Distributed Ledger Technologies and the Internet of Things: A Devices Attestation System for Smart Cities

Abstract

Traditional IT security mechanisms are generally not well-suited for IoT devices, where processing and network connectivity should be kept at minimal. Consequently, IoT devices have been recently identified as an easy target for cyber-attacks, like for example on the Mirai botnet Distributed Denial of Service attacks in 2016, where various devices were hacked into and taken over. Different solutions have been developed aiming at guaranteeing the security at both the devices application layer and the network layers. Few succeeded to deliver the flexibility necessary for IoT devices. Even fewer have implemented an effective threats detection system, and just a handful have realised all the previous in a fully decentralised fashion, including this one. This Distributed Ledger Technology (DLT) attestation system is maintained and supported by most, or all, IoT devices because it is based on a light-weight DLT protocol. It comprises of a system for authorisation and authentication for the individual devices as well as includes an anomalies detection system based on smart contracts. A demonstration was built to support a Smart City use case. The objective is to guarantee, in a decentralised manner, the security of low computational power devices executing the sensing function and their connectivity, and therefore the correct functioning of the system. On the demonstrator, the system was ran using DLT supported by the sensors connectivity bridge (built using Raspberry Pi’s). The system proved to be rapid to develop, flexible with regards to systems changes and resilient to attacks to both individual IoT devices and to the DLT.