Avoid Ransomware Using BIoT – A Lightweight Zero Trust Architecture using Hyperledger Fabric

Let’s talk about cyberattacks

Before the pandemic hit, the world was already experiencing an increase in cybercriminal activities. The pandemic is merely a catalyst that made the cybersecurity problem even worse. From the start of the pandemic to the economic shutdown, companies worldwide have been forced to let their employees work from home at short notice. Many companies are not prepared for their employees to access intranets from their homes with various levels of security. For example, some employees do not have updated computers and many have  computers already infected with viruses, malware, and trojan software. Such unsecured connections and the blurred usage between work and personal computers have increased IT/OT infrastructure vulnerabilities and expose companies to cyberattacks. 

In the past six months, there have already been several major attacks on infrastructures and critical industries:

The Irish Health Service Executive cyberattack: On May 14, 2021, the HSE reported a major ransomware cyberattack that caused all of its IT systems nationwide to be shut down to prevent further damage. The HSE ransomware attack that has crippled the Irish healthcare system since mid-May started when a single computer stopped working, and the HSE worker reached out for help by clicking on a disguised link that led to a drive-by download of ransomware.

Colonial pipeline ransomware: On May 7, 2021, Colonial Pipeline suffered ransomware attacks that resulted in the company paying five million dollars to the hackers to unlock the system. While the company did not release any information on how the ransomware infected the company’s computers, some insiders familiar with the matter said the VMware was compromised through an open port. 

Oldsmar, Florida, water treatment plan hack: On February 8, 2021, the Oldsmar water treatment plant was hacked. The hacker was able to gain access to a control computer and attempted to increase the sodium hydroxide level in the drinking water. Luckily, the attempt was stopped in time by the operator.

Advantech’s ransomware attack: On November 20, 2020, the global industrial computer manufacturing company Advantech was hit by a ransomware attack, and the people behind the attack demanded a ransom of 750 Bitcoins ($13.8 million).

Unsecured connectivities, infested home devices, and password-driven technologies could be the reason why cyberattacks, cyberwarfare, and ransomware are hitting daily news headlines at an unprecedented rate. Meanwhile, hackers leverage the scale of impact as their bargaining chip to force governments or corporations into compliance.

The ransomware business model

The business model of ransomware is simple: the attackers infect the victim’s computer with ransomware through a phishing email, drive-by download of trojan software or through stolen password, infest the key computers in the network, open a port for attack and data transmission, then lock the important data away, generate a cryptographic key and hide it until the victim pays up the ransom. 

Attackers can choose to go after smaller victims for smaller ransom amounts or risk attacking larger victims, or go big game hunting. Although the prize for big game hunting is considerably more tempting, the risks are higher. For instance, attacking a bigger target (e.g., a government organization, healthcare system, or energy infrastructure) puts the attackers  on the radar of law enforcement. These larger targets are also less likely to pay the ransom to avoid funding future attacks by these cybercriminal gangs.

Targeting smaller but numerous victims requires more workforce as the attackers have to penetrate the victims’ networks and negotiate and convince every one of them to pay the ransom. In addition to being costly, more humans involved means more space for error and eventually jeopardizing the entire operation. However, smaller targets are more likely to choose the easy way out and pay the ransom to avoid scandal, panicking customers, and plummeting stock prices. Perhaps all of these pros and cons have made the cybercriminal gangs go back and forth with small and big targets and try their luck.

The current cybersecurity solution

The most common approach companies take to secure their network is through layering and isolation. In the simplest term, layering architecture helps companies to ‘limit’ access from different levels of users. For example, a public user can only visit the public section of a website while the employees with special privileges can access the backend of the site. This approach is simple and easy to create. However, the biggest challenge is that if the authentication of a superuser is compromised or malware secretly opens a port to the attacker, the layering system will not be able to stop the attacker because systems using layering architecture always trust local connections and requests. In the view of the attackers, once they pass the gate, it is a free buffet. It is especially true that conventional tunneling technologies such as Virtual Private Network, VPN, could help mitigate some cybersecurity threats by strengthening the external connection. However, VPN is still a password-driven technology, and as long as there is a single weak point in the VPN network, the entire network’s safety is jeopardized. 

Blockchain and Zero-Trust netwworks

Blockchain technology offers several advantages when used for data encryption and communication. In a blockchain, data is structured into blocks, and each block contains a ledger to keep a bundle of transactions in a decentralized structure. What makes blockchain secure is that all transactions must be approved and validated by all the nodes in the chain through a consensus mechanism. Blockchain technology’s immutable and decentralized nature makes the data impossible to tamper with and the network nearly impossible to hack. 

Blockchain can greatly enhance the zero-trust network. In a zero-trust network, any transaction needs to be authenticated. The network controller does not ‘trust’ any request or command sender until that sender can be verified for each action. Blockchain can enhance the network by:

a.    Detection of suspicious activity in any transaction
b.    Isolation of connection
c.    Access limits for certain users until cybersecurity officers have a closer look
d.    Immutable policies due to the immutable nature of blockchain

Despite blockchain technology’s advantages in cybersecurity, the application of blockchain technology is limited largely to supply chain, fintech, and digital currency at the moment. 

