Blockchain Technology: A Panacea for IoT Security Challenge

The Internet of Things (IoT) platforms, despite the wide range of application is not without loop holes of which cyberattackers can take advantage. In order to improve the platform's security while also increasing other features, it has been proposed that blockchain technology be implemented in any IoT system. However, while blockchain technology has many advantages, it is important to consider other options because they all have their own drawbacks that may not be ideal for every use case situation. IoT network devices have limited computer power, storage space, and bandwidth. As a result, these systems are easily prone to assault than other network connected devices, such PCs, cell phones and tablets. With focus on IoT security challenges and the countermeasures offered by the blockchain technology, consensus algorithm, data encryption and smart contracts were discovered to be the common and effective algorithm employed by the blockchain technology in securing Iot systems over time.


Introduction
IoT technology has grown exponentially in recent years, and the usage of connected devices and their applications has risen significantly in industrial and personal environments.[1], [2].The number of connected devices is expected to reach 29 billion by the year 2022, with around 18 billion being connected to the Internet of Things [3], [4].The Internet of Things (IoT) represents a major leap in information technology [2].The Internet of Things has a wide variety of applications across various industries, including consumer electronics, the military, and industrial manufacturing.Health monitoring, remote monitoring, surveillance systems, smart buildings, and smart cities are examples of these applications.[5].
As the number of IoT devices grows at such a fast pace, data protection has become a serious challenge.Data collection and processing are critical to IoT applications, but privacy issues emerge throughout this process [6].In smart city apps, for example, a user's location and travel information might be stolen or captured by an attacker, raising privacy problems.IoT privacy issues will be addressed by developing new techniques for preventing eavesdroppers from accessing personal information.[7]- [9].
Block chain technology is one method of enhancing Internet of Things (IoT) security.In the IoT, researchers have carried out a number of studies on blockchain technology and its use.Using the Joint Cloud platform, Xie et al. undertake blockchain research on the Internet of Things using blockchain to manage to manage distributed control and access [10].Using blockchain to safeguard IoT data has been studied by [11].According to the study, security is one of the most difficult aspects of the IoT to deploy, but blockchain technology can be used to enhance the security of the Internet of Things.According to the study's findings, four different approaches may be taken to strengthen the security of the Internet of Things.These include utilizing blockchain technology for strong encryption, user authentication, recognizing genuine IoT, and IoT configuration.[11].
Using blockchain technology concepts, this article provides an outline of the current IoT security concerns and how these challenges might be addressed.Additionally, this presentation will address the limitations of blockchain technology in the IoT.

Internet of Things
The Internet of Things (IoT) is a network of connected objects that uses embedded systems, sensors, software, and artificial intelligence to collect data from the internet and use it in various intelligent applications [12]- [15].Every linked gadget will have a distinct identification.
The primary goal of the Internet of Things is to enhance the quality of human existence by linking devices and people in order to make data collection simpler through the internet.The Internet of Things (IoT) in this situation enables new types of communication between gadgets and people, as well as between devices themselves [16].Because of its extensive variety of applications [17], Iot is commonly referred to as the Internet of Everything [18].These applications are sometimes classified as consumer, commercial, industrial, and infrastructural [18], [19].
Many IoT solutions aimed at the general public, such as connected cars, smart homes, smart clothing, smart health, and other devices that can be monitored remotely, are becoming increasingly popular.IoT gadgets are also part of home automation, a broader umbrella term encompassing anything from home lighting to climate control to media and security.Long-term benefits could include saving energy by having lights and other electronic equipment turn off automatically and letting people know how much energy is being used.[15], [18].
Despite the fact that IoT brings several advantages to people, there are some concerns about the risks connected with the expansion of IoT technology and services, notably in the areas of privacy and security [20].Hackers are targeting IoT devices in order to steal sensitive information.This security risk reveals itself in all three IoT levels, namely the application, network, and perception layers.The emergence of this security risk is attributed, in part, to security rules that are violated in order to build affordable, simple, and small IoT devices [21].

Architecture of IoT
Since IoT technology can be used for so many different things, it's only going to get more popular.The Internet of Things works in a variety of ways depending on the specific use cases for which it was intended or created [2], [5].It does not, however, have a universally adhered-to standard defined architecture of operation.The architecture of IoT is influenced by how it is used in different industries.Still, there is a fundamental process flow that underpins Internet of Things [22].
It is generally agreed that a three-layer high-level design is optimal as shown in figure 1. Perception, network, and application layers make up this architecture's three tiers [23], [24].

The perception layer
This layer contains sensors, actuators, and other devices.This sensing layer contains physical and environmental sensors, actuators, and gadgets.Input data (such as physical or environmental factors) is received, processing is carried out, and then outgoing data is sent over the network.

