Blog icon

The challenge

Ensuring security in the Internet of Things

With the growing scale and prevalence of Internet of Things (IoT) sensors in our daily lives, trusting these sensors and systems to deliver reliable data while maintaining our security and privacy is a critical consideration. The IoT network architecture requires decentralised and lightweight approaches for delivering trust, while most conventional approaches are either centralised or computationally demanding.

There has been increasing interest in adopting the Blockchain (BC) that underpins the cryptocurrency Bitcoin, to create a trusted Internet of Things (IoT). However, BCs are computationally expensive and involve high bandwidth overhead and delays, which are not suitable for most IoT devices.

This figure outlines the process in remote vehicle software update using blockchain. First, the software provider stores the new update in a cloud storage (step 1). Following this, the software provider generates a multisig transaction, that requires two signatures to be considered as valid, and broadcasts the transaction in the blockchain (step 2). The transaction contains the signed hash of the provided update, which ensures integrity, and the Public Key (PK) of the Original Equipment Manufacturer (OEM) (i.e., the manufacturing company).

Upon receipt of the transaction, the Overlay Block Managers (OBMs) check if the OEM is a member of their cluster (step 3). If so, the transaction is sent to the OEM (step 4), otherwise, it is broadcast to other OBMs. The OEM then signs the received transaction, after verifying the update, and sends the transaction to its corresponding OBM (step 5). When the OBMs receive the signed transaction, they inform the vehicles of the new available update (step 6). The vehicles then download the update from the cloud and verify using the transaction in the blockchain (step 7).

IOT network diagram showing the role of blockchain technology.

Our response

A new blockchain architecture

In collaboration with UNSW, we have designed a lightweight scalable blockchain (LSB) architecture for IoT that virtually eliminates the overheads of classic BC, while maintaining most of its trust benefits.

The proposed architecture uses distributed trust to reduce the block validation processing time. It eliminates the Proof-of-Work overhead, significantly reducing processing overhead at miners. It separates data and transactions flow decreasing service delay while maintaining security and privacy.

The architecture also distributes trust between overlay nodes, gradually reducing the proportion of transactions that require distributed verification as nodes increase their trust.

It contains two tiers of blockchain, including a centralised private immutable ledger at local networks to manage local transactions, and a public distributed blockchain at the overlay network.

This work has led to 11 peer-reviewed publications, and has featured in online media stories across Forbes, ABC and APN News, Computer World, The Conversation and Smart Company, as well as national/regional radio interviews. The Conversation article 'Who's to blame when driverless cars have an accident?' highlighting our new blockchain-based liability framework for connected and autonomous vehicles received over 56,700 reads, as well as a strategic consulting engagement with Discoperi in Ukraine.

The results

Safe blockchain applications beyond IoT

The work has been applied in a variety of market sectors, from supply chain traceability to creating new liability models for autonomous vehicles, distributed energy trading, and data marketplaces.

It is also being incorporated into our industry-transforming commercial projects, such as digitising construction supply chains with Ynomia to provide traceability, auditability, and autonomous compliance on the worksite.

It is also part of a major proposal with an Australian SME on creating a new industry for shipping raw milk to Asia secured by blockchain, which would open new market opportunities for the Australian dairy sector.

Contact us

Find out how we can help you and your business. Get in touch using the form below and our experts will get in contact soon!

CSIRO will handle your personal information in accordance with the Privacy Act 1988 (Cth) and our Privacy Policy.


First name must be filled in

Surname must be filled in

I am representing *

Please choose an option

Please provide a subject for the enquriy

0 / 100

We'll need to know what you want to contact us about so we can give you an answer

0 / 1900

You shouldn't be able to see this field. Please try again and leave the field blank.