Blockchain for the IoT: Privacy-Preserving Protection of Sensor Data
Study: Blockchain for the IoT: Privacy-Preserving Protection of Sensor Data
The constantly growing pool of smart, connected Internet of Things (IoT) devices poses completely new challenges for business regarding security and privacy. In fact, the widespread adoption of smart products might depend on the ability of organizations to offer systems that ensure adequate sensor data integrity while guaranteeing sufficient user privacy.
The evaluation results suggest that the proposed design ensures the tamper-resistant gathering, processing, and exchange of IoT sensor data in a privacy-preserving, scalable, and efficient manner. Blockchain-based SDPSs inherit core characteristics of blockchain technology (e.g., tamper-resistance) only if fundamental design principles are considered. In particular, sensor data needs to be protected from source to sink and verified by cross-validation, as universally “tamper-proof” processes cannot be ensured. Hybrid blockchain architectures are necessary to enable scaling, given the current state of technology. SDPSs are particularly useful in the case of multi-stage data pipelines that cross organizational boundaries and involve a potentially large ecosystem of players. A blockchain-based SDPS is often perceived as “neutral” and might be accepted as an industry standard much faster than a centralized system. Blockchain technology offers firms the opportunity to leverage its built-in state-of-the art cryptography technology for free, which can reduce the need for security specialists.
How it was studied:
To address this problem, we build upon previous research which indicates that blockchain technology may be a promising means to mitigate issues of data security arising in the IoT. We propose a design theory, including requirements, design principles, and features, for a blockchain-based sensor data protection system (SDPS) that leverages data certification. We design and develop an instantiation of an SDPS (CertifiCar) that prevents the fraudulent manipulation of car mileage data. We provide an ex-post evaluation of our design theory considering CertifiCar and two additional use cases.