Several roadblocks are hindering the implementation of the blockchain in network security. First, the latency caused by updating all nodes can pose operational problems. Second, the size of the ledgers may be an issue for IoT devices and smaller devices to use blockchain. Third, it drives up the energy consumption for the network.

BDATA and BIoT technology

BDATA (www.Bdata.ca), a Toronto-based company, has taken a stab at the roadblocks for using blockchain in cybersecurity. BDATA has developed BIoT (Blockchain Internet of Things) technology, which is a lightweight and low latency blockchain. 

BIoT uses the multichain architecture based on Hyperledger Fabric, which creates complex on-device security. BIoT technology is also energy friendly since it requires low processing power and low RAM to run on edge devices. BIoT technology has also avoided the problem with high latency and large file issues associated with blockchain technology. BIoT is a lightweight (<50MB) and low latency (<10ms on 5G and <40 ms on 4G LTE) protocol that can be deployed on any device. 

BIoT technology is also cost effective when compared with the practice most companies are doing. The majority of the companies are using MQTT for data streaming, VPN for handshake connectivity, intrusion detection systems (IDS) for device monitoring, and device management (DM) for endpoint management, and each application costs significant resources to deploy and maintain. BIoT is an all-in-one solution as the technology contains functionalities such as authentication, intrusion detection, data streaming, endpoint management, and KPIs ensuring IT/OT infrastructure security.

The following are the steps to deploy BIoT technology:

• Register organization and deploy BIoT endorsing peers
• Extract devices board identity (e.g, for Mac, Hardware UUID)
• Register device using board identity
• Deploy BIoT peer on the device using the curl command:
  o    BIoT peer will read the device board ID to enroll the device with the BIoT chain
  o    BIoT peer will stream the data fully encrypted using a cryptographic chain of TLS 1.3 certificates.
  o    BIoT peer will provide complete device log analytics, intrusion detection, endpoint management, MITRE, device compliance with cybersecurity standards and many other useful features. 

Upon successful consensus among the organization endorsing peers, the device will be authenticated and received a trusted status to stream data from the device to pre-authenticated designated servers on the organization’s BIoT zero-trust network. Time-stamped hashes are created for every data point streamed from the trusted device. Every hash is stored in the query-able ledger to ensure the immutability of the data, and the streamed data gets decrypted for analytics and other uses. 

BIoT technology works on ARM, Intel, and AMD architectures and all the major operating systems such as Android, Mac, Windows, and Linux-based operating systems. Devices with the BIoT technology can be implemented rapidly for a consortium of organizations or an individual organization without duplicating data. Early adopters of the technology include Advantech, Supermicro, Intel, Arrow, and ASUS IoT edge devices.

BIoT features include:

1. Multichain Architecture – BIoT has four chains:
   i.    Device Authentication 
   ii.    Data Streaming 
   iii.    Endpoint Management 
   iv.    Intrusion Detection System
2. Cryptographic chain of TLS certificates
3. DevOps & serverless technologies to auto manage the data load and peer deployments

Differences between BIoT and VPN

BIoT technology has several advantages when compared with VPN technology:

1.    First, the machine-to-machine trust is automatically established in the BIoT network. This helps the machine to communicate with other machines on the trusted network of machines without password-driven authentication. The network trust is handled entirely by the blockchain, based on the device’s unique board identity.

2.    Second, any data transaction is traceable and is always ready for auditing. The blockchain ledgers store the hashes of each data transaction, which ensures data immutability, and the hashes are always ready for the read operation. Currently, companies do backups to store the data, but data trust is always a big question during the backup. BIoT’s data immutability ensures data backup without compromising data quality and authenticity.

3.    BIoT runs on a zero-trust network. Every operation is recorded on the ledger, and all the nodes in the chain authenticate every block. If any anomaly happens, the BIoT intrusion detection mechanism will be triggered, and the operators will be alerted in real-time.

A brighter future of remote working and IoT using BIoT

As manufacturing automation and edge device implementation are growing exponentially, the need to protect remote assets and keep the network safe from cyberattacks is also increasing exponentially. Data privacy and integrity are also paramount in many verticals of our society, such as medical, defense, and smart city infrastructure. Likewise, with a continued increased number of remote access and IoT deployments, cyber criminal activities will be on the rise. BIoT can be a great resource for companies to add an immutable layer of security to fight against advanced and diverse cyberattacks.

About the contributors

Owen Wang is the co-founder of BDATA solution. He is a professional engineer by trade and graduated from Queen’s University with an Electrical and Computer Engineering bachelor’s degree. Owen joined SIEMENS Canada after university and led a team of R&D software developers before finishing his MBA degree from Schulich School of Business. Now, Owen and Syed Bari are working together on the BDATA startup venture and working together to change the world of cybersecurity with blockchain technology.

Nima Afraz is an Assistant Professor in the School of Computer Science at University College Dublin. He is affiliated with the CONNECT Research Centre, and his research focuses on blockchain applications in telecoms, the economics of networks, and network virtualisation. Nima is a recipient of the government of Ireland postdoctoral fellowship and worked as a postdoctoral fellow at Trinity College Dublin to address the challenges in the adoption of blockchain technology in telecommunications. Nima is the vice-chair of the Linux Foundation’s Hyperledger telecom special interest group. He received his PhD in computer science from Trinity College Dublin, Ireland, in 2020.