Abstract
The Internet of Things (IoT) is growing in popularity in recent years. With the increasing use, security threats are also becoming a bigger concern, especially considering new challenges, like limited computational power, low storage capacity and unprecedented number of independent, uncoordinated hardware device manufacturers. Unfortunately, modern attacks are more and more sophisticated and some attackers may even use anti-forensics techniques to hide any evidence of their malicious activity. As a result, digital forensics will be crucial in investigating crimes committed against IoT devices. One of the challenges is to create secure, lightweight and tamper-proof event log for the IoT system. Proposed solution relies on a blockchain to store event logs, guaranteeing the integrity of data. Event logs from IoT devices are being sent to multiple servers using multiple channels of communication to ensure logs availability and to move most of computational effort from the IoT device to the server. Logs are (optionally) encrypted to provide confidentiality of stored data. A set of security and performance tests were performed to prove effectiveness of proposed solution.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yan, Z., Zhang, P., Vasilakos, A.V.: A survey on trust management for Internet of Things. J. Netw. Comput. Appl. 42, 120–134 (2014)
Weber, R.H.: Internet of Things – new security and privacy challenges. Comput. Law Secur. Rev. 26, 23–30 (2010)
Suo, H., Wan, J., Zou, C., Liu, J.: Security in the Internet of Things: a review. In: Proceedings of the IEEE International Conference on Computer Science and Electronics Engineering (ICCSEE), vol. 3, pp. 648–651 (2012)
Lu, C.: Overview of Security and Privacy Issues in the Internet of Things. http://www.cse.wustl.edu/~jain/cse574-14/ftp/security.pdf
Alaba, F.A., Othman, M., Hashem, I.A.T., Alotaibi, F.: Internet of Things security: a survey. J. Netw. Comput. Appl. 88(Suppl. C), 10–28 (2017)
Zhao, K., Ge, L.: A survey on the Internet of Things security. In: Proceedings of the 9th International Conference on Computational Intelligence and Security, CIS 2013, pp. 663–667 (2013)
van Oorschot, P.C.: Internet of Things security: is anything new? IEEE Secur. Priv. 16, 3–5 (2018)
Yaqoob, I., Hashem, I.A.T., Ahmed, A., Kazmi, S.M.A., Hong, C.S.: Internet of Things forensics: recent advances, taxonomy, requirements, and open challenges. Future Gener. Comput. Syst. 92, 265–275 (2019)
Chernyshev, M., Zeadally, S., Baig, Z., Woodward, A.: Internet of Things forensics: the need, process models, and open issues. IT Prof. 20(3), 40–49 (2018)
Noura, H.N., Salman, O., Chehab, A., Couturier, R.: DistLog: a distributed logging scheme for IoT forensics. Ad Hoc Netw. (2019). Article 102061
Blockchain Backed Log Assurance. https://guardtime.com/solutions/blockchain-backed-log-assurance. Accessed Jan 2020
Roberts, C.L., Windley, J.: Storing and verifying event logs in a blockchain. International Business Machines Corporation, US20180157700A1 (2018)
Bellare, M.: Forward integrity for secure audit logs. Technical report (1997)
Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999)
Ma, D., Tsudik, G.: A new approach to secure logging. Trans. Storage 5(1), 2:1–2:21 (2009)
Yavuz, A.A., Ning, P.: Baf: an efficient publicly verifiable secure audit logging scheme for distributed systems. In: 2009 Annual Computer Security Applications Conference, pp. 219–228. IEEE (2009)
Sohraby, K., Minoli, D., Znati, T.: Wireless Sensor Networks -Technology, Protocol and Applications, 2nd edn. (1991)
Shibin, D., Blessed Prince, P.: Survey on efficient and forward secure schemes for unattended WSNs. Int. J. Innov. Technol. Explor. Eng. (IJITEE) 2(3), 54–57 (2013). ISSN 2278–3075
Crosby, S.A., Wallach, D.S.: Efficient data structures for tamper-evident logging. In: USENIX Security Symposium, August 2009
Researchers Use Intel SGX To Put Malware Beyond the Reach of Antivirus Software - Slashdot. it.slashdot.org. Accessed Jan 2020
Nguyen, H., Ivanov, R., Phan, L.T.X., Sokolsky, O., Weimer, J., Lee, I.: LogSafe: secure and scalable data logger for IoT devices. In: IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI), pp. 141–152. IEEE (2018)
Chirgwin, R.: Boffins show Intel’s SGX can leak crypto keys. The Register, 7 March 2017. https://www.theregister.co.uk/2017/03/07/eggheads_slip_a_note_under_intels_door_sgx_can_leak_crypto_keys/. Accessed 1 May 2017
Sample code demonstrating a Spectre-like attack against an Intel SGX enclave. github.com/lsds/spectre-attack-sgx. Accessed Jan 2020
Schwarz, M., Weiser, S., Gruss, D.: Practical enclave malware with Intel SGX. arXiv:1902.03256 [cs.CR], 08 February 2019
Zawoad, S., Dutta, A.K., Hasan, R.: SecLaaS: secure logging-as-a-service for cloud forensics. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013, pp. 219–230. ACM, New York (2013)
Park, J.H., Park, J.Y., Huh, E.N.: Block chain based data logging and integrity management system for cloud forensics. In: International Conference on Computer Science, Engineering & Applications, pp. 149–159 (2017)
Bellini, A., Bellini, E., Gherardelli, M., Pirri, F.: Enhancing IoT data dependability through a blockchain mirror model. Future Internet 11(5), 117 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Kłos, M., El Fray, I. (2020). Securing Event Logs with Blockchain for IoT. In: Saeed, K., Dvorský, J. (eds) Computer Information Systems and Industrial Management. CISIM 2020. Lecture Notes in Computer Science(), vol 12133. Springer, Cham. https://doi.org/10.1007/978-3-030-47679-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-47679-3_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-47678-6
Online ISBN: 978-3-030-47679-3
eBook Packages: Computer ScienceComputer Science (R0)