Threat Modelling of IoT Systems Using Distributed Ledger Technologies and IOTA

Abstract

Internet of Things has emerged as a key techno-logical enabler for broader socio-technical and socio-economic paradigms, such as smart cities and Circular Economy. However, IoT systems are characterised by constraints and limitations which in order to be overcome they need to be deployed in conjunction and in synergy with other emerging ICT. Distributed Ledger Technologies (DLT) can help overcome challenges pertaining to data immutability, timeliness and security. However, the use of DLT does not satisfactorily mitigate security risks and vulnerabilities per se and currently cybersecurity aspects of IoT systems are addressed in a fragmented way. Furthermore, the conflict between the resource demanding Blockchains and the highly constrained nature of IoT devices hinders implementation efforts of corresponding systems. We consider networked systems that comprise both IoT and DLT technologies via the prism of Intelligent Transportation Systems (ITS). We elicit a three-tier threat model identifying attack vectors at the Device, the Network and the DLT layers. The identified attacks are then ranked by using the DREAD ranking scheme. The use of the threat model is demonstrated on a novel proof-of-concept IoT networked system implemented using the IOTA Tangle distributed ledger, where it helps to critically appraise the design of the system against the most critical attacks. Furthermore, the developed system is among the first in the literature to demonstrate the synergy of IoT and DLT on actual constrained embedded devices. The performance evaluation provides insights showing that such systems can be efficient and suitable for real-life deployment.