All Posts By

Hava Katz

Using Blockchain to Solve IoT Security – PART #2

By | IoT | No Comments

In his recent thought-provoking lecture at InfoSec Europe 2018 and in his recent article, Ofer Amitai explained that in the future blockchain technology could play a significant role in achieving increased security for IoT (Internet of Things) devices and machines due to its decentralized ledger and peer to peer communications that suit IoT machines communicating amongst themselves without human intervention. He outlined a few futuristic scenarios which he believes will become a part of our normal life routine within 5-10 years and that it will be crucial to have outstanding and solid trust-protocols to be set in place so that this future can operate seamlessly and securely. The recent lecture and article had brought up a few questions that were posed to Mr. Amitai, and in part 1 of our conversation Ofer discussed the benefits of the centralized ledger for IoT device security and privacy, as well as other forms of machine to machine communications that will be at play in the near future.

Q: Some peer to peer communications is already happening today, correct?

Amitai: “The best example at the present is Space X landings that are happening via communications between machines – the rocket returning to earth communicates directly with the raft it needs to land on, whether at sea or on land, and it happens without human intervention.
Peer to peer communications is available also within the field of consumer services. For example, I can request Alexa to play a song on Spotify. If I tell Alexa to call my phone there are two electronic components communicating.

The more we fill our spaces with physical IoT devices and machines we will see more peer to peer communications. Still, at the end of the day it is always a person who consumes a service of some sort. IoT and all of these things are designed to serve a human requirement, even if in a remote or roundabout way.”

Q: When speaking about eliminating the ‘men in the middle’, there arises a concern that along with AI these technologies could, at some point in the future, supersede humans making the decisions as far as policy making. Most people would prefer that humans be setting policy. How can we make sure that AI/IoT remain technologies in our service and not the other way around?

Amitai: “That issue is more prevalent with AI, but IoT decision-making would have moral issues as with AIs. There is a philosophical and moral dilemma there related to decision making. For example: if there is an autonomous car that is about to be in an accident, and the computer sees someone is crossing the street but that around the corner, if it avoids one person it would hit the other – the machine needs to calculate what to do, who should it hit?
With autonomous IoT we could have moral dilemmas such as who makes these decisions? Whose life is worth more? Will they calculate age?

The challenge exists also with issues that are not life and death. An autonomous car could decide to fill up on its electricity charge before picking me up from work for example, calculating that it is more important so that I don’t have to wait in the car while it is happening, but then picking me up later from work.

The potential future complaint with IoT might be that machines could eliminate jobs that are currently filled by people. So if I have a chlorine meter in municipal pools in the city, then it could eliminate a job that in the past was filled by a person who went from pool to pool and measured acidity levels.
I believe that the issue in general will be the anticipated reduction in the number of available jobs, the question is – can we create new jobs in their place? Or perhaps humanity’s future is to enjoy all the good and have machines do the work.”

Q: You speak of having a “trust score” that would allow IoT devices and machines to assert if they should allow transactions. Who would be the people or organizations to create this trust score? Would it operate on a country-wide scale? On a global scale? What currency should be used?

Amitai: “Generally speaking, I believe that cryptocurrencies and normal credit cards could be used – each country will have its own cryptocurrency – like a crypto-dollar, a digital dollar, and the future will go to cryptographic coins – country currency will allow countries to continue regulating what goes on in their country, allowing everybody to do transactions without ‘men in the middle’. That is the greatness of the blockchain and the advantage of cryptocurrencies in general, the country would still control and regulate for governance purposes.
We can imagine many government applications with blockchain technology but I believe that most of the applications for government will be half-centralized – as there will still be central governance; for example a ledger for land – when people agree that the data should be kept on a decentralized ledger – someone needs to manage the protocols and write the program – just as Bitcoin manages its protocols and writing the programs – these parts I believe will remain centralized- the government will be responsible for writing the program, and setting the rules of the game; and the good part here is that I do not require a government office to handle the back and forth transactions and communications, as with credit cards, approvals, bank personal identification numbers, authorization points, etc.”

Q: Will there be any connection between what you do at Portnox and Blockchain-of-things technology in the future?

Amitai: “Probably not. Our interest is at the level of thought-leadership and we do actually provide network security for IoT devices. While Portnox does have solutions for monitoring and managing network security for IoT devices, I doubt that we will be researching blockchain solutions at the moment.

In the end of the day, As IoT devices and machines become more integrated in our day-to-day lives and are incorporated in our working environments, there is an increasing risk that individuals and organizations would try to take over those devices and machines and we need to be prepared. There is a fear there that could potentially hold back technological advancements, and that’s not the answer either. Solutions must be found to work through the challenges. That’s what we do. There are always solutions. For example, some people are concerned about being seen involuntarily through their webcam in their laptop, so there is a small plastic cover for that, it looks like a little window. Soon, this window will be a built-in component in laptops as part of their manufacturing process. This is a real concern that consumers have, and there will be creative solutions that will be embedded into all technologies.”

