IoT
2/23/2017
03:00 PM
Mance Harmon
Mance Harmon
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Blockchains New Role In The Internet of Things

With next gen 'distributed consensus' algorithms that combine both security and performance, organizations can defend against DDoS attacks, even those that leverage IoT devices

On October 21st, a new malware weapon called the Mirai botnet took down a huge portion of the Internet, by launching a DDoS attack on Dyn, a company that controls much of the Internet’s domain name system (DNS) infrastructure. Affected sites included Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US.

The Mirai botnet is unique because it is largely made up of Internet of Things devices such as digital cameras and DVR players. Because it has so many Internet-connected devices to choose from, attacks from Mirai are much larger than previous DDoS attacks. Dyn estimated the attack involved “100,000 malicious endpoints” at a strength of 1.2Tbps. For comparison, that makes the October 21st attack roughly twice as powerful as any similar attack on record.

Since then, source code for Mirai has been published as open source in hacker forums, and the techniques have been adapted in other malware projects, making it more likely that we will see these attacks increase in frequency and size as other threat actors learn how to harness Mirai-like IoT botnets. While the Mirai botnet was used in this case to attack the DNS system, this form of attack will certainly be used against company servers directly, and traditional approaches to DDoS defense are simply inadequate for this emerging threat. 

It is very difficult to protect a single target against an army of attackers. Instead, we must find a way to divide and conquer. If we have multiple targets, then an attacker must divide their forces, with each group being less powerful than the whole. Distributed consensus technology replaces a central server with a community of peers. A would-be attacker can no longer target a single server, but rather, must successfully attack at least one third of all peers of the network.

Distributed consensus algorithms (such as blockchain and hashgraph) enable communities of people - strangers who are both unknown and untrusted - to securely collaborate with each other over the Internet without the need for a trusted third party.  In other words, it enables the development of multi-participant, general ­purpose applications that execute without the need for a central server. Each member of the community runs a local copy of the application. The consensus algorithm ensures that all instances of the application accurately reflect changes made by all members of the community, while ensuring no single member can cheat.

Until recently there has been two categories of consensus technology from which to choose: 

1) Public networks, like Bitcoin and Ethereum, that have poor performance and are grossly inefficient (requiring Proof of Work), and

2) Private (Permissioned) solutions such as HyperLedger Fabric, and non-Proof of Work Bitcoin or Ethereum (in which case the nodes take turns publishing a block of transactions).

Public networks have better security but poor performance in terms of transaction throughput and consensus latency, which is the time it takes for members of the community to come to an agreement on the order of transactions in the application. These performance constraints dramatically limit the number of applications that can practically use the technology. For example, Bitcoin blockchain can process only 7 transactions per second, and it takes the community an hour to agree on the order of those transactions. There aren’t many applications that can use a database with those performance characteristics.

Some users have opted to relax the security requirements of the distributed consensus algorithm, and restrict the use of the algorithm to private networks of known and trusted participants. This improves performance (achieving 100s or low 1000s of transactions per second, and seconds consensus latency), but at the expense of security.  If even a single member of the network is compromised, then the attacker can disrupt the flow of transactions for the entire network (i.e., launch a DoS attack).  

A new generation of distributed consensus technology products in the pipeline from a variety of vendors (including Swirlds)  provides a third category from which to choose: algorithms with both high security and high performance. For many applications, this combination of security and performance enables a new defense to DDoS attacks, even those that leverage IoT devices. 

To demonstrate the point, let's consider a popular online game, World of Warcraft (WoW).  The current system has a central server that ensures all players have a common view of the world and can’t cheat. However, a DDoS attack on the server can disrupt the game for everybody.  Also, the integrity and availability of the game can be compromised by a malicious insider or a remote attacker. 

A distributed version of WoW would provide a layer of defense against those types of attacks. In distributed WoW, each player is a node in a network, and the consensus technology ensures a common view of the world and prevents cheating. There is no central server to attack. A DDoS attack might be able to disrupt one (or even a few) players, but the game continues to be available for the rest of the community.    

Bitcoin blockchain introduced us to the modern era of distributed consensus, but it only provides a taste of what’s possible. The emerging, next generation of distributed consensus technology offers a unique combination of performance and security. This enables a new category of DDoS defense.  Eventually every industry will have networked, distributed applications, and wide-spread adoption will fundamentally change the security of the Internet.  

Related Content:

 

Mance Harmon is an experienced technology executive and entrepreneur with more than 20 years of strategic leadership experience in multi-national corporations, government agencies and high-tech startups, and is co-founder and CEO of Swirlds. Prior experience includes serving ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AndrewfOP
100%
0%
AndrewfOP,
User Rank: Strategist
2/24/2017 | 10:41:39 AM
DDoS attacks, Meet DDoS defense
It's good that DDoS defense technology is making progress toward wider adoption.  Ever since DDoS attacks came onto the scene, I always wonder why there were no technology that would turn DDoS attack modules into defense modules.  If DDoS's method is to turn hordes of computing devices into attacking clones, why can't there be hordes of counter devices?  After all, no select group of servers can defend against the onslaught of devices from the entire internet.  Yet, if the very same devices doing the attacking are also doing the defending, there would be a perfect equilibrium.  For the ever increasing and inexhaustible capacity of the whole internet, the defense would increase at the same time as the offense. 

The only losers in this reality would the owners and manufacturers that allow their devices to be infected, run at full capacity for doing the attacking and defending all the time, and thus reduce product lives, which ought to be good incentives for improving device security for owners and manufacturers alike.

 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.