A Comprehensive Study of Attacks on the IoT and its Counter Measures Using Blockchain

  • Pardeep Kaur
  • Shalli RaniEmail author
Part of the EAI/Springer Innovations in Communication and Computing book series (EAISICC)


The Internet of things (IoT) covers the whole world, and our myriad daily devices are connected with their surrounding environment in order to collect information to perform specific tasks. These IoT devices need to interact and synchronize with each other, and every place is sensing enabled by a wireless sensor network. The server–client model makes managing the communication and synchronization of a few devices easy. However, if there are thousands of devices, during synchronization the IoT suffers from several limitations and issues, which are most challenging due to its complex environment. To overcome these limitations and issues, blockchain can be used to control and configure IoT devices. Blockchain’s original use was for bitcoin (cryptocurrency), but now its use is expanding to many other fields, including the IoT, healthcare, finances, security, and academic and industrial fields. Now that blockchain technology has been realized as the next revolutionary technology, the primary aim of using blockchain in the IoT is to connect things to the Internet in a peer-to-peer manner, and blockchain is the only distributed ledger maintained by a peer-to-peer network where non trusted participations in the network can communicate with each other without a trusted third party. Blockchain capabilities, such as immutability, auditability, transparency, open source, persistency, and anonymity, can solve most architectural shortcoming of the IoT. Among other things, IoT devices require privacy, security, authentication, protection from attacks, affordability, easy deployment, and self-maintenance. The aim of the IoT is to merge both digital and physical worlds into a single ecosystem that makes up a new intelligent era of the Internet.


IoT Blockchain Attack Security Verification 


  1. 1.
    Ashton, K.: That ‘internet of things’ thing. RFID J. 22(7), 97–114 (2009)Google Scholar
  2. 2.
    Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)CrossRefGoogle Scholar
  3. 3.
    Khan, M.A., Salah, K.: IoT security: review, blockchain solutions, and open challenges. Futur. Gener. Comput. Syst. 82, 395–411 (2018)CrossRefGoogle Scholar
  4. 4.
    Haber, S., Stornetta, W.S.: How to time-stamp a digital document. In: Conference on the Theory and Application of Cryptography, pp. 437–455. Springer, Berlin/Heidelberg (1990)Google Scholar
  5. 5.
    Nakamoto, S.: A peer to peer electronic cash system, Bitcoin Organization (2008)
  6. 6.
    Christidis, K., Devetsikiotis, M.: Blockchains and smart contracts for the internet of things. Ieee Access. 4, 2292–2303 (2016)CrossRefGoogle Scholar
  7. 7.
    Apple Watches are surprisingly good at detecting heart conditions says recent Stanford study.
  8. 8.
    Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of things (IoT): a vision, architectural elements, and future directions. Futur. Gener. Comput. Syst. 29(7), 1645–1660 (2013)CrossRefGoogle Scholar
  9. 9.
    Wood, A., Stankovic, J., Son, S.: JAM: a jammed-area mapping service for sensor networks. In: 24th IEEE Real-Time Systems Symposium, pp. 286–297 (2003)Google Scholar
  10. 10.
    Xu. W., Wood, T., Trappe, W., Zhang, Y.: Channel surfing and spatial retreats: defenses against wireless denial of service. In: Proceedings of the 2004 ACM Workshop on Wireless Security, pp. 80–89 (2004)Google Scholar
  11. 11.
    Xu, W., Trappe, W., Zhang, Y., Wood, T.: The feasibility of launching and detecting jamming attacks in wireless networks. In: Proceedings of the 6th ACM International Symposium on Mobile Ad Hoc Networking and Computing, pp. 46–57. ACM (2005)Google Scholar
  12. 12.
    Noubir, G., Lin, G.: Low-power DoS attacks in data wireless LANs and countermeasures. ACM SIGMOBILE Mob. Comput. Commun. Rev. 7(3), 29–30 (2003)CrossRefGoogle Scholar
  13. 13.
    Chae, S.H., Choi, W., Lee, J.H., Quek, T.Q.: Enhanced secrecy in stochastic wireless networks: artificial noise with secrecy protected zone. IEEE Trans. Inf. Forensics Secur. 9(10), 1617–1628 (2014)CrossRefGoogle Scholar
  14. 14.
    Pecorella, T., Brilli, L., Mucchi, L.: The role of physical layer security in IoT: a novel perspective. Information. 7(3), 49 (2016)CrossRefGoogle Scholar
  15. 15.
    Hong, Y.W.P., Lan, P.C., Kuo, C.C.J.: Enhancing physical-layer secrecy in multiantenna wireless systems: an overview of signal processing approaches. IEEE Signal Process. Mag. 30(5), 29–40 (2013)CrossRefGoogle Scholar
  16. 16.
