How to Authenticate Billions of IoT Devices?

Nowadays, everything is a computer. And everything is connected to the internet. If it is connected to power, it will go online. Thanks to the rapid advance of the technology we already have more connected devices than humans on the planet. And judging by the look of things, we are just getting started.

Big companies such as Apple, Samsung, and Xiaomi have recognized and embraced the Internet of Things (IoT) technology and are developing new platforms and environments to apply it on, aiming to create a seamless transfer of information.

But as the systems of interconnected devices grow the security challenges start to appear. While traditional authentication methods and algorithms can still address security issues, the troubles begin when all that needs to be applied to a vast network of devices.

For example, when we have ten devices to manage, keeping the same login credentials on all of them is obviously insecure. Even with 2FA things are not much better. This requires a simpler solution that can provide stronger security protection.

From the user experience side, signing in to a large number of devices can be very burdensome. And forsaking the security practices in favor of usability can be costly. Disabling 2FA can speed things up, but leave devices exposed to hacking attempts.

Also, IoT is recognized by low energy consumption. This makes many manufacturers neglect security in order to keep the prices competitive.

Among other things, IoT requires autonomous and automated interaction between elements, without any control or monitoring. Devices that are not monitored by users can be compromised in an easier way.

The Blockchain as a Solution

Interesting enough, the solution for IoT problems could be found in Blockchain. The decentralized network could enable safer and faster authentication. Blockchain has already proven to be a viable solution for numerous problems found in the IoT industry. Two main areas are distribution and authorization. Distribution is centered around the shared cooperation, while authorization will be solved by replacing the centralized authentication systems with decentralized systems that use multiple confirmations and random verification codes. This would render attacks on centralized authentication pointless and eliminate the possibility of malversations with certificates.

One of the problems with traditional authentication systems lies in the relaying on centralized authorities to verify the identities of all devices on the network. If the hackers compromise the authority, they will be able to impersonate different devices and persons and perform harmful activities. This is especially critical when it comes to IoT, where devices often perform key tasks related to the physical world.

A decentralized authentication on blockchain could be resilient against DDoS and other types of attacks because there will be less exploit points. It will also allow devices to directly identify each other, instead of going through a centralized system.

On the other hand, not many blockchains fit well with the IoT ecosystem. Blockchains generally require nodes to store a copy of the ledger and stay in sync with other nodes. This is somewhat of a problem due to storage constraints of IoT devices.

In any case, IoT security could be enhanced by the implementation of the blockchain or DAG system, bringing us one step closer to the wonders of the future.