Using Blockchain to Solve IoT Security – PART #1

By | Cloud Security, IoT | No Comments

In his recent thought-provoking lecture at InfoSec Europe 2018 and in his recent article, Ofer Amitai, CEO and co-founder of Portnox Security, explained that in the future blockchain technology could play a significant role in achieving increased security for IoT (Internet of Things) devices and machines due to its decentralized ledger and peer to peer communications that suit IoT machines communicating amongst themselves without human intervention. He outlined a few futuristic scenarios which he believes will become a part of our normal life routine within 5-10 years and that it will be crucial to have outstanding and solid trust-protocols to be set in place so that this future can operate seamlessly and securely. The recent lecture and article have brought up a few questions that have been posed to Mr. Amitai, and in his answers he continues to outline notions regarding our global technological future.

Q: Regarding blockchain tech being “tamper-evident” – If the goal is to use an IoT device to start a DDoS attack, criminal theft, etc., couldn’t the cyber offenders still get away with what they wanted to do?

Amitai: “I believe hackers could check which devices do not have the latest software and security updates, according to the ledger and those potentially might be a target via the identity of the device. In a situation where an IoT machine has verification of the latest update, then it is less likely to be hacked.

The blockchain will create a new data base of IoT devices: it doesn’t mean that you can locate the device, but just by looking at the ledger you can map the devices that are not updated, and hackers could potentially use that for their advantage, knowing which machines don’t have the latest security patches, updates, etc. Then again, if the IoT security programmers are using that ledger to create a trust score, then it wouldn’t help hackers because those devices would have a low trust score and ideally, they wouldn’t be able to transact with most other machines. There would be a race here between the IoT devices to become updated, and cyber offenders wishing to hack and get into the devices.

The Identity on the ledger should uniquely identify the machine, but still keep it safe and anonymous on the ledger – so you wouldn’t know how to communicate with that device just by looking at the blockchain, or be able to pin point it physically, so they have some level of anonymity. You won’t be able to use it like Shodan to hack IoT devices and machines.”

Q: In your lecture at InfoSec Europe you mentioned that within 5-10 years IoT connected devices and machines will be performing transactions on our behalf. Where else do you see this happening? In which industries? Where in the world?

Amitai: “I believe we will see it in the area of virtual assistants, so you’ll have a lot of machine to man transactions, and also machine to machine, such as ‘please book a hotel for me online’; ‘get me a taxi please’, and the taxi is an autonomous car, and so the virtual assistant communicating with the autonomous taxi would be machine to machine communications; tourism and booking trips; transportation; hospitality. Did you see the new Google virtual assistant launch? Well in the future the conversations will be between machines.

IoT household machines for example – the fridge in your home orders items from the grocery store that will deliver everything, without humans being involved. And it will be interesting to see logistically how those deliveries take place, what types of physical infrastructure will have to be in place for that to happen.

Predictive maintenance is where a machine will order components like a battery that will arrive there, in order for the machine to fix itself! In other words, machines will notice when their battery isn’t going to recharge anymore and take actions to order a new one. So machines will be able to fix themselves.

Pizza delivery – if I have a lot of connective points with IoT cars and smart city traffic lights I know how fast the pizza will arrive – the more data points I have, the more I can predict how fast the deliveries will reach any point in the city.

It is interesting to see what happens with big shipping like ZIM containers in the future. Companies are already working on autonomous ships. Typically, you have a whole crew of people manning supply ships. It’s a big operation and those ships and crews are in danger of being kidnapped… then ransom is demanded, and if ships are working autonomously, then sure, people could still try to steal them or goods from them, but then you don’t have to worry about human lives, you can hookup security cameras all over the ships, and if someone comes to steal anything you could deploy law enforcement but at least human beings wouldn’t be in harm’s way. So potentially this type of piracy would disappear from the world.

Think about parking lots. In the future, your car could drop you off at work, and then go find a parking space on its own. If the car has a good trust score it will be granted access without an issue. Then it could come back to pick you up at the end of your work day.

In the end we want to have automation of processes and have less interaction as humans with machines, especially in supply chain and manufacturing, where there are areas of friction with humans. The less people are involved – the smoother it will be.”

We will continue our exciting conversation with Ofer Amitai in part 2, in which Ofer will discuss examples of machine to machine communications that are already in use today; policy setting and the need to be prepared for the new security risks of tomorrow.