Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution

Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, Asaf Shabtai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

28 Scopus citations

Abstract

The Internet of Things (IoT) network of connected devices currently contains more than 11 billion devices and is estimated to double in size within the next four years. The prevalence of these devices makes them an ideal target for attackers. To reduce the risk of attacks vendors routinely deliver security updates (patches) for their devices. The delivery of security updates becomes challenging due to the issue of scalability as the number of devices may grow much quicker than vendors' distribution systems. Previous studies have suggested a permissionless and decentralized blockchainbased network in which nodes can host and deliver security updates, thus the addition of new nodes scales out the network. However, these studies do not provide an incentive for nodes to join the network, making it unlikely for nodes to freely contribute their hosting space, bandwidth, and computation resources. In this paper, we propose a novel decentralized IoT software update delivery network in which participating nodes (referred to as distributors) are compensated by vendors with digital currency for delivering updates to devices. Upon the release of a new security update, a vendor will make a commitment to provide digital currency to distributors that deliver the update; the commitment will be made with the use of smart contracts, and hence will be public, binding, and irreversible. The smart contract promises compensation to any distributor that provides proof-of-distribution, which is unforgeable proof that a single update was delivered to a single device. A distributor acquires the proof-of-distribution by exchanging a security update for a device signature using the Zero-Knowledge Contingent Payment (ZKCP) trustless data exchange protocol. Eliminating the need for trust between the security update distributor and the security consumer (IoT device) by providing fair compensation, can significantly increase the number of distributors, thus facilitating rapid scale out.

Original languageEnglish
Title of host publicationProceedings - 3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018
PublisherInstitute of Electrical and Electronics Engineers
Pages29-39
Number of pages11
ISBN (Electronic)9781538654453
DOIs
StatePublished - 6 Jul 2018
Event3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018 - London, United Kingdom
Duration: 24 Apr 201826 Apr 2018

Publication series

NameProceedings - 3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018

Conference

Conference3rd IEEE European Symposium on Security and Privacy Workshops, EURO S and PW 2018
Country/TerritoryUnited Kingdom
CityLondon
Period24/04/1826/04/18

Keywords

  • Blockchain
  • Ethereum
  • IoT
  • P2P
  • Software update
  • Zero Knowledge Contingent Payment
  • decentralization file systems

ASJC Scopus subject areas

  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Incentivized Delivery Network of IoT Software Updates Based on Trustless Proof-of-Distribution'. Together they form a unique fingerprint.

Cite this