Novel applications of distributed ledger technologies in digital forensics and Internet of things security

Abstract

The current advances in information technology and the growing use of digital services in day-to-day operations, have produced a vast number of smart and interconnected devices in various Internet of Things (IoT) ecosystems, such as the smart home, the smart grid, the transportation, the healthcare and so on. The transmission of critical information over the Internet, without the need of any human interference, provides independence and comfort to the IoT device users, but also makes the IoT ecosystem susceptible to a growing number of illegal and criminal activities by creating a whole new world of opportunities for adversaries to intrude. A solution based on Intrusion Detection Systems (IDSs) could increase the resilience of a network against cyber-attacks, since they can detect malicious activities, monitor the attacked IoT devices and report the malicious events by producing security alerts. For detecting and mitigating cyber-attacks more efficiently Collaborative Intrusion Detection Networks (CIDNs) have been proposed for exchanging related to the attack information via alert aggregation. However, for achieving a high level of security in a CIDN, mutual trust amongst the CIDN nodes needs to be maintained for considering information from only credible CIDN nodes, since some of them might turn malicious, with the goal to degrade the overall network’s security. Therefore, in a complex IoT networks each CIDN node needs to continuously monitor its peers and compute credibility scores according their behavior. Except from the behavior of the CIDNs’ peers, a CIDN node also needs to monitor the incoming traffic in the IoT network and evaluate the trustworthiness of the IoT devices. However, even with a CIDN been deployed, IoT attacks still occur, with their detection to require intense data analysis and computational intelligence, while most of them can be sophisticated and stealthy, meaning that after launched, any information that would constitute a forensic evidence can be modified or even destroyed by the attacker. With this continuously increasing number of security incidents, a new field, called “IoT forensics”, emerged as a branch of digital forensics focusing on the investigation of attacks in the IoT ecosystem. Inheriting the limitations of digital forensics, the evidence authenticity, integrity, confidentiality, and privacy are among the key factors affecting the investigation process in IoT forensics. Blockchains and Distributed Ledger Technologies (DLTs) have recently emerged with profound application the IoT, for considerably enhancing the security of distributed networks and for providing innovative solutions which can also preserve the IoT user’s privacy. Therefore, the main properties of blockchains, such as decentralisation, security, auditability, privacy, and sustainability, can offer beneficial features in each of the aforementioned areas of interest. Towards this direction, blockchain technology can be integrated to a CIDN and provide additional security in an IoT infrastructure. Even if adversarial intrusions occur, the digital forensic evidences, regarding the compromised IoT devices and the attack that infected them, can be safely stored on the distributed ledger. Therefore, the beneficial features of block chains can be associated to an IoT forensic investigation in order to be conducted in a more transparent way, since the chronological history of handling the evidence is recorded and can form a proper digital Chain of Custody (CoC). A blockchain-enabled IoT forensic framework, in which a CIDN is deployed and a trust management scheme is provided, can address efficiently the IoT attacks launched in an IoT ecosystem and alleviate the main technical factors that affect a forensic investigation. The thesis initially proposes a suitability analysis framework that defines the ability of blockchains to address the dominant challenges imposed in IoT ecosystems, by using the smart home as the reference IoT domain. Key architectural aspects of blockchain solutions, like the platforms’ software and network setups, the consensus protocols used, as well as the smart contracts’ security, are examined in terms of their ability to withstand various types of common IoT and blockchain attacks, to deliver enhanced privacy features, and to assure adequate performance levels, while processing large amounts of transactions being generated in an IoT ecosystem. Then, the thesis establishes a holistic IoT forensics process as a reference point against which blockchain integration patterns and best practices are identified in order to yield a robust, widely accepted and scalable architecture of the blockchain-enabled solution. Blockchain technology is integrated with the proposed IoT forensics process for addressing the above challenges; and to evaluate the overall solution highlighting improvements and potential performance bottlenecks. The proposed blockchain-enabled platform leverages Multiaccess Edge Computing (MEC) technology and has been implemented with Hyperledger Fabric on an extensive virtualized testbed providing a realistic smart home environment. A thorough evaluation was conducted with real cyber-attacks generating digital evidence at high rates for testing the blockchain’s platform’s behavior at high load and a new trust management system is proposed to protect the integrity of the information shared among the CIDN peers. The modelling of trust allows weighting differently the recently observed behavior of CIDN peers to adjust trust model’s sensitivity to behavioral variation. The experimental results showed that the proposed platform achieves high throughput, excessively low latency, and zero error rate in the operation of the blockchain network.