Network layer
In this tier, you will find the Data Acquisition System (DAS) and Internet/Network gateways.Data gathering and conversion are two of DAS's primary responsibilities (receiving and aggregating data, and translating analog data from sensors into digital information).In addition to linking sensor networks to the Internet, sophisticated gateways provide a wide range of vital gateway tasks.These functions include virus protection and monitoring, decision-making centered on input data, and other services.. Software applications, sometimes called "business apps," have access to the data stored in this pre-processed location and can monitor and manage it as well as plan out next steps once it has been sent to the central data center.At this point "Edge IT" or "Edge analytics" will come into.

Application layer
The third layer of the Iot architecture is the stage of data management where data is managed and utilized by applications such as agriculture, medical services, aviation, agriculture, military, and so on [23].

Security Challenges of Iot
Over 23 billion devices are presently connected to the Internet of Things.This number will rise to 60 billion by the end of 2025 and there is a price to pay for this avalanche of new gadgets.Device security is a major issue for tech companies manufacturing these devices, and this is one of their biggest failings.
In many circumstances, these gadgets and IoT devices do not get the essential updates, and in other cases, none at all.Despite its consumers' original perception that it was secure, a previously protected piece of equipment can become accessible to hackers and other security concerns.In the early days of computers, automated updates helped to address this problem.There is a hurry to develop and market IoT devices as soon as possible, with little consideration for security.Most manufacturers only provide firmware upgrades for a certain amount of time before moving on to the next product that will attract everyone's attention.However, the reasons for this practice are not always clear.The company's loyal clients are exposed to hackers due to these outdated gear and software.
Users must be protected from such attacks.Each device must be properly tested before it is distributed to the public, and companies must regularly upgrade their gadgets to keep them safe at all times.Failure to do so is a terrible idea for both businesses and their consumers, since a single large-scale leak of consumer data may completely devastate a company.
IoT-enabled equipment benefit various industries, including health care, retail, manufacturing, and life sciences.It identifies several problems in a broad variety of networked devices [25].The main offenders for the absence of security in internet of medical things(IOMT) devices are computed tomography (CT) equipment and magnetic resonance imaging (MRI).Inadequately secured devices, such as ventilators, lighting, and infusion pumps, are subject to hacking efforts, which may result in: interruption of operations; exposed customer data and safety; financial losses; and damaged reputations [8], [9], [25].
The above-mentioned IoT security threats can be significantly mitigated by deploying IoT security solutions.The end-to-end solution requirements of customers are met, as are the fundamental device security challenges addressed by device management.These platforms may aid in the improvement of how IoT assets are configured, software is updated, security problems are recognized, alarms are delivered, and they are reported.
Khan and Salah divided IoT security concerns into three categories: low-level, intermediate-level, and highlevel IoT security.
Jamming, spoofing, sleep deprivation attacks, and an unsafe physical interface are examples of low-level security flaws.These occur at the communication's physical and data connection levels, as well as at the hardware level.
At the intermediate level of security, communication, routing, and session management are the main issues.Fragmentation and buffer reservation attacks, which cause denial-of-service when successive fragment packets are refused due to space filled by unfinished packets sent by the attacker, are common security weaknesses at this layer.Compromised nodes already in the network can launch several attacks on the Routing Protocol for Low-Power and Lossy Networks (RPL) at this layer.Resources might be depleted, and confidential information could be intercepted as the attack proceeds.Eavesdropping, violations of users' privacy, and denials of service are only some of the primary issues that might arise from sinkhole and wormhole assaults on the transport layers.
Most of the high-security concerns revolve around applications running on IoT.Insecure firmware, software, and interfaces in the cloud, on the web, and on mobile devices are the most common sources of security problems in this environment [26].

Blockchain Technology
The distributed ledger technology (DLT) that blockchain is an implementation of is designed to foster an environment of trust and confidence.A distributed ledger system is what blockchain is based on, and it is copied and spread over a network of computers.It allows all defined nodes or members to access encrypted transactional data on the blockchain.[27].
To get access to the encrypted data contained in blocks, the originating entity may utilize verification, validation, and consensus.The blockchain network is intended to provide data integrity and provenance, to be tamperproof and auditable, pseudonymized, resistant to Distributed Denial of Service attacks, and to be safe, private, and secret.These characteristics make the blockchain network a one-of-a-kind, transparent, and secure method of managing online transactions [28].
A comprehensive risk assessment is performed to ensure the security of a blockchain system or network.Cybersecurity frameworks, security testing processes, and safe coding standards are used to protect a blockchain system against online fraud, breaches, and other attacks.Blockchain security is a vital technology that should be employed to secure the dependability and quality of IoT technology [28].

