SmartCrowd: Decentralized and Automated Incentives for Distributed IoT System Detection

Abstract

Internet of Things (IoT) devices achieve the rapid development and have been widely deployed recently. Meanwhile, inherent vulnerabilities of IoT systems (including firmware and software) have been continually uncovered and thus the systems are always exposed to various attacks. The root cause of the issue is that IoT systems always have design flaws and implementation bugs. In particular, the released systems (e.g., by third-party marketplaces and IoT vendors) may be maliciously repackaged with malware. Unfortunately, IoT consumers are not able to effectively capture such vulnerabilities because of the limited detection capabilities. In this paper, we propose SmartCrowd, a blockchain-based platform that aims to outsource security detection of IoT systems to distributed detectors with strong detection incentives. SmartCrowd enables built-in accountability for IoT providers and authoritative references of detection results for IoT consumers. By building smart contracts, we can incentivize the efficient and high-coverage security detection of IoT systems, while providing decentralized and automated incentives for both IoT providers releasing secure IoT systems and detectors uncovering vulnerabilities. We present the security and theoretical analysis that demonstrates the security of SmartCrowd and the incentives for participators. We prototype SmartCrowd by using Ethereum and the experimental results show that SmartCrowd has both technical feasibility and financial benefits, which can be applied to build a secure IoT ecosystem.