    Xiao, L., Greenstein, L.J., Mandayam, N.B., Trappe, W.: Channel-based detection of sybil attacks in wireless networks. IEEE Trans. Inf. Forensics Secur. 4(3), 492–503 (2009)CrossRefGoogle Scholar
  17. 17.
    Newsome, J., Shi, E., Song, D., Perrig, A.: The sybil attack in sensor networks: analysis & defenses. In: Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004, pp. 259–268. IEEE (2004)Google Scholar
  18. 18.
    Demirbas, M., Song, Y.: An RSSI-based scheme for sybil attack detection in wireless sensor networks. In: 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM’06), pp. 5. IEEE (2006)Google Scholar
  19. 19.
    Chen, Y., Trappe, W., Martin, R.P.: Detecting and localizing wireless spoofing attacks. In: 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, pp. 193–202. IEEE (2007)Google Scholar
  20. 20.
    Xiao, L., Greenstein, L., Mandayam, N., Trappe, W.: Fingerprints in the ether: using the physical layer for wireless authentication. In: 2007 IEEE International Conference on Communications, pp. 4646–4651. IEEE (2007)Google Scholar
  21. 21.
    Li, Q., Trappe, W.: Light-weight detection of spoofing attacks in wireless networks. In: 2006 IEEE International Conference on Mobile Ad Hoc and Sensor Systems, pp. 845–851. IEEE (2006)Google Scholar
  22. 22.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM. 21(2), 120–126 (1978). Scholar
  23. 23.
    Bhattasali, T., Chaki, R.: A survey of recent intrusion detection systems for wireless sensor network. In: International Conference on Network Security and Applications, pp. 268–280. Springer, Berlin, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Kim, H.: Protection against package fragmentation attacks at 6lowpan adaptation layer. In: 2008 International Conference on Convergence and Hybrid Information Technology, pp. 796–801. IEEE (2008)Google Scholar
  25. 25.
    Hummen, R., Hiller, J., Wirtz, H., Henze, M., Shafagh, H., Wehrle, K.: 6LoWPAN fragmentation attacks and mitigation mechanisms. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 55–66. ACM (2013)Google Scholar
  26. 26.
    Wang, W., Bhargava, B.: Visualization of wormholes in sensor networks. In: Proceedings of the 3rd ACM Workshop on Wireless Security, pp. 51–60. ACM (2004)Google Scholar
  27. 27.
    Riaz, R., Kim, K.H., Ahmed, H.F.: Security analysis survey and framework design for ip connected lowpans. In: 2009 International Symposium on Autonomous Decentralized Systems, pp. 1–6. IEEE (2009)Google Scholar
  28. 28.
    Weekly, K., Pister, K.: Evaluating sinkhole defense techniques in RPL networks. In: 2012 20th IEEE International Conference on Network Protocols (ICNP), pp. 1–6. IEEE (2012)Google Scholar
  29. 29.
    Eastlake, D., Jones, P.E: RFC3174-US Secure Hash Algorithm 1(SHA1). (2001).
  30. 30.
    Ahmed, F., Ko, Y.B.: Mitigation of black hole attacks in routing protocol for low power and lossy networks. Secur. Commun. Netw. 9(18), 5143–5154 (2016)CrossRefGoogle Scholar
  31. 31.
    Hu, Y., Perrig, A., Johnson, D.: Rushing attacks and defense in wireless Ad Hoc network routing protocols. In: Proceedings of the ACM Workshop on Wireless Security (WiSe) (2003)Google Scholar
  32. 32.
    Handley, M., Bonaventure, O., de Louvain, U.C.: Internet Engineering Task Force (IETF) A. Ford Request for Comments: 6824 Cisco Category: Experimental C. Raiciu (2013)Google Scholar
  33. 33.
    Somani, U., Lakhani, K., Mundra, M.: Implementing digital signature with RSA encryption algorithm to enhance the Data Security of cloud in Cloud Computing. In: 2010 First International Conference On Parallel, Distributed and Grid Computing (PDGC 2010), pp. 211–216. IEEE (2010)Google Scholar
  34. 34.
    Krawczyk, H., Bellare, M., Canetti, R.: HMAC: keyed-hashing for message authentication (1997).
  35. 35.
    Lin, X.: LSR: mitigating zero-day Sybil vulnerability in privacypreserving vehicular peer-to-peer networks. IEEE J. Sel. Areas Commun. 31(9), 237–246 (2013)CrossRefGoogle Scholar
  36. 36.
    Liang, X., Lin, X., Shen, X.: Enabling trustworthy service evaluation in service-oriented mobile social networks. IEEE Trans. Parallel Distrib. Syst. 25(2), 310–320 (2014)CrossRefGoogle Scholar
  37. 37.
