IoT
2/23/2017
03:00 PM
Mance Harmon
Mance Harmon
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Blockchains New Role In The Internet of Things

With next gen 'distributed consensus' algorithms that combine both security and performance, organizations can defend against DDoS attacks, even those that leverage IoT devices

On October 21st, a new malware weapon called the Mirai botnet took down a huge portion of the Internet, by launching a DDoS attack on Dyn, a company that controls much of the Internet’s domain name system (DNS) infrastructure. Affected sites included Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US.

The Mirai botnet is unique because it is largely made up of Internet of Things devices such as digital cameras and DVR players. Because it has so many Internet-connected devices to choose from, attacks from Mirai are much larger than previous DDoS attacks. Dyn estimated the attack involved “100,000 malicious endpoints” at a strength of 1.2Tbps. For comparison, that makes the October 21st attack roughly twice as powerful as any similar attack on record.

Since then, source code for Mirai has been published as open source in hacker forums, and the techniques have been adapted in other malware projects, making it more likely that we will see these attacks increase in frequency and size as other threat actors learn how to harness Mirai-like IoT botnets. While the Mirai botnet was used in this case to attack the DNS system, this form of attack will certainly be used against company servers directly, and traditional approaches to DDoS defense are simply inadequate for this emerging threat. 

It is very difficult to protect a single target against an army of attackers. Instead, we must find a way to divide and conquer. If we have multiple targets, then an attacker must divide their forces, with each group being less powerful than the whole. Distributed consensus technology replaces a central server with a community of peers. A would-be attacker can no longer target a single server, but rather, must successfully attack at least one third of all peers of the network.

Distributed consensus algorithms (such as blockchain and hashgraph) enable communities of people - strangers who are both unknown and untrusted - to securely collaborate with each other over the Internet without the need for a trusted third party.  In other words, it enables the development of multi-participant, general ­purpose applications that execute without the need for a central server. Each member of the community runs a local copy of the application. The consensus algorithm ensures that all instances of the application accurately reflect changes made by all members of the community, while ensuring no single member can cheat.

Until recently there has been two categories of consensus technology from which to choose: 

1) Public networks, like Bitcoin and Ethereum, that have poor performance and are grossly inefficient (requiring Proof of Work), and

2) Private (Permissioned) solutions such as HyperLedger Fabric, and non-Proof of Work Bitcoin or Ethereum (in which case the nodes take turns publishing a block of transactions).

Public networks have better security but poor performance in terms of transaction throughput and consensus latency, which is the time it takes for members of the community to come to an agreement on the order of transactions in the application. These performance constraints dramatically limit the number of applications that can practically use the technology. For example, Bitcoin blockchain can process only 7 transactions per second, and it takes the community an hour to agree on the order of those transactions. There aren’t many applications that can use a database with those performance characteristics.

Some users have opted to relax the security requirements of the distributed consensus algorithm, and restrict the use of the algorithm to private networks of known and trusted participants. This improves performance (achieving 100s or low 1000s of transactions per second, and seconds consensus latency), but at the expense of security.  If even a single member of the network is compromised, then the attacker can disrupt the flow of transactions for the entire network (i.e., launch a DoS attack).  

A new generation of distributed consensus technology products in the pipeline from a variety of vendors (including Swirlds)  provides a third category from which to choose: algorithms with both high security and high performance. For many applications, this combination of security and performance enables a new defense to DDoS attacks, even those that leverage IoT devices. 

To demonstrate the point, let's consider a popular online game, World of Warcraft (WoW).  The current system has a central server that ensures all players have a common view of the world and can’t cheat. However, a DDoS attack on the server can disrupt the game for everybody.  Also, the integrity and availability of the game can be compromised by a malicious insider or a remote attacker. 

A distributed version of WoW would provide a layer of defense against those types of attacks. In distributed WoW, each player is a node in a network, and the consensus technology ensures a common view of the world and prevents cheating. There is no central server to attack. A DDoS attack might be able to disrupt one (or even a few) players, but the game continues to be available for the rest of the community.    

Bitcoin blockchain introduced us to the modern era of distributed consensus, but it only provides a taste of what’s possible. The emerging, next generation of distributed consensus technology offers a unique combination of performance and security. This enables a new category of DDoS defense.  Eventually every industry will have networked, distributed applications, and wide-spread adoption will fundamentally change the security of the Internet.  

Related Content:

 

Mance Harmon is an experienced technology executive and entrepreneur with more than 20 years of strategic leadership experience in multi-national corporations, government agencies and high-tech startups, and is co-founder and CEO of Swirlds. Prior experience includes serving ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AndrewfOP
100%
0%
AndrewfOP,
User Rank: Strategist
2/24/2017 | 10:41:39 AM
DDoS attacks, Meet DDoS defense
It's good that DDoS defense technology is making progress toward wider adoption.  Ever since DDoS attacks came onto the scene, I always wonder why there were no technology that would turn DDoS attack modules into defense modules.  If DDoS's method is to turn hordes of computing devices into attacking clones, why can't there be hordes of counter devices?  After all, no select group of servers can defend against the onslaught of devices from the entire internet.  Yet, if the very same devices doing the attacking are also doing the defending, there would be a perfect equilibrium.  For the ever increasing and inexhaustible capacity of the whole internet, the defense would increase at the same time as the offense. 

The only losers in this reality would the owners and manufacturers that allow their devices to be infected, run at full capacity for doing the attacking and defending all the time, and thus reduce product lives, which ought to be good incentives for improving device security for owners and manufacturers alike.

 
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Tell the sysadmin that we have a situation.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.