently pursuing the Ph.D. degree with the University of Technology Sydney researching on IoT security. Before that, he worked as a Project Manager on various wireless communication and IT projects involving Satellite, OFC and CISCO networks. He has also served in a semi-government organization for various cyber-security auditing tasks from 2014 to 2016. He is an EC-Council Certified Secure Computer User and certified IoT specialist from University of California Irvine, USA. He was a recipient of the President's Gold Medal for securing the first position in his master's degree.

    Mehran Abolhasan (S′01–M′03–SM′11) received the B.E. degree in computer engineering and the Ph.D. degree in telecommunications from the University of Wollongong in 1999 and 2003, respectively. He is currently an Associate Professor and the Deputy Head of the School of Electrical and Data Engineering, University of Technology Sydney. He has authored over 120 international publications and has won over $3 million in research funding. His current research interests are software-defined networking, IoT, wireless mesh, wireless body area networks, cooperative networks, 5G networks and beyond, and sensor networks.

    Haider Abbas (SM′16) is a Cyber Security Professional, an Academician, a Researcher, and an Industry Consultant who took professional trainings and certifications from the Massachusetts Institute of Technology, USA; Stockholm University, Sweden; the Stockholm School of Entrepreneurship, Sweden; IBM, USA; and the EC Council. He received the M.S. degree in engineering and management of information systems and the Ph.D. degree in information security from the KTH-Royal Institute of Technology, Stockholm, Sweden, in 2006 and 2010, respectively. His professional career consists of activities ranging from research and development and industry consultations (government and private), through multi-national research projects, research fellowships, doctoral studies advisory services, international journal editorships, conferences/workshops chair, invited/keynote speaker, technical program committee member, and reviewer for several international journals and conferences. He is also an Adjunct Faculty and Doctoral Studies Advisor at the Florida Institute of Technology, USA and Manchester Metropolitan University, United Kingdom. In recognition of his services to the international research community and excellence in professional standing, he has been awarded one of the youngest Fellows of the Institution of Engineering and Technology, U.K.; a fellow of the British Computer Society, U.K.; and a fellow of the Institute of Science and Technology, U.K. He has also been elected to the grade of Senior Member of Institute of Electrical and Electronics Engineers (IEEE), USA.

    Wei Ni (M′09–SM′15) received the B.E. and Ph.D. degrees in electronic engineering from Fudan University, Shanghai, China, in 2000 and 2005, respectively. He is currently a Team Leader with CSIRO, Sydney, Australia, and an Adjunct Professor with the University of Technology Sydney. He was a Post-Doctoral Research Fellow with Shanghai Jiaotong University from 2005 to 2008, the Deputy Project Manager of the Bell Labs R&I Center, Alcatel/Alcatel-Lucent from 2005 to 2008, and a Senior Researcher with Devices Research and Development, Nokia from 2008 to 2009. He also holds adjunct positions with the University of New South Wales and Macquarie University. His research interests include stochastic optimization, game theory, graph theory, as well as their applications to network and security. He has been serving as the Vice Chair of IEEE NSW VTS Chapter and Editor of IEEE Transactions on Wireless Communications since 2018, the Secretary of IEEE NSW VTS Chapter from 2015 to 2018, the Track Chair for VTC-Spring 2017, the Track Co-Chair for IEEE VTC-Spring 2016, and the Publication Chair for BodyNet 2015. He also served as the Student Travel Grant Chair for WPMC 2014, a Program Committee Member of CHINACOM 2014, and a TPC Member of IEEE ICC′14, ICCC′15, EICE′14, and WCNC′10.

    View full text