    Zhang, K., Liang, X., Lu, R., Shen, X.: Sybil attacks and their defenses in the internet of things. IEEE Internet Things J. 1(5), 372–383 (2014)CrossRefGoogle Scholar
  38. 38.
    Tran, D., Min, B., Li, J., Subramanian, L.: Sybil-resilient online content voting. In: Proceedings of USENIX Network Systems Design and Implementation (NSDI), pp. 15–28 (2009)Google Scholar
  39. 39.
    Reddy, Y.: A game theory approach to detect malicious nodes in wireless sensor networks. In: Proceedings of the 3rd International Conference on Sensor Technologies and Applications (SENSORCOMM), pp. 462–468 (2009)Google Scholar
  40. 40.
    Yu, H., Kaminsky, M., Gibbons, P., Flaxman, A.: SybilGuard: defending against Sybil attacks via social networks. IEEE ACM Trans. Netw. 16(3), 576–589 (2008)CrossRefGoogle Scholar
  41. 41.
    Du, W., Deng, J., Han, Y.S., Chen, S., Varshney, P.K.: A key management scheme for wireless sensor networks using deployment knowledge. In: IEEE INFOCOM 2004, vol. 1. IEEE (2004)Google Scholar
  42. 42.
    Xue, J., et al.: VoteTrust: leveraging friend invitation graph to defend against social network Sybils. In: Proceedings of IEEE Conference on Computer Communications (INFOCOM), pp. 2400–2408 (2013)Google Scholar
  43. 43.
    Wang, G., et al.: You are how you click: clickstream analysis for Sybil detection. In: Proceedings of 22nd USENIX Security Symposium, pp. 241–255 (2013)Google Scholar
  44. 44.
    Yu, H., Shi, C., Kaminsky, M., Gibbons, P., Xiao, F.: DSybil: optimal Sybil-resistance for recommendation systems. In: IEEE Symposium on Security and Privacy, pp. 283–298 (2009)Google Scholar
  45. 45.
    Piro, C., Shields, C., Levine, B.N.: Detecting the sybil attack in mobile ad hoc networks. In: 2006 Securecomm and Workshops, pp. 1–11. IEEE (2006)Google Scholar
  46. 46.
    Mahalle, P.N., Anggorojati, B., Prasad, N.R., Prasad, R.: Identity authentication and capability based access control (iacac) for the internet of things. J. Cyber Secur. Mobil. 1(4), 309–348 (2013)Google Scholar
  47. 47.
    Granjal, J., Monteiro, E., Silva, J.S.: Network-layer security for the Internet of Things using TinyOS and BLIP. Int. J. Commun. Syst. 27(10), 1938–1963 (2014). Scholar
  48. 48.
    Granjal, J., Monteiro, E., Silva, J.S.: Enabling network-layer security on IPv6 wireless sensor networks. In: 2010 IEEE Global Telecommunications Conference GLOBECOM 2010, pp. 1–6 (2010).
  49. 49.
    Brachmann, M., Garcia-Morchon, O., Kirsche, M.: Security for practical coap applications: issues and solution approaches. In: GI/ITG KuVS Fachgesprch Sensornetze (FGSN). Universitt Stuttgart (2011)Google Scholar
  50. 50.
    Granjal, J., Monteiro, E., Silva, J.S.: Enabling network-layer security on IPv6 wireless sensor networks. In: 2010 IEEE Global Telecommunications Conference GLOBECOM 2010, pp. 1–6. IEEE (2010)Google Scholar
  51. 51.
    Kent, S.: RFC4302-ipauthenticationheader (2005).
  52. 52.
    Kent, S.: RFC4303-IP Encapsulating Security Payload (ESP) (2005).
  53. 53.
    Shelby, Z., Hartke, K., Bormann, C. The constrained application protocol (CoAP) (2014).
  54. 54.
    Dierks, T.: The transport layer security (TLS) protocol version 1.2 (2008).
  55. 55.
    Granjal, J., Monteiro, E., Silva, J.S.: End-to-end transport-layer security for Internet-integrated sensing applications with mutual and delegated ECC public-key authentication. In: 2013 IFIP Networking Conference, pp. 1–9. IEEE (2013)Google Scholar
  56. 56.
    Kothmayr, T., Schmitt, C., Hu, W., Brnig, M., Carle, G.: {DTLS} based security and two-way authentication for the Internet of Things. Ad Hoc Netw. 11(8), 2710–2723 (2013). Scholar
  57. 57.
    Young, M., Boutaba, R.: Overcoming adversaries in sensor networks: a survey of theoretical models and algorithmic approaches for tolerating malicious interference. IEEE Commun. Surv. Tutorials. 13(4), 617–641 (2011). Scholar
  58. 58.