IOT and Blockchain Technology
Blockchain and the Internet of Things (IoT) are both mature and expanding at the same time.As a result of their interdependence, being together allows for the greatest potential for growth.Supply chain management may benefit greatly from IOT's security, immutability, and smart contracts, while the blockchain relies on IOT's ability to transform the data input into a big-time opportunity [29] As a new platform for the Internet of Things, blockchain technology has recently been developed to offer a secure mesh network and dependable connections, eliminating the dangers that come with traditional central server architectures.The blockchain already powers many IoT systems needing remote sensors and automation for many companies, including banks, industrial enterprises, and agricultural businesses.An eco-friendly Internet of Things (IoT) relies on a decentralized, low-power blockchain network that eliminates the need for centralized cloud servers [22].
Authentication and integrity can be ensured by the use of a unique public key and a globally unique identifier (GUID) for each IoT device linked to the blockchain network.In addition, each transaction involving an Internet of Things device is added to the distributed global ledger maintained by blockchain technology and may be linked to the original device at any point in time.[26].In addition, Khan and Salah claim that the decentralized authentication rules and logic made possible by blockchain smart contracts may be utilized to give single and multiparty authentication to an Internet of Things device.Unlike OpenID, OAuth 2.0, and LWM2M, smart contracts can provide far more effective access rules to linked IoT devices than the traditional authorization protocols.It is normal practice to utilize these protocols for IoT devices to authenticate and operate.Protect the privacy of stored or transmitted data, "smart contracts" can establish the criteria and timeframes under which a particular individual, set of users, or machines own, manage, use, or access the data.[26].resource, an IoT device or user submits a request via the BC's resource smart contract.

Previous Works
BC verifies the trustworthiness and delegation rules of the delegatee platform prior to permission activation.Their approach combines event-based and query-based permission delegating capabilities.The Confidentiality, Integrity, and Availability model is used to assess the security of our architecture.[31] Gattolin et al. ( 2018) suggested a blockchain-based method to key management transparency utilising a threelayer architecture known as block chain-assisted key transparency for device authentication (BlAsT), which enables the establishment of an infallible and publicly certifiable linear history.Blockchain technologies such as Bitcoin and Ethereum are supported by the framework.For better management transparency, it has incorporated BC.The identity provider links the user ID to the public key upon registration.The Signed Tree Root (STR) is then entered by the identity provider in BC.ECDSA signatures, current and prior epochs, and current and previous Merkle Roots are all part of the STR.With BlAsT, users may retrieve STR from the BC and use it to verify the accuracy of their personal information held with the identity provider.According to the findings, BlAsT is a cost-effective method that enables end users to monitor and recognise bogus keys connected with their identities.[32] Tapas et al. ( 2018) presented a decentralized design for resource access authorization and delegation duties as a boost to an IoT-Cloud solution.The proposal includes blockchain as a technological foundation for this scheme, as well as smart contracts as the primary engine for trustless decentralization and independent auditing of operations.[33] It was proposed by Ding et al. 2019 that the Internet of Things may benefit from an attribute-based access control system based on blockchain technology to better manage device access management.The lack of confidence in the system was addressed by implementing a decentralised and scalable access control mechanism.The IoT devices are designed to be independent of the blockchain network's consensus process, which reduces overall processing and communication cost dramatically.The modular architecture of consensus algorithms like the AKA protocol enhances the system's flexibility and simplifies future maintenance and modifications.The work's security analysis showed that the method is secure in practice, and simulated trials showed that enforcing rigorous and fine-grained access control in IoT is effective and efficient.[34] Previous research clearly demonstrates that the smart contract and consensus algorithm are the most commonly employed blockchain technologies to safeguard IoT systems.

Discussion
Decentralization and autonomy are inherent qualities of the blockchain, which makes it a perfect component for IoT systems.IoT can benefit from it, especially in terms of comprehending decentralized and private-by-design IoT.This study discusses a number of prominent properties of the blockchain that make it a promising technology for tackling the aforementioned privacy and security concerns of the Internet of Things.Some of the frequently used algorithm of blockchain in Iot sytems are further discussed below.

