TY - GEN
T1 - Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution
AU - Leiba, Oded
AU - Yitzchak, Yechiav
AU - Bitton, Ron
AU - Nadler, Asaf
AU - Shabtai, Asaf
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/7/6
Y1 - 2018/7/6
N2 - The Internet of Things (IoT) network of connected devices currently contains more than 11 billion devices and is estimated to double in size within the next four years. The prevalence of these devices makes them an ideal target for attackers. To reduce the risk of attacks vendors routinely deliver security updates (patches) for their devices. The delivery of security updates becomes challenging due to the issue of scalability as the number of devices may grow much quicker than vendors' distribution systems. Previous studies have suggested a permissionless and decentralized blockchainbased network in which nodes can host and deliver security updates, thus the addition of new nodes scales out the network. However, these studies do not provide an incentive for nodes to join the network, making it unlikely for nodes to freely contribute their hosting space, bandwidth, and computation resources. In this paper, we propose a novel decentralized IoT software update delivery network in which participating nodes (referred to as distributors) are compensated by vendors with digital currency for delivering updates to devices. Upon the release of a new security update, a vendor will make a commitment to provide digital currency to distributors that deliver the update; the commitment will be made with the use of smart contracts, and hence will be public, binding, and irreversible. The smart contract promises compensation to any distributor that provides proof-of-distribution, which is unforgeable proof that a single update was delivered to a single device. A distributor acquires the proof-of-distribution by exchanging a security update for a device signature using the Zero-Knowledge Contingent Payment (ZKCP) trustless data exchange protocol. Eliminating the need for trust between the security update distributor and the security consumer (IoT device) by providing fair compensation, can significantly increase the number of distributors, thus facilitating rapid scale out.
AB - The Internet of Things (IoT) network of connected devices currently contains more than 11 billion devices and is estimated to double in size within the next four years. The prevalence of these devices makes them an ideal target for attackers. To reduce the risk of attacks vendors routinely deliver security updates (patches) for their devices. The delivery of security updates becomes challenging due to the issue of scalability as the number of devices may grow much quicker than vendors' distribution systems. Previous studies have suggested a permissionless and decentralized blockchainbased network in which nodes can host and deliver security updates, thus the addition of new nodes scales out the network. However, these studies do not provide an incentive for nodes to join the network, making it unlikely for nodes to freely contribute their hosting space, bandwidth, and computation resources. In this paper, we propose a novel decentralized IoT software update delivery network in which participating nodes (referred to as distributors) are compensated by vendors with digital currency for delivering updates to devices. Upon the release of a new security update, a vendor will make a commitment to provide digital currency to distributors that deliver the update; the commitment will be made with the use of smart contracts, and hence will be public, binding, and irreversible. The smart contract promises compensation to any distributor that provides proof-of-distribution, which is unforgeable proof that a single update was delivered to a single device. A distributor acquires the proof-of-distribution by exchanging a security update for a device signature using the Zero-Knowledge Contingent Payment (ZKCP) trustless data exchange protocol. Eliminating the need for trust between the security update distributor and the security consumer (IoT device) by providing fair compensation, can significantly increase the number of distributors, thus facilitating rapid scale out.
KW - Blockchain
KW - Ethereum
KW - IoT
KW - P2P
KW - Software update
KW - Zero Knowledge Contingent Payment
KW - decentralization file systems
UR - http://www.scopus.com/inward/record.url?scp=85050945448&partnerID=8YFLogxK
U2 - 10.1109/EuroSPW.2018.00011
DO - 10.1109/EuroSPW.2018.00011
M3 - Conference contribution
AN - SCOPUS:85050945448
T3 - Proceedings - 3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018
SP - 29
EP - 39
BT - Proceedings - 3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018
PB - Institute of Electrical and Electronics Engineers
T2 - 3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018
Y2 - 24 April 2018 through 26 April 2018
ER -