    Huang, X., Xiang, Y., Bertino, E., Zhou, J., Xu, L.: Robust multi-factor authentication for fragile communications. IEEE Trans. Dependable Secure Comput. 11(6), 568–581 (2014)CrossRefGoogle Scholar
  59. 59.
    Reardon, J., Goldberg, I.: Improving Tor using a TCP-over-DTLS tunnel. In: Proceedings of the 18th Conference on USENIX Security Symposium, pp. 119–134. USENIX Association (2009)Google Scholar
  60. 60.
    Kwon, E.K., Cho, Y.G., Chae, K.J.: Integrated transport layer security: end-to-end security model between WTLS and TLS. In: Proceedings 15th International Conference on Information Networking, pp. 65–71. IEEE (2001)Google Scholar
  61. 61.
    Rahman, A., Dijk, E.: Group communication for coap. Group (2011)Google Scholar
  62. 62.
    Peretti, G., Lakkundi, V., Zorzi, M.: BlinkToSCoAP: an end-to-end security framework for the Internet of Things. In: 2015 7th International Conference on Communication Systems and Networks (COMSNETS), pp. 1–6. IEEE (2015)Google Scholar
  63. 63.
    Park, N., Kang, N.: Mutual authentication scheme in secure internet of things technologyforcomfortablelifestyle. Sensors. 6(1), 20–20 (2016)CrossRefGoogle Scholar
  64. 64.
    Henze, M., Wolters, B., Matzutt, R., Zimmermann, T., Wehrle, K.: Distributed configuration, authorization and management in the cloud-based internet of things. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 185–192. IEEE (2017)Google Scholar
  65. 65.
    Zhou, J., Cao, Z., Dong, X., Vasilakos, A.V.: Security and privacy for cloud-based IoT: challenges. IEEE Commun. Mag. 55(1), 26–33 (2017)CrossRefGoogle Scholar
  66. 66.
    Karagiannis, V., Chatzimisios, P., Vazquez-Gallego, F., Alonso-Zarate, J.: A survey on application layer protocols for the internet of things. Trans.. IoT Cloud Comput. 3(1), 11–17 (2015)Google Scholar
  67. 67.
    Scott, C., Wolfe, P., Erwin, M.: Virtual private networks, ser. Animal Series. O’Reilly, Bejing (1999)Google Scholar
  68. 68.
    Granjal, J., Monteiro, E., Silva, J.S.: Application-layer security for the WoT: extendingCoAPtosupportend-to-endmessagesecurityforinternet-integrated sensing applications. In: International Conference on Wired/Wireless Internet Communication, pp. 140–153. Springer, Berlin/Heidelberg (2013)CrossRefGoogle Scholar
  69. 69.
    Liu, C.H., Yang, B., Liu, T.: Efficient naming, addressing and profile services in Internet-of-Things sensory environments. Ad Hoc Netw. 18, 85–101 (2014)CrossRefGoogle Scholar
  70. 70.
    Conzon, D., Bolognesi, T., Brizzi, P., Lotito, A., Tomasi, R., Spirito, M.A.: The virtus middleware: an xmpp based architecture for secure iot communications. In: 2012 21st International Conference on Computer Communications and Networks (ICCCN), pp. 1–6. IEEE (2012)Google Scholar
  71. 71.
    XMPP Standards Foundation. XMPP. [Online].
  72. 72.
    OSGi Alliance. OSGi main. [Online].
  73. 73.
    Crosby, M., Pattanayak, P., Verma, S., Kalyanaraman, V.: Blockchain technology: beyond bitcoin. Appl. Innov. 2(6-10), 71 (2016)Google Scholar
  74. 74.
    Double-Spending—Bitcoin WiKi, Mar. (2016). [Online]. Available:
  75. 75.
    Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper. 151(2014), 1–32 (2014)Google Scholar
  76. 76.
    Cachin, C.: Architecture of the hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers, vol. 310, pp. 4 (2016)Google Scholar
  77. 77.
    Understanding Public Key Cryptography. [Online] (2005). Available:
  78. 78.
    Zheng, Z., Xie, S., Dai, H.N., Wang, H.: Blockchain challenges and opportunities: a survey. Int. J. Web Grid Serv. 2016, 1–25 (2016)Google Scholar
  79. 79.
    TransActive Grid, Mar. (2016). [Online]. Available:
  80. 80.
    Rutkin, A.: Blockchain-based microgrid gives power to con-sumers in New York (2016). [Online]. Available:
  81. 81.
    Otte, P., de Vos, M., Pouwelse, J.: TrustChain: a Sybil-resistant scalable blockchain. Futur. Gener. Comput. Syst. (2017)
  82. 82.
    Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Chitkara University Institute of Engineering and Technology, Chitkara UniversityRajpuraIndia

Personalised recommendations