(i). Consensus Algorithm
When it comes to distributed blockchains, consensus addresses the issue of how they can be consistent.It is a key part of how the blockchain system works.The consensus mechanism makes sure that every node in a P2P network is fair.It is an integral component of the entire system and a set of guidelines that every node must adhere to.By finding and combining trustworthy nodes, the system is able to create a permanent record that cannot be altered.In the blockchain system, each node is responsible for maintaining a common ledger database with the same information, this makes it hard to change.As part of keeping the blockchain operational, every node in the system competes with the others to be the first to receive incoming transaction records.As part of this process, each node also checks the integrity of the data stored in the blockchain system.Proof of work (PoW), proof of share (PoS), delegated proof of sake (DPoS), and practical Byzantine fault tolerance (PBFT) are some of the consensus techniques on the blockchain [26].
Users' identities are distributed over the blockchain network using the asymmetric encryption public key.Therefore, a typical PKI-based certification authority is unnecessary and thus eliminates the problem of certificate authorities as we know them.Instead, the blockchain relies on a consensus process to keep the network safe and secure.This approach does not require you to reveal your identity; all you have to do is modify the address.Using the consensus technique, IoT data transmission may be made more secure while also protecting the privacy of specific devices or individuals [15].

(ii). Data Encryption
In order to send data securely across the blockchain system, an asymmetric encryption method is needed.In the asymmetric encryption technique, the transmitting and receiving nodes must produce a set of public and private keys ahead of time to secure their communications.Before exchanging information with the nodes receiving it, they will first exchange a public key.The information will then be encrypted by the sender using the receiver's public key, and the sender's private key will be the only thing that can decrypt the information.The only node that is aware of the private key is the one that gets the information.This ensures that the information sent is trustworthy and secure [20].Encryption on a blockchain uses a method of encryption known as asymmetric encryption, which entails both the encryption of data and the use of digital signatures.With the encryption of data on a blockchain, you can be certain that your data is safe from unauthorized access and manipulation.To keep track of each transaction, the blockchain uses a timestamping mechanism.The ID enables the user to obtain specific transaction details.Each block's uniqueness can be demonstrated using a hash of the algorithm.More than half of the nodes must agree if data is to be changed.Because of the way the blockchain works and is constructed, this is a very remote possibility.Digital signatures are used to establish ownership of and approval for transaction data before it is delivered across the network.ECDSA, which stands for elliptic-curve digital signature algorithm, is one of the most common digital signature algorithms.[28].

(iii). Smart Contract
The IoT responds and performs the actions required to meet the rules and conditions that have been established, and the procedure should be carried out in the prescribed order.To decide whether or not to go forward, several procedures make use of the status parameter.This makes the operation complex and time-consuming.As a result, many processes cannot be conducted automatically and repeatedly in a satisfactory manner.Code-based agreements are known as smart contracts.Smart contracts are programs that automatically makes a guarantee.The smart contract automatically releases and transfers data when specific criteria are satisfied.A smart contract resembles a web server from a technological perspective.This server is not linked to the Internet.Instead, it performs blockchain-based contract programs.Smart contracts are agreements that can be programmed.They do this by converting user transactions into a code that is then recorded in a blockchain and given its own unique address.Because of the blockchain technology, smart contracts can look for after themselves and even have legal force.Smart contracts make it easier for Internet users to trust one another and build trust [17].
The logic of businesses, as well as their legal rights and duties, may be automated using smart contracts.In addition to this, they serve as the basis for the protection of users' security and privacy, and improving the general performance of the IoT.Smart contracts can automatically use different security measures based on what the user needs and how much private data they have.[10].

Conclusion
According to past studies [7], [15], [20], IoT security issues can be solved using blockchain technology.When it comes to the notion of defenses-in-depth, blockchain methods must be used in conjunction with other security measures such as firewalling, encrypted operating systems that can be trusted, and software updates that can be updated only by trustworthy sources.In the IoT ecosystem and on other platforms with privacy and security issues, blockchains offer the advantage of working at both the lower and higher tiers of the communications models, allowing for the mechanism to be used effectively across layers and domains.The blockchain technology algorithm currently provides the most dependable and secure structure for the development of IoT systems.Future research should concentrate on enhancing blockchain's capacity, security, and scalability in order to successfully aid in the synchronization of IoT with blockchain technology.

Figure 1 .
Figure 1.Iot 3 layer architecture EAI Endorsed Transactions on Internet of Things 09 2022 -10 2022 | Volume 8 | Issue 3 | e3 Mohanta et al., 2021 implemented a typical IoT blockchain system using smart contracts and a consensus algorithm.As indicated in Figure2, a set of smart contracts is distributed in the network, where they will run independently.The Ethereum platform executes a smart contract automatically after it has been verified and validated by a network node.Digital signatures and encryption are used to broadcast the smart contract's conclusion across the network.An ethereum platform-based blockchain-based authentication mechanism for IoT devices was established outside of the IoT network in order to increase trust in the IoT application.The scaling of the IoT network was rigorously regulated using blockchain permission.[30]